Use netstat and awk commands to count the number of network connections

netstat -n | awk '/^tcp/ {++state[$NF]} END {for(key in state) print key,"\t",state[key]}'

The following result is displayed, and the numbers are different:

Last_ack 1
Syn_recv 14
Established 79
Fin_wait1 28
Fin_wait2 3
Closing 5
Time_wait 1669

Status: Description
Closed: No connection is active or in progress
Listen: the server is waiting for incoming call
Syn_recv: a connection request has arrived, waiting for confirmation
Syn_sent: The application has started. Open a connection.
Established: normal data transmission status
Fin_wait1: The application says it has been completed
Fin_wait2: the other side has agreed to release
Itmed_wait: wait until all groups die
Closing: both sides attempt to close at the same time
Time_wait: the other side has initialized a release.
Last_ack: waiting for all groups to die

That is to say, this command can classify and summarize the network connection status of the current system.

The following explains why it should be written like this:

A simple pipe operator connects netstat and awk commands.

------------------------------------------------------------------

Let's take a look at netstat:

Netstat-n

Active Internet connections (W/O servers)
PROTO Recv-Q send-Q local address foreign address State
TCP 0 0 123.123.123.123: 80 234.234.234.234: 12345 time_wait

When you actually execute this command, you may get thousands of records similar to the above, but we can use one of them.

------------------------------------------------------------------

Let's take a look at awk:

/^ TCP/
Filters records starting with TCP to shield irrelevant records such as UDP and socket.

State []
It is equivalent to defining an array named state.

NF
Indicates the number of fields in the record. As shown above, NF is equal to 6.

$ NF
Indicates the value of a field. For the record shown above, $ NF is $6, which indicates the value of the 6th fields, that is, time_wait.

State [$ NF]
Indicates the value of the array element. The record shown above indicates the number of connections in the State [time_wait] State.

++ State [$ NF]
Add one number. The record shown above is to add one to the number of connections in the State [time_wait] State.

End
Indicates the command to be executed in the last stage

For (key in State)
Traverse Arrays

Print key, "\ t", State [Key]
Print the keys and values of the array, and use the \ t tab in the middle to beautify it.

If you find that the system has a large number of connections in the time_wait status, you can adjust the kernel parameters,
vim /etc/sysctl.conf
Edit the file and add the following content:
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
Then execute/sbin/sysctl -pMake the parameter take effect.

Net. ipv4.tcp _ syncookies = 1Enable syn cookies. When a SYN wait queue overflows, cookies are enabled to prevent a small number of SYN attacks. The default value is 0, indicating that the process is disabled;
Net. ipv4.tcp _ tw_reuse = 1Indicates that reuse is enabled. Allow time-Wait sockets to be re-used for a New TCP connection. The default value is 0, indicating that the TCP connection is disabled;
Net. ipv4.tcp _ tw_recycle = 1Enables fast recovery of Time-Wait sockets in TCP connections. The default value is 0, indicating that time-Wait sockets is disabled.
Net. ipv4.tcp _ fin_timeoutModify the default system timeout time

The meanings of the time_wait status are attached below:

The port connected to the server after the client establishes a TCP/IP connection with the server and closes the socket
Status: time_wait

Is it true that all sockets that execute active shutdown will enter the time_wait status?
Is there any situation in which the socket that is automatically closed directly enters the closed state?

After the last Ack is sent
It will enter the time_wait status and stay in the 2msl (max segment lifetime) Time
This is essential for TCP/IP, that is, it cannot be solved.

That is, the TCP/IP designer was designed like this.
There are two main reasons:
1. Prevent the package in the last connection from appearing again after getting lost, affecting the New Connection
(After 2msl, all repeated packets in the last connection will disappear)
2. Close TCP connection reliably
The last ack (FIN) sent by the active shutdown party may be lost, and the passive party will resend the ACK (FIN ).
Fin. If the active Party is in the closed state, it will respond to the RST instead of ack. So
The active party must be in the time_wait state, not the closed state.

Time_wait does not occupy a large amount of resources unless it is attacked.

Also, if one side sends or Recv timeout, it will directly enter the closed status