What does the Recv-Q values in a Listen socket mean?
Recv-Q is the Receive Queue. It is the number of bytes that are currently in a receive buffer. Upon reading the socket, the bytes are removed from the buffer and put into application memory. If the Recv-Q number gets too high, packets will be dropped because there is no place to put them.
More info here netstat
Why is the Recv-Q value in netstat equal to socket backlog + 1?
A backlog value of N really does mean allow "N + 1" connections
to queue to a listening socket. This allows one to specify
"0" as the backlog and still get 1 connection.
Reference: NET: Revert incorrect accept queue backlog changes. · torvalds/linux@64a1465 · GitHub
How to parse netstat command to get the send-q number from the line
Something like
$ netstat -naputeo 2>/dev/null | awk -v OFS=';' '$1 ~ /^tcp/ && $3 > 4000 { sub(/^.+:/, "", $4); print $3, $4, $9 }'
?
That would output the 3rd column (Send-Q
), the port part of the 4th column (Local Address
) and the 9th column (PID/Program name
) if Send-Q > 4000
, separated by semicolons so you can pipe it into your CSV.
E.g. (for Send-Q > 0
on my box)
$ netstat -naputeo 2>/dev/null | awk -v OFS=';' '$1 ~ /^tcp/ && $3 > 0 { sub(/^.+:/, "", $4); print $3, $4, $9 }'
52;22;4363/sshd:
EDIT:
If you really need to further process the values in bash
, then you can just print the respective columns via awk
and iterate over the lines like this:
#!/bin/bash
while read recv send address pid_program; do
ip=${address%%:*}
port=${address##*:}
pid=${pid_program%%/*}
program=${pid_program#*/}
echo "recv=${recv} send=${send} ip=${ip} port=${port} pid=${pid} program=${program}"
# do stuff here
done < <(netstat -naputeo 2>/dev/null | awk '$1 ~ /^(tcp|udp)/ && ($2 > 4000 || $3 > 4000) { print $2, $3, $4, $9 }')
E.g.:
$ ./t.sh
recv=0 send=52 ip=x.x.x.x port=22 pid=12345 program=sshd:
Note: I don't understand why you need the -o
switch to netstat
since you don't seem to be interested in the timers output, so you could probably drop that.
Related Topics
Is It Safe to Delete the Journal File of Mongodb
How to Capture Raw Hid Input on Linux
Backup a Running Docker Container
PDF Compare on Linux Command Line
Fork: Retry: Resource Temporarily Unavailable
Can't Find Out Where Does a Node.Js App Running and Can't Kill It
Linux Shell to Restrict Sftp Users to Their Home Directories
View a Log File in Linux Dynamically
Linux/Bash, Using Ps -O to Get Process by Specific Name
Mongodb Data Directory /Data/Db Not Found
Delete Files with String Found in File - Linux Cli
Does Os X Have an Equivalent to /Dev/Shm
Where Is the Linux Isr Entry Point