TCP monitoring on a server: comparing netstat vs lsof?

linux unix tcp netstat lsof
7,843

Solution 1

I prefer lsof because it's output is consistent across all platforms on which it runs. You can pretty much get the same info from both programs, though. I think it comes down to personal preference.

Solution 2

My first implication would be to use netstat -ptan which will give you all the information you are looking for. Probably pipe to sort and uniq. The following should give you a good number of socket status'.

netstat -ptan | awk '{print $6 " " $7 }' | sort | uniq -c

Solution 3

Check out dstat and run with:

% sudo dstat --tcp

Even better, if you want to analyze the output, you can have it write to CSV with --output.

Solution 4

I think it's really more of a personal preference, as with a little tweaking (and the right command options) you can get just about the same information from either.

However, if you're wanting to monitor the number of connections in various states, I wouldn't do that with a single-shot command line tool. I'd make use of something that can do some trending so you can review it over time. Something like munin would be very useful, as it would graph it over time (along with showing you other potentially useful system statistics).

Troubleshooting an application is always easier if you have good information about the box itself and how it's performing (both during problems and when problems are absent).

Share:
7,843

Related videos on Youtube

ericslaw
Author by

ericslaw

Interested in: large (to me) datasets, visualization, computer graphics, human computer interaction, perl, javascript, jquery, UI, new web technologies.

Updated on September 17, 2022

Comments

  • ericslaw
    ericslaw over 1 year

    I'm monitoring the TCP stack on a server hoping to generically infer problems with application on the box.

    My first inclination is to measure the number of sockets in all reported states (LISTEN,ESTABLISHED,FIN_WAIT2,TIME_WAIT, etc) and detect some anomalies.

    A teammate suggests that 'lsof' would be a better tool to see what state the TCP stacks are in.

    Any preferences or experience tips from the serverfault crowd?

    • KevinH
      KevinH almost 15 years
      Please add a *nix tag to scare away us Windows geeks
  • ericslaw
    ericslaw almost 15 years
    Interesting tool, alas linux only (though understandably so). Nice to see something akin to SAR that includes network info (though linux sar versions seem to show that too).
  • ericslaw
    ericslaw almost 15 years
    The command line tool is for collection only. Your point of collecting data for a baseline is indeed the propr approach.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

what is the command in linux to kill tcp connection or session?
Why does perror function return success value?
What is the difference between :::: and 0.0.0.0 from the netstat -an output?
Check number of connections to webserver port 80 AND 443
In Linux, how do I send packets of a certain size to an IP?
How to determine which TCP/UDP ports are being opened by a given process (linux)?
TIME_WAIT connections not being cleaned up after timeout period expires
Running lsof -i shows a lot of connections in CLOSE_WAIT ? Should I worry
Get number of TCP established connections
How do I check how many HTTP connections are open currently?