.\" .\" CDDL HEADER START .\" .\" This file and its contents are supplied under the terms of the .\" Common Development and Distribution License ("CDDL"), version 1.0. .\" You may only use this file in accordance with the terms of version .\" 1.0 of the CDDL. .\" .\" A full copy of the text of the CDDL should have accompanied this .\" source. A copy of the CDDL is also available via the Internet at .\" http://www.illumos.org/license/CDDL. .\" .\" CDDL HEADER END .\" .\" .\" Copyright (c) 2016 by Delphix. All rights reserved. .\" .Dd March 10, 2023 .Dt CONNSTAT 8 .Os .Sh NAME .Nm connstat .Nd report TCP connection statistics .Sh SYNOPSIS .Nm .Op Fl eLP .Op Fl 4 Ns | Ns Fl 6 .Op Fl T Sy d Ns | Ns Sy u .Op Fl F Ar filter .Op Fl i Ar interval .Op Fl c Ar count .Op Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... .Sh DESCRIPTION The .Nm command reports TCP connection statistics in tabular form. Each row of the table represents the activity of one connection. The .Nm command adds virtually no overhead to run as it is aggregating statistics that are always collected in the kernel. .Pp With no arguments, .Nm prints a single report containing all TCP connections, and includes a basic set of fields representing IP address and port information, as well as connection state. The .Fl o flag can be used to specify which fields to display, and other arguments to filter the set of connections included in the output. .Sh OPTIONS The arguments are as follows: .Bl -tag -width "" .It Fl 4 , Fl -ipv4 Only displays IPv4 connections. .It Fl 6 , Fl -ipv6 Only displays IPv6 connections .It Fl c Ar count , Fl -count Ns = Ns Ar count Print a specified number of reports before exiting. This is used in conjunction with .Fl i . .It Fl e , Fl -established Only display connections that are in state ESTABLISHED. This is equivalent to including .Sy state=ESTABLISHED in the filter argument to the .Fl F option. .It Fl F Ar filter , Fl -filter Ns = Ns Ar filter Only display connections that match the filter argument provided. The format of the filter is: .Pp .Ar field Ns = Ns Ar value Ns Oo , Ns Ar field Ns = Ns Ar value Oc Ns ... .Pp Fields that can currently be filtered are .Ar laddr , Ar lport , Ar raddr , Ar rport , and Ar state . See the .Sx Fields section for a description of these fields. The filter matches a connection if all of the filter elements match, and a field must only appears once in the filter. .It Fl i Ar interval , Fl -interval Ns = Ns Ar interval Specify an output interval in seconds. For each interval, a report containing all connections appropriate given other command-line options is printed. .It Fl L , Fl -no-loopback Exclude connections to the loopback address. .It Fl o Ar fields , Fl -output Ns = Ns Ar fields Restrict the output to the specified comma-delimited list of field names. See the .Sx Fields section for information about possible fields. .It Fl P , Fl -parsable Display using a stable, machine-parsable output format. The .Fl o flag must also be given to specify which fields to output and their order. Each line of output will consist of comma-delimited (,) fields, and no header will be emitted. When also using the .Fl T option, lines indicating the current time will begin with .Dq "= " . See .Sx Example 4 for an example of how to process parsable output. .It Fl T Sy d Ns | Ns Sy u , Fl -timestamp Ns = Ns Sy d Ns | Ns Sy u Print a timestamp before each block of output. .Pp Specify .Sy u for a printed representation of the internal representation of time (see .Xr time 2 Ns ). Specify .Sy d for standard date format (see .Xr date 1 Ns ). .El .Ss Fields The following fields are supported. Field names are case insensitive. Unless otherwise indicated, the values of fields that represent a count (e.g. bytes or segments) are cumulative since the connection was established. Some of these fields refer to data segments, which are segments that contain non-zero amount of data. All sizes are in bytes. .Bl -tag -width "inunorderbytes" .It Sy cwnd The size of the local TCP congestion window at this instant. .It Sy inbytes The number of data bytes received. This does not include duplicate bytes received. .It Sy insegs The number of data segments received. This does not include duplicate segments received. .It Sy inunorderbytes The number of data bytes that were received out of order. .It Sy inunordersegs The number of data segments that were received out of order. .It Sy laddr The local IP address. .It Sy lport The local TCP port. .It Sy mss The maximum TCP segment size for this connection. .It Sy outbytes The number of data bytes sent. This does not include retransmitted bytes counted by .Sy retransbytes . .It Sy outsegs The number of data segments sent. This does not include segments containing retransmitted bytes counted by .Sy retranssegs . .It Sy raddr The remote IP address. .It Sy retransbytes The number of data bytes retransmitted. .It Sy retranssegs The number of data segments sent that contained retransmitted bytes. .It Sy rport The remote TCP port. .It Sy rto The current retransmission timeout in milliseconds. .It Sy rtt The current smoothed round-trip time to the peer in microseconds. The smoothed RTT average algorithm used is as described in RFC 6298. .It Sy rttc The number of times that a round-trip sample was added to .Sy rtts . See .Sy rtts for a description of how these two fields can be used together to calculate the average round-trip over a given period. .It Sy rtts The sum of all round-trip samples taken over the lifetime of the connection in microseconds. Each time TCP updates the value of .Sy rtt with a new sample, that sample's value is added to .Sy rtts . To calculate the average round-trip over a given period (e.g. between T1 and T2), take samples of .Sy rtts and .Sy rttc at T1 and T2, and calculate .br (( .Sy rtts Ns _T2 - .Sy rtts Ns _T1 ) / ( .Sy rttc Ns _T2 - .Sy rttc Ns _T1 )). .br See .Sx Example 4 for an example of how this can be done programmatically from a shell script. .It Sy rwnd The size of the local TCP receive window at this instant. .It Sy state The TCP connection state. Possible values are: .Bl -tag -width "SYN_RECEIVED" .It Sy BOUND Bound, ready to connect or listen. .It Sy CLOSED Closed. The local endpoint (e.g. socket) is not being used. .It Sy CLOSING Closed, but still waiting for a termination acknowledgment from the peer. .It Sy CLOSE_WAIT The peer has shutdown; waiting for the local endpoint to close. .It Sy ESTABLISHED Connection has been established and data can be transferred. .It Sy FIN_WAIT_1 Local endpoint is closed, but waiting for termination acknowledgment from the peer. .It Sy FIN_WAIT_2 Local endpoint is closed, but waiting for a termination request from the peer. .It Sy IDLE The local endpoint (e.g. socket) has been opened, but is not bound. .It Sy LAST_ACK The remote endpoint has terminated, and the local endpoint has sent a termination request. The acknowledgment for this request has not been received. .It Sy LISTEN Listening for incoming connections. .It Sy SYN_RECEIVED Initial connection request has been received and acknowledged, and a connection request has been sent but not yet acknowledged. .It Sy SYN_SENT A connection establishment request has been sent but not yet acknowledged. .It Sy TIME_WAIT Waiting for time to pass after having sent an acknowledgment for the peer's connection termination request. .El .Pp See RFC 793 for a more complete understanding of the TCP protocol and TCP connection states. .It Sy suna The number of unacknowledged bytes outstanding at this instant. .It Sy swnd The size of the local TCP send window (the peer's receive window) at this instant. .It Sy unsent The number of unsent bytes in the local TCP transmit queue at this instant. .El .Sh EXIT STATUS The .Nm utility exits 0 on success, or 1 if an error occurs. .Sh EXAMPLES .Bl -tag -width "" .It Sy Example 1 List established connections. By default, connstat lists basic connection details. Using the .Fl e option allows the user to get a quick glance of established connections. .Bd -literal $ connstat -e LADDR LPORT RADDR RPORT STATE 10.43.37.172 51275 172.16.105.4 389 ESTABLISHED 10.43.37.172 22 172.16.98.16 62270 ESTABLISHED 10.43.37.172 1020 172.16.100.162 2049 ESTABLISHED 10.43.37.172 1019 10.43.11.64 2049 ESTABLISHED 10.43.37.172 22 172.16.98.16 61520 ESTABLISHED 10.43.37.172 80 10.43.16.132 59467 ESTABLISHED .Ed .It Sy Example 2 Show one connection's I/O stats every second The .Fl F option is used to filter a specific connection, .Fl o is used to output specific fields, and .Fl i to provide the output interval in seconds. .Bd -literal $ connstat -F lport=22,rport=49675,raddr=172.16.168.30 \e -o inbytes,outbytes -i 1 INBYTES OUTBYTES 9589 18101 INBYTES OUTBYTES 9589 18341 INBYTES OUTBYTES 9589 18501 INBYTES OUTBYTES 9589 18661 ... .Ed .It Sy Example 3 Understanding the bottleneck for a given connection Understanding the transmit bottleneck for a connection requires knowing the size of the congestion window, whether the window is full, and the round-trip time to the peer. The congestion window is full when .Sy suna is equal to .Sy cwnd . If the window is full, then the throughput is limited by the size of the window and the round-trip time. In that case, knowing these two values is critical. Either the window is small because of retransmissions, or the round-trip latency is high, or both. In the example below, the window is small due to high congestion or an unreliable network. .Bd -literal $ connstat -F lport=41934,rport=50001 \e -o outbytes,suna,cwnd,unsent,retransbytes,rtt -T d -i 1 July 7, 2016 11:04:40 AM EDT OUTBYTES SUNA CWND UNSENT RETRANSBYTES RTT 1647048093 47784 47784 3017352 3701844 495 July 7, 2016 11:04:41 AM EDT OUTBYTES SUNA CWND UNSENT RETRANSBYTES RTT 1660720109 41992 41992 1535032 3765556 673 July 7, 2016 11:04:42 AM EDT OUTBYTES SUNA CWND UNSENT RETRANSBYTES RTT 1661875613 26064 26064 4311688 3829268 571 July 7, 2016 11:04:43 AM EDT OUTBYTES SUNA CWND UNSENT RETRANSBYTES RTT 1681478637 41992 41992 437304 3932076 1471 July 7, 2016 11:04:44 AM EDT OUTBYTES SUNA CWND UNSENT RETRANSBYTES RTT 1692028765 44888 44888 1945800 4014612 921 \&... .Ed .It Sy Example 4 Calculating average RTT over intervals As described in the .Sx Fields section, the .Sy rtts and .Sy rttc fields can be used to calculate average RTT over a period of time. The following example combines machine parsable output with these fields to do this programmatically. The script: .Bd -literal #!/bin/bash i=0 connstat -P -F lport=41934,rport=50001 -o rttc,rtts -i 1 | \e while IFS=, read rttc[$i] rtts[$i]; do if [[ $i != 0 ]]; then let rtt="(${rtts[$i]} - ${rtts[$i - 1]}) / \e (${rttc[$i]} - ${rttc[$i - 1]})" print "avg rtt = ${rtt}us" fi ((i++)) done .Ed .Pp The output: .Bd -literal \&... avg rtt = 992us avg rtt = 829us avg rtt = 712us avg rtt = 869us \&... .Ed .It Sy Example 5 Show HTTP server connections in TIME_WAIT state Connections accumulating in TIME_WAIT state can sometimes be an issue, as these connections linger and take up port number space while their time wait timer is ticking. .Bd -literal $ connstat -F state=time_wait,lport=80 LADDR LPORT RADDR RPORT STATE 10.43.37.172 80 172.16.168.30 56067 TIME_WAIT 10.43.37.172 80 172.16.168.30 56068 TIME_WAIT 10.43.37.172 80 172.16.168.30 56070 TIME_WAIT .Ed .El .Sh INTERFACE STABILITY The command line options for this command are stable, but the output format when not using the .Fl P option and diagnostic messages are not. .Sh SEE ALSO .Xr netstat 8 .Rs .%A J. Postel .%B Transmission Control Protocol, STD 7, RFC 793 .%D September 1981 .Re .Rs .%A V. Paxson .%A M. Allman .%A J. Chu .%A M. Sargent .%B Computing TCP's Retransmission Timer, RFC 6298 .%D June 2011 .Re