Linux: keepalive or not

Submitted by root on

root's picture

Hello world,

I have encountered today at work a situation where I had to know which established connections are using TCP keepalive and which are not.
If you do not know what TCP keepalive is, check out this link. It explains EVERYTHING! :)

Back to my problem, sometimes looking for keepalive is difficult, involving pages of tcpdump output and so on. You do not want that. You want something simple and quick!
Interestingly, netstat can provide this with the option -o (or --timers). Yes, netstat!

Most probably you use netstat to list established connections like this:

19:44:51 root@minivm:~# netstat -n | grep ESTA
tcp        0      0 10.9.10.11:2049         10.9.10.12:732          ESTABLISHED
tcp        0      0 192.168.10.44:2049      192.168.10.30:734       ESTABLISHED
tcp        0      0 10.9.10.11:2049         10.9.10.9:633           ESTABLISHED
tcp        0      0 192.168.10.44:2049      192.168.10.33:839       ESTABLISHED
tcp        0      0 192.168.10.44:2049      192.168.10.31:898       ESTABLISHED
tcp        0      0 192.168.10.44:22        192.168.10.10:63615     ESTABLISHED

Well, using it with with -o you get an extra column which is called Timer:

19:47:22 root@minivm:~# netstat -no | egrep "Timer|ESTA"
Proto Recv-Q Send-Q Local Address           Foreign Address         State       Timer
tcp        0      0 10.9.10.11:2049         10.9.10.12:732          ESTABLISHED off (0.00/0/0)
tcp        0      0 192.168.10.44:2049      192.168.10.30:734       ESTABLISHED off (0.00/0/0)
tcp        0      0 10.9.10.11:2049         10.9.10.9:633           ESTABLISHED off (0.00/0/0)
tcp        0    140 192.168.10.44:2049      192.168.10.33:839       ESTABLISHED on (0.19/0/0)
tcp        0      0 192.168.10.44:2049      192.168.10.31:898       ESTABLISHED off (0.00/0/0)
tcp        0      0 192.168.10.44:22        192.168.10.10:63615     ESTABLISHED keepalive (4483.53/0/0)

Nice :)
Now you know!

As bonus, the timer column has two fields:

keepalive (4483.53/0/0)
<field 1> <field 2>
The ffield one can have following values:
keepalive - when the keepalive timer is ON
on - when the retransmission timer is ON
off - none of the above is ON

The field two has three subfields:
(4483.53/0/0) -> (a/b/c)
a = keepalive/retransmission timer
b = number of retransmissions that have occurred
c = number of keepalive probes that have been sent

PS: now I have to find out how to get this on AIX or Solaris where netstat -o is not working.

Thou shalt not steal!

If you want to use this information on your own website, please remember: by doing copy/paste entirely it is always stealing and you should be ashamed of yourself! Have at least the decency to create your own text and comments and run the commands on your own servers and provide your output, not what I did!

Or at least link back to this website.

Recent content

tmutil: command line interface into Time Machine
root
macOS: tmutil set quota
root
ESXi: how to change the MTU of vmkernek (vmk) interface (when UI fails)
root
ESXi: A bunch of useful commands and information
root
How to repair a sparsebundle image
root
macOS: How to Show and Hide Hidden Files in macOS Finder
root
Samsung 870 QVO 2TB: Speed Tests and comparison with Adata SU650 and Kingston K600
root
Ubiquiti EdgeRouter X - thoughts and tips
root
Qnap TR-004 short review - why I cannot use it
root
Speed test of Icy Box IB-3805-C31, a 5 disks enclosure from Raidsonic
root
Asus ROG Sheath in 2024: a HUGE Mousepad, Bigger Than Logitech G840 XL
root
Debian DRBD: How to resize drbd and OCFS2 online
root
Ubuntu: Fast Install With VMware Fusion
root
The one with APC Back-UPS BE850G2-GR: Charge Whatever With It, From Phone to Computer And BEYOND :D
root
File Sharing Problems? Downgrade from macOS Ventura to Monterey
root
VIOFO A139 Quad HD Dash Camera - 3 Channels Camera in a 2 Channels Package. Confused?
root
CarPlay not working with iPhone 15 Pro? Seven Type C cables tested with Mazda 3 BP with USB-A Port
root
Apple Watch Series 9? Not Yet! I Still Love My "Seven of Nine" 19 months later
root
The Wooden Playhouse Project
root
ESXi 7: Create VMFS Partition Via Command Line
root
5 Months with iPhone 15 Pro: Not PERFECT But... Must See. From Gaming to ProRes Requirements.
root
How to build a 25U 600x600 Server Rack
root
Thermaltake Pure 20 fan - HUGE and quiet!
root
Docker: how to increase php memory "the docker way"
root
Mousepad Logitech G840
root
Global Chip Shortage? Build this oddity: PC From 2009 With GeForce GTX 1050ti 4G
root
Brigadier: How to use it to Download Boot Camp Drivers
root
Bombardier: How to use it to Download Boot Camp Drivers
root
Logitech Pro X Wired Gaming Headset (2nd gen): review + mic test with G HUB on Windows 11 and macOS
root
macOS: extract user's image
root