Linux network connection status

Run the netstat-n | awk & amp; 39; ^ tcp {++ S [$ NF]} END {for (ainS) printa command to view the current network connection status, S [a]} & amp; 39; explanation: total number of fields in the current processing row of NF $ NF (corresponding to $1) the value of the last field awk special field describes the total number of rows processed by NR currently. Because awk is Command to view the current network connection status

Netstat-n | awk '/^ tcp/{++ S [$ NF]} END {for (a in S) print a, S [a]}'

Explanation:

Total number of fields processed by NF in the current row

$ NF (corresponding to $1) value of the last field

Introduction to special awk fields

Total number of rows processed by NR. Because awk is a stream processing tool that processes one row at a time, NR continuously increases by 1, indicating the number of data rows read after awk starts executing the program.
The current FNR row is the row of the current file, and its variable value is smaller than or equal to NR (for example, when the second file is read, FNR starts counting again from 0, but NR does not ).
NR = FNR: used to judge whether to read the first file when reading two or more files.

The basic syntax for awk to process multiple files is:
Awk-F separator 'In in {Initialization} {cyclic execution} END {END processing} 'file_list1 file_list2
Here, BEGIN and END can be omitted, and-F can also be used by default. the cyclic execution part is used to process files by row.

Result of running this command:

CLOSE_WAIT 1
ESTABLISHED 23
FIN_WAIT2 12
TIME_WAIT 30

Network status explanation

 

 

CLOSED: indicates the initial state. It is the same for both the server and the C client.
LISTEN: indicates the listening status. The server calls the listen function to start the accept connection.
SYN_SENT: indicates that the client has sent the SYN packet. When the client calls the connect function to initiate a connection, it first sends SYN to the server, then enters the SYN_SENT state, and waits for the server to send ACK + SYN.
SYN_RCVD: indicates that the server receives the SYN packet sent from the client. After receiving the packet, the server enters the SYN_RCVD status and sends ACK + SYN to the client.
ESTABLISHED: indicates that the connection has been ESTABLISHED successfully. The server enters this status after sending ACK + SYN, and the client also enters this status after receiving ACK.
FIN_WAIT_1: indicates that the connection is closed. No matter which party calls the close function to send the FIN message, it will enter this status.
FIN_WAIT_2: indicates that the passive closing party agrees to close the connection. After the user closes the ACK returned by the user, the user enters this status.
TIME_WAIT: it indicates that the other party's FIN message is received and the ACK message is sent. then, it can return to the CLOSED state after 2MSL. If FIN_WAIT_1 receives a message with both the FIN mark and ACK mark, it can directly enter the TIME_WAIT status without passing through the FIN_WAIT_2 status.
CLOSING: Both parties close the connection at the same time. If both parties call the close function almost at the same time, both parties may send FIN packets at the same time, and the CLOSING status will appear, indicating that both parties are CLOSING the connection.
CLOSE_WAIT: indicates that the passive closing party is waiting to close. When receiving the FIN message sent by the other party by calling the close function, it responds to the ACK message of the other party and enters the CLOSE_WAIT status.
LAST_ACK: indicates that after the passive shutdown party sends the FIN packet, it waits for the other party's ACK packet status. when it receives the ACK, it enters the CLOSED status.

Note: Why does the TIME_WAIT status still need to wait for 2MSL to return to the CLOSED status? Or why does TCP introduce the TIME_WAIT status?
The explanation in TCP/IP explanation: When TCP executes an active shutdown and returns the last ACK, the connection must stay in the TIME_WAIT status for two times of MSL, this allows TCP to send the last ACK again to prevent the ACK from being lost (the other end times out and resends the final FIN ).

Note: MSL (Maximum Segment Lifetime) is the Maximum survival time. in RFC 793, MSL is set to 2 minutes, but is usually set to 30 seconds, 1 minute, or 2 minutes.