Viewing TCP connection data

The netstat utility provides a command line interface to retrieve system routing tables, connection states, and network statistics. Two of the available statisticss, “tcpPassiveOpens” and “tcpActiveOpens,” provide data on the number of new connections to a server (tcpPassiveOpens), and the number of connections initiated by the server (tcpActiveOpens). Both statistics counters can be retrieved with netstat’s “-s” option, and a simple while loop allows a SysAdmin to get a high level view of TCP connections to and from a server:

$ while :
> do
>        netstat -s | egrep '(tcpPassiveOpens|tcpActiveOpens)'
>       sleep 10
> done
        tcpActiveOpens      =  6228     tcpPassiveOpens     =    75
        tcpActiveOpens      =  6228     tcpPassiveOpens     =    75
        tcpActiveOpens      =  6228     tcpPassiveOpens     =    76
        tcpActiveOpens      =  6228     tcpPassiveOpens     =    85
        tcpActiveOpens      =  6228     tcpPassiveOpens     =   140
        tcpActiveOpens      =  6228     tcpPassiveOpens     =   197
        tcpActiveOpens      =  6228     tcpPassiveOpens     =   255

This is kinda fun to run on super busy web servers!!!

Leave a Reply

Your email address will not be published. Required fields are marked *