Connection Usage
Learning Focus
By the end of this lesson you will know how to monitor connection usage and detect capacity issues.
Checking Connections
# Count established connections by port
netstat -an | grep ":80.*ESTABLISHED" | wc -l
netstat -an | grep ":443.*ESTABLISHED" | wc -l
# Connection states summary
ss -s
# Per-IP connection count (find heavy users)
netstat -an | grep ESTABLISHED | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn | head -10
Connection States
| State | Meaning | Concern |
|---|---|---|
ESTABLISHED | Active connection | Normal |
TIME_WAIT | Closing, waiting for cleanup | High numbers = many short connections |
CLOSE_WAIT | Waiting for local close | Backend not closing properly |
SYN_RECV | Handshake in progress | High numbers = possible SYN flood |
Key Takeaways
- Monitor ESTABLISHED connection counts against your server's maximum limits.
- High
TIME_WAITcounts may indicate keep-alive is too short. - High
SYN_RECVcounts may indicate a SYN flood attack.
What's Next
- Continue to Worker Processes for PHP worker monitoring.