AS Number Stats on Linux

I’ve got a couple of Linux machines that are sitting outside of the Sflow ‘zone’ and AS traffic stats go unmeasured. I wanted to get a rough idea on the number of connections per AS number so here’s a little app that parses netstat and sorts AS numbers by number of connection.

NOTE1: This won’t work on Cpanel servers due to tmp restrictions.

NOTE2: Specify an alternative (e.g newer) GeoIPASNum.dat file with the –geo option.

chmod +x asnum

Example output:

[root@mx1 ~]# ./asnum
(18) | RFC1918 or BOGON
(11) | AS29889 Fast Serv Networks, LLC
(4) | AS3320 Deutsche Telekom AG
(2) | AS7922 Comcast Cable Communications, Inc.

Quick and (very) dirty cron script

#*/5 * * * * /root/./ >> /var/log/asnum.log

echo "***********************"
echo $thedate
echo "***********************"

Don’t forget to rotate the logs.

        rotate 7

Comments are closed.