How to Check Listening Socket Queue Length in Linux (FreeBSD netstat -L Equivalent)


2 views

When working with network servers, monitoring the connection queue length is crucial for performance tuning and troubleshooting. FreeBSD's netstat -L conveniently displays three important values (X/Y/Z) representing:

  • X: Current queue length
  • Y: Maximum queue length
  • Z: Drops due to queue overflow

While Linux's netstat doesn't support the -L flag, we have several effective alternatives:

Method 1: Using ss from iproute2

The modern replacement for netstat provides queue information:


ss -ltn

For detailed queue information:


ss -ltnp

Method 2: Using /proc/net/tcp

Examine kernel TCP information directly:


cat /proc/net/tcp | grep -i listen

Method 3: Custom Script for Queue Monitoring

Here's a Python script to monitor listen queue lengths:


import socket

def get_listen_queue(port):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.bind(('', port))
    s.listen(5)
    queue = s.getsockopt(socket.SOL_SOCKET, socket.SO_LISTENQUEUE)
    s.close()
    return queue

print(f"Current listen queue length: {get_listen_queue(8080)}")

For advanced users, you can access detailed queue statistics through these methods:


# Check maximum backlog setting
sysctl net.core.somaxconn

# Monitor SYN backlog
cat /proc/sys/net/ipv4/tcp_max_syn_backlog

# Check drops in /proc/net/netstat
grep -E 'TcpExt|Listen' /proc/net/netstat

Here's how to monitor listen queue for a web server:


# Find nginx worker PIDs
pgrep nginx | xargs -I {} ss -ltnp | grep {}

For persistent monitoring:


watch -n 1 "ss -ltnp | grep nginx"

If you're seeing queue overflows:

  • Increase net.core.somaxconn
  • Adjust application listen() backlog parameter
  • Monitor with netstat -s | grep overflow
  • Consider rate limiting if under SYN flood

When working with network servers on Linux, monitoring the connection queue is crucial for performance tuning and capacity planning. FreeBSD's netstat -L conveniently shows three important queue metrics (X/Y/Z) for listening sockets:

# FreeBSD example output
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        State       Queue
tcp4       0      0  *.80                   *.*                    LISTEN      10/128/128

While Linux's netstat doesn't support the -L flag, we have several alternatives:

Method 1: Using ss from iproute2

The modern ss tool shows queue lengths in the Recv-Q column for listening sockets:

# Show listening sockets with queue lengths
ss -ltn

# Example output
State    Recv-Q   Send-Q     Local Address:Port      Peer Address:Port
LISTEN   5        128               *:80                  *:*

For TCP sockets:

  • Recv-Q: Current queue length (number of pending connections)
  • Send-Q: Maximum backlog queue size (same as the backlog parameter in listen())

Method 2: Using /proc/net/tcp

For more detailed information, parse the kernel's TCP table:

cat /proc/net/tcp | grep -i "0A"  # 0A is the hex value for LISTEN state

# Example output
 sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode
 0: 00000000:0050 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 12345

The rx_queue field (second part of the 4th column) shows the current queue length in hex.

Method 3: Using netstat with Watch

While not as detailed as FreeBSD's output, you can monitor changes:

watch -n 1 "netstat -tulnp | grep LISTEN"

Here's a Python script to monitor Apache/Nginx queue lengths:

#!/usr/bin/env python3
import subprocess
import time

def get_queue_length(port=80):
    try:
        output = subprocess.check_output(['ss', '-ltn'])
        for line in output.decode().split('\n'):
            if f':{port}' in line and 'LISTEN' in line:
                parts = line.split()
                return int(parts[1])  # Recv-Q
    except Exception as e:
        print(f"Error: {e}")
    return None

while True:
    qlen = get_queue_length(80)
    if qlen is not None:
        print(f"[{time.ctime()}] HTTP queue length: {qlen}")
    time.sleep(1)

Key thresholds to watch:

  • Consistent queue length > 0: Indicates your server is regularly hitting its concurrency limit
  • Queue approaching backlog size: Means you're dropping connections (check /proc/net/netstat for ListenDrops)
  • Sudden spikes: May indicate DDoS attacks or traffic surges

If you're regularly seeing queues, consider increasing the backlog parameter:

# For sysctl-tuned systems
echo 'net.core.somaxconn=4096' >> /etc/sysctl.conf
sysctl -p

# In application code (Python example)
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.listen(4096)  # Set backlog to 4096 instead of default (usually 128)