Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to check the number of TCP connections under Linux, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let Xiaobian take you to understand it.

The way to see the number of TCP connections in Linux is very simple, and it only takes a few commands.

First, check which IP connections are native netstat-an, and check the number of TCP connections.

Check the status of tcp connections

Netstat-n | awk'/ ^ tcp/ {+ + S [$NF]} END {for (an in S) print a, S [a]}'

Count the number of TCP connections on port 8080, command:

Netstat-ant | grep 80 | wc-l

How many connection states in the TCP connection are ESTABLISHED, command:

Netstat-ant | grep 80 | grep ESTABLISHED | wc-l

How many connection states in the TCP connection are CLOSE_WAIT

Netstat-ant | grep 80 | grep CLOSE_WAIT | wc-l

How many connection states in the TCP connection are TIME_WAIT

Netstat-ant | grep 80 | grep TIME_WAIT | wc-l

To complete the statistics using awk, the command is as follows

Netstat-ant | grep 80 | awk'{+ + S [$NF]} END {for (an in S) print a, S [a]}'

Detailed explanation of TCP connection status

LISTEN: listen for connection requests from remote TCP ports SYN-SENT: wait for matching connection requests after sending connection requests SYN-RECEIVED: wait for confirmation of connection requests after receiving and sending a connection request ESTABLISHED: on behalf of an open connection FIN-WAIT-1: wait for a remote TCP connection break request Or confirmation of previous connection break request FIN-WAIT-2: wait for connection break request from remote TCP CLOSE-WAIT: wait for connection break request sent from local user CLOSING: wait for confirmation of connection break by remote TCP LAST-ACK: wait for confirmation of original connection break request sent to remote TCP TIME-WAIT: wait enough time to ensure that the remote TCP receives the connection break please Request confirmation CLOSED: no connection status SYN_RECV indicates the number of requests waiting to be processed ESTABLISHED indicates the normal data transfer status; TIME_WAIT indicates the number of requests that have been processed and waited for the timeout to end.

4. If you find that there are a large number of TIME_WAIT connections in the system, you can solve the problem by adjusting kernel parameters.

Edit the vim / etc/sysctl.conf file by adding the following:

Net.ipv4.tcp_syncookies = 1

Net.ipv4.tcp_tw_reuse = 1

Net.ipv4.tcp_tw_recycle = 1

Net.ipv4.tcp_fin_timeout = 30

And then execute

/ sbin/sysctl-p

Let the parameter take effect.

Attach the meaning of the TIME_WAIT status:

Net.ipv4.tcp_syncookies = 1 means that SYN cookies is enabled. When a SYN waiting queue overflow occurs, enable cookies to prevent a small number of SYN attacks. Default is 0, which means disabled; net.ipv4.tcp_tw_reuse = 1 means reuse is enabled. Allow TIME-WAIT sockets to be reused for new TCP connections. Default is 0, which means disabled. Net.ipv4.tcp_tw_recycle = 1 means to enable fast recycling of TIME-WAIT sockets in TCP connections. Default is 0, which means disabled. Net.ipv4.tcp_fin_timeout modifies the system's default TIMEOUT time

5. After the client closes the SOCKET after establishing a TCP/IP connection with the server, the port status of the server connection is TIME_WAIT. Will all socket that perform active shutdown enter the TIME_WAIT state? Is there any situation that causes the actively closed socket to enter the CLOSED state directly?

After sending the last ack, the active shutdown party will enter the TIME_WAIT state to stay in 2MSL (max segment lifetime) time, which is essential to TCP/IP, that is, it cannot be solved. That's how TCP/IP designers designed it.

There are two main reasons:

1. Prevent packets in the previous connection from getting lost and reappearing, affecting the new connection (through 2MSL, all duplicate packets in the previous connection will disappear). 2. Reliable closing TCP connection in the last ack (fin) sent by the active shutdown party may be lost, and the passive party will resend the fin. If the active party is in the CLOSED state, it will respond to rst instead of ack. So the active party should be in the TIME_WAIT state, not CLOSED. TIME_WAIT does not take up a lot of resources unless it is attacked. Also, if one party send or recv times out, it will directly enter the CLOSED state. Thank you for reading this article carefully. I hope the article "how to check the number of TCP connections under Linux" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.