1

i need to monitor how many users are actively connected to one port on debian. I know i can do it with command

netstat -na |grep $port |grep ESTABLISHED |wc -l

which really gives me result - a number of connections on certain port which are "ESTABLISHED". But i am looking for a linux command which can give me result on how many connections there is really some flowing traffic - because many of my connections are only established - but there is no traffic, so i need to filter them. Someone has any idea how to get this number?

thank you all

John
  • 11
  • 1

2 Answers2

3

"active" is not a point in time measurement so you can't treat it like one.

Over what period of time are you measuring? 10 seconds? One minute? 15 minutes?

What is the minimum threshold of byte activity before you consider a connection "active"?

You need to nail down what you're trying to measure before you can measure it.

MikeyB
  • 38,725
  • 10
  • 102
  • 186
  • i am not sure if there is some traffic is there is only connection established, but i would say sufficient for me is if the traffic does not exceed 1kb/30 seconds. thank you – John Dec 05 '13 at 19:36
0

i like to run ntop (with --disable-sessions and --disable-decoders to reduce load)

it gives you very detailed almost real-time network traffic analysis.

http://www.ntop.org/

nandoP
  • 2,001
  • 14
  • 15