How to Count TCP Connections

Using netstat, ss or the files in the /proc/net/ system dir to count your TCP connections. You will need to install net-tools and bc to follow these examples.

Install the net-tools and bc packages.

On Ubuntu Based systems

$ apt -y install net-tools bc

RedHat 7 Based Systems

$ yum -y install net-tools bc

RedHat 8 and 9 Based Systems

$ dnf -y install net-tools bc

Using Netstat

netstat is one of the most basic network service debugging tools, telling you what ports are open and whether any programs are listening on ports.

Use the netstat utility to display TCP statistics.

On Ubuntu and RedHat Based Systems

$ netstat -st | sed -e '/Tcp:/!d;:l;n;/^\ /!d;bl'

    Tcp:
       22375 active connection openings
       118742 passive connection openings
       790 failed connection attempts
       2361 connection resets received
       49 connections established
       1325599 segments received
       1308594 segments sent out
       17203 segments retransmitted
       39 bad segments received
       2078 resets sent

Using ss

Display a summary of statistics using the ss utility

$ ss -s

     Total: 802 (kernel 1282)
     TCP:   152 (estab 148, closed 29, orphaned 4, synrecv 0, timewait 14/0), ports 0

     Transport Total     IP        IPv6
     *         1282      -         -        
     RAW       1         0         1        
     UDP       10        6         4       
     TCP       123       112       11       
     INET      134       118       16       
     FRAG      0         0         0        

Combine ss, tee and awk to pretty-print the number of established TCP connections.

ss -s | awk '/^TCP:/' | tee >(sed "s/^TCP:[ ]*\(.*\) (.*/All TCP Connections: \1/") >(awk -F "[()]" '{print $2}'| awk -v "RS=, " '$1 ~ "estab" {print "Currently Connected: " $2}') &>/dev/null

Currently Connected: 160
All TCP Connections: 48

This can be easily one line scripted like this.

$ ss -s | awk '/^TCP:/' | tee >(awk -v "FS= " '{print "TCP=\""$2"\""}') >(awk -F "[()]" '{print $2}'| awk -v "RS=, " '{print toupper($1)"=\""$2"\""}') &>/dev/null

TCP="157"
ESTAB="14"
CLOSED="11"
ORPHANED="0"
SYNRECV="0"
TIMEWAIT="0/0"

$ (eval $(ss -s | awk '/^TCP:/' | tee >(awk -v "FS= " '{print "TCP=\""$2"\""}') >(awk -F "[()]" '{print $2}'| awk -v "RS=, " '{print toupper($1)"=\""$2"\""}') &>/dev/null); echo "Established connections: $ESTAB")
Established connections: 14

Using the /proc/net/  files

sockstat file

You can view the /proc/net/sockstat to get established connections (inuse), connections in a time wait state (tw) and total tcp connections (alloc).

$ cat /proc/net/sockstat

sockets: used 1783
TCP: inuse 27 orphan 0 tw 1 alloc 48 mem 16
UDP: inuse 23 mem 85
UDPLITE: inuse 0
RAW: inuse 1
FRAG: inuse 0 memory 0

$ cat /proc/net/sockstat6

TCP6: inuse 10
UDP6: inuse 11
UDPLITE6: inuse 0
RAW6: inuse 1
FRAG6: inuse 0 memory 0

You can calculate TCP connections that closed by using the following formula.

closed TCP connections = total TCP connections - (established TCP connections + established TCP6 connections - TCP connections in time wait state)

Calculate closed TCP connections for the provided data.

$ echo "48-(27+10-1)" | bc 
12

Display summary statistics using ss utility to verify this value.

$ ss -s

Total: 1783 (kernel 0)
TCP:   49 (estab 11, closed 12, orphaned 0, synrecv 0, timewait 1/0), ports 0

Transport Total     IP        IPv6
*         0         -         -
RAW       2         1         1
UDP       34        23        11
TCP       37        27        10
INET      73        51        22
FRAG      0         0         0

TCP file

Count TCP and TCP6 connections by its state.

$ awk 'BEGIN{printf("%6s %6s\n","STATE", "COUNT")} NR>1 {count[$4]++} END{for(key in count){printf("%6s %6s\n",key,count[key])}}' /proc/net/tcp

 STATE  COUNT
    08      1
    01     12
    0A     15
    06      3

$ awk 'BEGIN{printf("%6s %6s\n","STATE", "COUNT")} NR>1 {count[$4]++} END{for(key in count){printf("%6s %6s\n",key,count[key])}}' /proc/net/tcp6

 STATE  COUNT
    0A     10

Display a summary of statistics using ss utility to verify states count.

$ ss -s

Total: 1786 (kernel 0)
TCP:   52 (estab 12, closed 14, orphaned 0, synrecv 0, timewait 3/0), ports 0

Transport Total     IP        IPv6
*         0         -         -        
RAW       2         1         1        
UDP       36        25        11       
TCP       38        28        10       
INET      76        54        22       
FRAG      0         0         0        

You can identify particular states using this table.

snmp file

Use /proc/net/snmp file to get additional information.

$ awk '/^Tcp/ {print}' /proc/net/snmp

Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
Tcp: 1 200 120000 -1 60151 621 12888 2185 11 9405800 6852277 26038 662 47975 0

Parse this file to get specific information, like established TCP connections.

$ awk '/^Tcp/ {print $10}' /proc/net/snmp

CurrEstab
11

Additional information

• RFC793 TCP protocol specification
• sockstat, socket statistics – ss.c (especially print_summary function)
• /proc/net/tcp and /proc/net/tcp6 interfaces
• An implementation of the TCP/IP protocol suite for the LINUX operating system – tcp_states.h