It is good to learn all the ip addresses which holds N+ tcp connection to your server. For example, if we want to list ip addresses and connection counts of hosts which has 25 or above connections right now:
netstat -n --tcp --udp --numeric-hosts | \
grep -v 127.0.0.1 | \
awk '{if (/(tcp|udp)/) { print $5 }}' | \
sed 's/:.*//' | \
sort | \
uniq -c | \
sort -n | \
awk '{if ($1 > 25) {print "Count: "$1"\t"$2; }}'
and here is an example output:
Count: 26 92.80.103.61
Count: 27 77.246.104.149
Count: 35 88.232.169.103
Count: 44 88.226.7.150
If we want to list only the ip addresses, not the counter, change the last line as below:
awk '{if ($1 > 25) {print $2; }}'