SUSE Conversations


Monitoring TCP connections easier and faster in SLES

debianized

By: debianized

April 4, 2013 10:33 am

Reads:1040

Comments:4

Rating:3.0

License: GPLv3

Problem:

Parsing <i>netstat</i> output has always been a pain because of the large amount of data that is available. Sometimes I need some information more than others, but I almost always want to quickly see the total number and type of connection I have.

Solution:

For this purpose I use the following command:

netstat -nap | awk '/tcp/ {print $6}'| sort | uniq -c

The output gives me a quick view of how the connections are even comparing them to other servers.

somecoolhost:~ # netstat -nap | awk '/tcp/ {print $6}'| sort | uniq -c
    400 CLOSE_WAIT
   1049 ESTABLISHED
      2 FIN_WAIT1
      8 FIN_WAIT2
     38 LISTEN
    271 TIME_WAIT
somecoolhost:~ # 

This can be supplemented with a more advanced script, put it in a cron job sending the output to a log and creating graphical statistics, etc.

PLUS

Do not forget that we can obtain more complete summary statistics for each protocol with:

netstat -s
VN:D [1.9.22_1171]
Rating: 3.0/5 (2 votes cast)
Monitoring TCP connections easier and faster in SLES, 3.0 out of 5 based on 2 ratings

Tags: ,
Categories: Free Tools, SUSE Linux Enterprise Server, Technical Solutions

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

4 Comments

  1. By:jengelh

    What a Rube Goldberg machine. It is so much easier to get the state counts: `ss -s | grep ^TCP:` (even the crappy netstat knows -s!)

    • By:debianized

      Yes, it is another option, but in my case, I need more information and that format is awful, so I use netstat.

      Cheers

      • By:jengelh

        In that case, you might want to consider using the tcp_diag Netlink interface to obtain the desired information directly and print it the way you like.

        • By:debianized

          Oh Kernel Modules, that are others words. If it is true that ss “intends” replace netcat, to me yet still works for what I need.
          Thanks for you feedback.

Comment

RSS