I'm monitoring the TCP stack on a server hoping to generically infer problems with application on the box.
My first inclination is to measure the number of sockets in all reported states (LISTEN,ESTABLISHED,FIN_WAIT2,TIME_WAIT, etc) and detect some anomalies.
A teammate suggests that 'lsof' would be a better tool to see what state the TCP stacks are in.
Any preferences or experience tips from the serverfault crowd?
Best Answer
I prefer lsof because it's output is consistent across all platforms on which it runs. You can pretty much get the same info from both programs, though. I think it comes down to personal preference.