To display client / server ESTABLISHED connections only:
$ netstat -nat | grep 'ESTABLISHED'
Use this command to detect any unwanted connection established in non-regular port especially used by spammer or hacker.
To check how many connection from 1 IP, you can use
netstat -tn 2>/dev/null | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head
It will display something similar to this:
