Monitoring TCP connections easier and faster in SLES

William Vera

By: William Vera

April 4, 2013 10:33 am





License: GPLv3


Parsing <i>netstat</i> output has always been a pain because of the large amount of data that is available. Sometimes I need some information more than others, but I almost always want to quickly see the total number and type of connection I have.


For this purpose I use the following command:

netstat -nap | awk '/tcp/ {print $6}'| sort | uniq -c

The output gives me a quick view of how the connections are even comparing them to other servers.

somecoolhost:~ # netstat -nap | awk '/tcp/ {print $6}'| sort | uniq -c
    400 CLOSE_WAIT
      2 FIN_WAIT1
      8 FIN_WAIT2
     38 LISTEN
    271 TIME_WAIT
somecoolhost:~ # 

This can be supplemented with a more advanced script, put it in a cron job sending the output to a log and creating graphical statistics, etc.


Do not forget that we can obtain more complete summary statistics for each protocol with:

netstat -s
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.

Tags: ,
Categories: Free Tools, SUSE Linux Enterprise Server, Technical Solutions

Disclaimer: As with everything else in the SUSE Blog, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.


  1. By:jengelh

    What a Rube Goldberg machine. It is so much easier to get the state counts: `ss -s | grep ^TCP:` (even the crappy netstat knows -s!)

    • By:debianized

      Yes, it is another option, but in my case, I need more information and that format is awful, so I use netstat.


      • By:jengelh

        In that case, you might want to consider using the tcp_diag Netlink interface to obtain the desired information directly and print it the way you like.

        • By:debianized

          Oh Kernel Modules, that are others words. If it is true that ss “intends” replace netcat, to me yet still works for what I need.
          Thanks for you feedback.