-1

I have a site with video content (mp4 files).

When people are watching videos, they are downloading video files from my site. I want to know the number of the active connections via the linux terminal. They are probably TCP packets on port 80.

However:

$ netstat -an |grep :80 | wc -l

gives a huge number, ~6-7k. I don't think that this is correct?

slm
  • 7,615
  • 16
  • 56
  • 76
KoSMoS
  • 99

2 Answers2

1

netstat on Linux is obsolete and was replaced by ss which you should use instead.

Something like this ought to give you what you want:

$ ss -H state established '( sport = :https )' | wc -l
21

This selects connections on port 443 which are currently established, i.e. connected to a remote host, excluding those which are in the process of closing.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
0
netstat -an

will give you active connections, along with EVERYTHING else. This includes things like listening ports etc..

If you are limited to only using netstat, you should be able to count out the number of established connections using something like: 

netstat -an | grep -w "<listening ip>:80" | grep ESTABLISHED | wc -l

which is a bit of a hack, but works by just counting the number of established connections coming in to your listening ip, on port 80.

If you can install ss, or have it already installed:

ss -nt dst <ip webserver is listening on>:80 | wc -l

The above should give you a count of all connections with a destination of your listening ip address on port 80.

If you are looking for unique connections you could even narrow it down more by using "sort" and then "uniq -c" (foregoing "wc -l") to get a count to unique connections as well.

ss is super useful: https://linux.die.net/man/8/ss

frontsidebus
  • 536
  • 2
  • 7
  • Why do you limit it to IPv4 connections? Also your command will count both incoming and outgoing connections, which may not be what he wants. – Michael Hampton Jul 06 '18 at 19:51
  • Good point. edited answer. TY! – frontsidebus Jul 06 '18 at 19:57
  • -jailshell: ss: command not found. i dont have it and i cant install it. im on shared hosting – KoSMoS Jul 06 '18 at 20:09
  • edited my original answer with a solution that will just use netstat. It's a bit hacky, but it should work as well. – frontsidebus Jul 06 '18 at 21:01
  • @KoSMoS If you are on shared hosting, you can't really differentiate your connections from other people's via any of these methods. – Michael Hampton Jul 06 '18 at 21:08
  • Not necessarily. If he has a dedicated ip address, then the netstat method should work. However, if the ip is shared and the webserver is using name-based vhosts, then you are absolutely right, and it would be much more difficult to differentiate connections. – frontsidebus Jul 06 '18 at 21:29
  • thanks filtering by ip and established reduced the amount to ~1-2k. but im getting port :8080 to the results. can it be ignored? – KoSMoS Jul 07 '18 at 07:18
  • You should be able to use double quotes and -w to get an exact match. Updated answer to reflect. – frontsidebus Jul 09 '18 at 00:26