How to count TCP connections

Use netstat, ss or files inside proc filesystem to count TCP connections.

netstat utility

Install net-tools package.

$ apt install net-tools

Use netstat utility to display TCP statistics.

$ netstat -s -t | sed -e '/Tcp:/!d;:l;n;/^\ /!d;bl'
Tcp:
    59962 active connection openings
    609 passive connection openings
    12888 failed connection attempts
    2174 connection resets received
    11 connections established
    9276276 segments received
    6752540 segments sent out
    25384 segments retransmitted
    660 bad segments received
    47880 resets sent

ss utility

Display summary statistics using ss an another utility to investigate sockets.

$ ss -s
Total: 1787 (kernel 0)
TCP:   52 (estab 15, closed 11, orphaned 0, synrecv 0, timewait 0/0), ports 0

Transport Total     IP        IPv6
*         0         -         -        
RAW       2         1         1        
UDP       34        23        11       
TCP       41        31        10       
INET      77        55        22       
FRAG      0         0         0        

Combine ss, tee and awk to pretty print number of established TCP connections.

ss -s | awk '/^TCP:/' | tee >(sed "s/^TCP:[ ]*\(.*\) (.*/All TCP connections: \1/") >(awk -F "[()]" '{print $2}'| awk -v "RS=, " '$1 ~ "estab" {print "Currently established connections: " $2}') &>/dev/null
Currently established connections: 15
All TCP connections: 52

This can be easily scripted as you can see below.

$ ss -s | awk '/^TCP:/' | tee >(awk -v "FS= " '{print "TCP=\""$2"\""}') >(awk -F "[()]" '{print $2}'| awk -v "RS=, " '{print toupper($1)"=\""$2"\""}') &>/dev/null
TCP="51"
ESTAB="14"
CLOSED="11"
ORPHANED="0"
SYNRECV="0"
TIMEWAIT="0/0"
$ (eval $(ss -s | awk '/^TCP:/' | tee >(awk -v "FS= " '{print "TCP=\""$2"\""}') >(awk -F "[()]" '{print $2}'| awk -v "RS=, " '{print toupper($1)"=\""$2"\""}') &>/dev/null); echo "Established connections: $ESTAB")
Established connections: 11

proc filesystem

sockstat file

Inspect /proc/net/sockstat and /proc/net/sockstat to get established connections (inuse), connections in time wait state (tw) and total tcp connections (alloc).

$ cat /proc/net/sockstat;
sockets: used 1783
TCP: inuse 27 orphan 0 tw 1 alloc 48 mem 16
UDP: inuse 23 mem 85
UDPLITE: inuse 0
RAW: inuse 1
FRAG: inuse 0 memory 0
$ cat /proc/net/sockstat6
TCP6: inuse 10
UDP6: inuse 11
UDPLITE6: inuse 0
RAW6: inuse 1
FRAG6: inuse 0 memory 0

You can calculate closed TCP connections by using the following formula.

closed TCP connections = total TCP connections - (established TCP connections + established TCP6 connections - TCP connections in time wait state)

Calculate closed TCP connections for provided data.

$ echo "48-(27+10-1)" | bc 
12

Display summary statistics using ss utility to verify this value.

$ ss -s
Total: 1783 (kernel 0)
TCP:   49 (estab 11, closed 12, orphaned 0, synrecv 0, timewait 1/0), ports 0

Transport Total     IP        IPv6
*         0         -         -
RAW       2         1         1
UDP       34        23        11
TCP       37        27        10
INET      73        51        22
FRAG      0         0         0

tcp file

Count TCP and TCP6 connections by its state.

$ awk 'BEGIN{printf("%6s %6s\n","STATE", "COUNT")} NR>1 {count[$4]++} END{for(key in count){printf("%6s %6s\n",key,count[key])}}' /proc/net/tcp
 STATE  COUNT
    08      1
    01     12
    0A     15
    06      3
$ awk 'BEGIN{printf("%6s %6s\n","STATE", "COUNT")} NR>1 {count[$4]++} END{for(key in count){printf("%6s %6s\n",key,count[key])}}' /proc/net/tcp6
 STATE  COUNT
    0A     10

Display summary statistics using ss utility to verify states count.

$ ss -s
Total: 1786 (kernel 0)
TCP:   52 (estab 12, closed 14, orphaned 0, synrecv 0, timewait 3/0), ports 0

Transport Total     IP        IPv6
*         0         -         -        
RAW       2         1         1        
UDP       36        25        11       
TCP       38        28        10       
INET      76        54        22       
FRAG      0         0         0        

You can identify particular states using this table.

StateHex value
ESTABLISHED01
TCP_SYN_SENT02
TCP_SYN_RECV03
TCP_FIN_WAIT104
TCP_FIN_WAIT205
TCP_TIME_WAIT06
TCP_CLOSE07
TCP_CLOSE_WAIT08
TCP_LAST_ACK09
TCP_LISTEN0A
TCP_CLOSING0B
TCP_NEW_SYN_RECV0C

snmp file

Use /proc/net/snmp file to get additional information.

$ awk '/^Tcp/ {print}' /proc/net/snmp
Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
Tcp: 1 200 120000 -1 60151 621 12888 2185 11 9405800 6852277 26038 662 47975 0

Parse this file to get specific information, like established TCP connections.

$ awk '/^Tcp/ {print $10}' /proc/net/snmp
CurrEstab
11

Additional information