DEV Community

loading...

Monitor Network Connections

rounakcodes
Self taught. Full Stack Developer. More than 4 years of experience. Currently working on scaling a SaaS product.
Updated on ・2 min read

Intro

This short article will help you to check if there is indeed a connection established, if a server is still listening or has died, how many connections can be established to a listening server etc
This is very useful for debugging when your application communicates with various external services (like a database) and you want to ensure that there is no issue in communicating.
The below commands were executed on a ubuntu machine but similar tools exist on other operating systems.

Read and understand connection related information

Start a server

conn-1

Start a http server on port 80 of localhost

Monitor listening servers

image
127.0.0.1 is the Local address which means only your computer can connect to the server

0.0.0.0:* is the Foreign address column value i.e. The IP address and port number of the remote computer to which the socket is connected. The value 0.0.0.0:* means not connected to any remote computer.

Connect to the server

image

Use telnet to connect to the server
(We just want to connect to a server, use telnet or whatever tool you prefer)

Monitor listening servers and connections

image

  • client port (51580 in my case) is a randomly chosen free port
  • process (server) which is listening has state LISTEN
  • ESTABLISHED indicates that a connection has been established
  • protocol is tcp
  • 60755 is the process id
    • killing the process will kill the connection

Connect and monitor again

image
Start one more connection
image
Observe the new connection info

Close the connections and monitor

image

image

TIME_WAIT indicates that local endpoint has closed the connection. The connection is being kept around so that any delayed packets can be matched to the connection and handled appropriately. The connections will be removed when they time out within four minutes.

Notes

  • TCP/IP is a protocol stack for communication, a socket is an endpoint in a (bidirectional) communication.
  • Connections are identified by the tuple {SRC-IP, SRC-PORT, DEST-IP, DEST-PORT, PROTOCOL}. If any element in the tuple is different, then it is a completely independent connection.
    • In our above examples, though server port (80) is same, client ports are different
  • On a server, a process is listening on a port. Once it gets a connection, it hands it off to another thread. The communication never hogs the listening port.
  • When a client connects to a server, it picks a random, unused high-order source port. This way, a single client can have up to ~64k connections to the server for the same destination port.

Discussion (0)