I was recently investigating a LAMP application bottleneck. Part of which was to monitor web server entry points during peak hours. Looking into segregate connections and what each clients are actually doing I needed some advanced netstat know-how to get thru my goal, so I stumble upon this one from nixCraft:

netstat command and shell pipe feature can be used to dig out more information about particular IP address connection. You can find out total established connections, closing connection, SYN and FIN bits and much more. You can also display summary statistics for each protocol using netstat.

This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method.

http://www.cyberciti.biz/tips/netstat-command-tutorial-examples.html