How to count TCP connections

Use netstat, ss or files inside proc filesystem to count TCP connections.

netstat utility

Install net-tools package.

$ apt install net-tools

Use netstat utility to display TCP statistics.

$ netstat -s -t | sed -e '/Tcp:/!d;:l;n;/^\ /!d;bl'

Tcp:
    59962 active connection openings
    609 passive connection openings
    12888 failed connection attempts
    2174 connection resets received
    11 connections established
    9276276 segments received
    6752540 segments sent out
    25384 segments retransmitted
    660 bad segments received
    47880 resets sent

ss utility

Display summary statistics using ss, another utility to investigate sockets.

$ ss -s

Total: 1787 (kernel 0)
TCP:   52 (estab 15, closed 11, orphaned 0, synrecv 0, timewait 0/0), ports 0

Transport Total     IP        IPv6
*         0         -         -        
RAW       2         1         1        
UDP       34        23        11       
TCP       41        31        10       
INET      77        55        22       
FRAG      0         0         0        

Combine ss, tee and awk to pretty-print the number of established TCP connections.

ss -s | awk '/^TCP:/' | tee >(sed "s/^TCP:[ ]*\(.*\) (.*/All TCP connections: \1/") >(awk -F "[()]" '{print $2}'| awk -v "RS=, " '$1 ~ "estab" {print "Currently established connections: " $2}') &>/dev/null

Currently established connections: 15
All TCP connections: 52

This can be easily scripted.

$ ss -s | awk '/^TCP:/' | tee >(awk -v "FS= " '{print "TCP=\""$2"\""}') >(awk -F "[()]" '{print $2}'| awk -v "RS=, " '{print toupper($1)"=\""$2"\""}') &>/dev/null

TCP="51"
ESTAB="14"
CLOSED="11"
ORPHANED="0"
SYNRECV="0"
TIMEWAIT="0/0"

$ (eval $(ss -s | awk '/^TCP:/' | tee >(awk -v "FS= " '{print "TCP=\""$2"\""}') >(awk -F "[()]" '{print $2}'| awk -v "RS=, " '{print toupper($1)"=\""$2"\""}') &>/dev/null); echo "Established connections: $ESTAB")
Established connections: 11

proc filesystem

sockstat file

Inspect /proc/net/sockstat and /proc/net/sockstat to get established connections (inuse), connections in a time wait state (tw) and total tcp connections (alloc).

$ cat /proc/net/sockstat;

sockets: used 1783
TCP: inuse 27 orphan 0 tw 1 alloc 48 mem 16
UDP: inuse 23 mem 85
UDPLITE: inuse 0
RAW: inuse 1
FRAG: inuse 0 memory 0

$ cat /proc/net/sockstat6

TCP6: inuse 10
UDP6: inuse 11
UDPLITE6: inuse 0
RAW6: inuse 1
FRAG6: inuse 0 memory 0

You can calculate closed TCP connections by using the following formula.

closed TCP connections = total TCP connections - (established TCP connections + established TCP6 connections - TCP connections in time wait state)

Calculate closed TCP connections for the provided data.

$ echo "48-(27+10-1)" | bc 
12

Display summary statistics using ss utility to verify this value.

$ ss -s

Total: 1783 (kernel 0)
TCP:   49 (estab 11, closed 12, orphaned 0, synrecv 0, timewait 1/0), ports 0

Transport Total     IP        IPv6
*         0         -         -
RAW       2         1         1
UDP       34        23        11
TCP       37        27        10
INET      73        51        22
FRAG      0         0         0

tcp file

Count TCP and TCP6 connections by its state.

$ awk 'BEGIN{printf("%6s %6s\n","STATE", "COUNT")} NR>1 {count[$4]++} END{for(key in count){printf("%6s %6s\n",key,count[key])}}' /proc/net/tcp

STATE  COUNT
    08      1
    01     12
    0A     15
    06      3

$ awk 'BEGIN{printf("%6s %6s\n","STATE", "COUNT")} NR>1 {count[$4]++} END{for(key in count){printf("%6s %6s\n",key,count[key])}}' /proc/net/tcp6

STATE  COUNT
    0A     10

Display summary statistics using ss utility to verify states count.

$ ss -s

Total: 1786 (kernel 0)
TCP:   52 (estab 12, closed 14, orphaned 0, synrecv 0, timewait 3/0), ports 0

Transport Total     IP        IPv6
*         0         -         -        
RAW       2         1         1        
UDP       36        25        11       
TCP       38        28        10       
INET      76        54        22       
FRAG      0         0         0        

You can identify particular states using this table.

<th>
  Hex value
</th>

<td>
  <code>01</code>
</td>

<td>
  <code>02</code>
</td>

<td>
  <code>03</code>
</td>

<td>
  <code>04</code>
</td>

<td>
  <code>05</code>
</td>

<td>
  <code>06</code>
</td>

<td>
  <code>07</code>
</td>

<td>
  <code>08</code>
</td>

<td>
  <code>09</code>
</td>

<td>
  <code>0A</code>
</td>

<td>
  <code>0B</code>
</td>

<td>
  <code>0C</code>
</td>

snmp file

Use /proc/net/snmp file to get additional information.

$ awk '/^Tcp/ {print}' /proc/net/snmp

Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
Tcp: 1 200 120000 -1 60151 621 12888 2185 11 9405800 6852277 26038 662 47975 0

Parse this file to get specific information, like established TCP connections.

$ awk '/^Tcp/ {print $10}' /proc/net/snmp

CurrEstab
11

Additional information

• RFC793 TCP protocol specification
• sockstat, socket statistics – ss.c (especially print_summary function)
• /proc/net/tcp and /proc/net/tcp6 interfaces
• An implementation of the TCP/IP protocol suite for the LINUX operating system – tcp_states.h