C.5.13. Linux::TCP Connections by State
The Linux::TCP Connections by State probe identifies the total number of TCP connections, as well as the quantity of each in the following states:
- TIME_WAIT — The socket is waiting after close for remote shutdown transmission so it may handle packets still in the network.
- CLOSE_WAIT — The remote side has been shut down and is now waiting for the socket to close.
- FIN_WAIT — The socket is closed, and the connection is now shutting down.
- ESTABLISHED — The socket has a connection established.
- SYN_RCVD — The connection request has been received from the network.
This probe can be helpful in finding and isolating network traffic to specific IP addresses or examining network connections into the monitored system.
The filter parameters for the probe let you narrow the probe's scope. This probe uses the
netstat -ant
command to retrieve data. The Local IP address and Local port parameters use values in the Local Address column of the output; the Remote IP address and Remote port parameters use values in the Foreign Address column of the output for reporting.
Requirements — The Red Hat Network Monitoring Daemon (
rhnmd
) must be running on the monitored system to execute this probe.
Field | Value |
---|---|
Local IP address filter pattern list | |
Local port number filter | |
Remote IP address filter pattern list | |
Remote port number filter | |
Timeout* | 15 |
Critical Maximum Total Connections | |
Warning Maximum Total Connections | |
Critical Maximum TIME_WAIT Connections | |
Warning Maximum TIME_WAIT Connections | |
Critical Maximum CLOSE_WAIT Connections | |
Warning Maximum CLOSE_WAIT Connections | |
Critical Maximum FIN_WAIT Connections | |
Warning Maximum FIN_WAIT Connections | |
Critical Maximum ESTABLISHED Connections | |
Warning Maximum ESTABLISHED Connections | |
Critical Maximum SYN_RCVD Connections | |
Warning Maximum SYN_RCVD Connections |