A.5.13. Linux::TCP Connections by State

The Linux::TCP Connections by State probe identifies the total number of TCP connections, as well as the quantity of each in the following states:
  • TIME_WAIT - The socket is waiting after close for remote shutdown transmission so it may handle packets still in the network.
  • CLOSE_WAIT - The remote side has been shut down and is now waiting for the socket to close.
  • FIN_WAIT - The socket is closed, and the connection is now shutting down.
  • ESTABLISHED - The socket has a connection established.
  • SYN_RCVD - The connection request has been received from the network.
This probe can be helpful in finding and isolating network traffic to specific IP addresses or examining network connections into the monitored system.
The filter parameters for the probe let you narrow the probe's scope. This probe uses the netstat -ant command to retrieve data. The Local IP address and Local port parameters use values in the Local Address column of the output; the Remote IP address and Remote port parameters use values in the Foreign Address column of the output for reporting.
Requirements - The Red Hat Network monitoring daemon (rhnmd) must be running on the monitored system to execute this probe.

Table A.27. Linux::TCP Connections by State settings

Field Value
Local IP address filter pattern list
Local port number filter
Remote IP address filter pattern list
Remote port number filter
Timeout* 15
Critical Maximum Total Connections
Warning Maximum Total Connections
Critical Maximum TIME_WAIT Connections
Warning Maximum TIME_WAIT Connections
Critical Maximum CLOSE_WAIT Connections
Warning Maximum CLOSE_WAIT Connections
Critical Maximum FIN_WAIT Connections
Warning Maximum FIN_WAIT Connections
Critical Maximum ESTABLISHED Connections
Warning Maximum ESTABLISHED Connections
Critical Maximum SYN_RCVD Connections
Warning Maximum SYN_RCVD Connections