Networking

TCP Dump

• Capture pcap file using tcpdump -i <interface> -s 65535 -w <file>
• Then open it using wireshark
• Other options is to use tcpick(8)

References:

• A tcpdump Tutorial with Examples — 50 Ways to Isolate Traffic

Linux ftrace TCP Retransmit Tracing

• We can use tcpretrans part of perf-tools that is maintained by Brendan Gregg

References:

• Brendan Gregg’s Blog - Linux ftrace TCP Retransmit Tracing

Monitor TCP Accept Queue Length and Overflows

Check for overflows

[centos ~]$ nstat -az | grep -i listen
TcpExtListenOverflows           3518352            0.0
TcpExtListenDrops               3518388            0.0
TcpExtTCPFastOpenListenOverflow 0  0.0

[centos ~]$ netstat -s | grep -i LISTEN
    3518352 times the listen queue of a socket overflowed
    3518388 SYNs to LISTEN sockets dropped

Monitor queue sizes:

$ ss -n state syn-recv sport = :80 | wc -l
119

References:

• How can I monitor the length of the accept queue?
• Investigating Linux Network Issues with netstat and nstat
• How TCP backlog works in Linux
• SYN packet handling in the wild

On HTTP

• HTTP Keep-Alive, Pipelining, Multiplexing and Connection Pooling

References

• How to Get to the Bottom of Network Timeout Issues