ss

ss -ntl sport :443 # list sockets lisenting on port 443
ss -ntl src :443 # same as above and can additionally filter by IP address

ss -tunap # list all TCP and UDP sockets, including both listening and non-listening sockets, and show the associated processes

For ss -tiepm output,

app_limited, rwnd_limited or sndbuf_limited could indicated if the connection bandwidth is limited by the send buffer or not.
Send-Q is READ_ONCE(tp->write_seq) - tp->snd_una, which means $Tail(+1) of data held in tcp send buffer - First byte we want an ack for$ .
notsent is bytes not yet sent to the peer, which is part of Send-Q. It is calculated from max_t(int, 0, tp->write_seq - tp->snd_nxt), which means $Tail(+1) of data held in tcp send buffer - Next sequence we send$ .
The difference between Send-Q and notsent is snd_nxt - snd_una, representing all sent and yet unacknowledged data.
skmem:(t<wmem_alloc>) includes qdisc queues and NIC tx queue. Why is it often 0 during active transmission?
skmem:(w<wmem_queued>) is total memory allocated for unsent or unacknowleged packets. It is incremented in tcp_sendmsg_locked() and decremented in either tcp_trim_head() or tcp_wmem_free_skb().
skmem:(tb<snd_buf>) is the total send buffer size, including unused bytes.
rtt:<rtt>/<rttvar> and bbr:(<bw>,<mrtt>) could be used to estimate your BDP.
snd_wnd is peer’s advertised receive window after scaling (bytes).
rcv_wnd is local advertised receive window after scaling (bytes), supported since iproute2-6.6.0 with linux-6.2 kernel.
cwnd is congestion window in MSS units. You need to multiply it by mss before comparing it with snd_wnd.

With an iperf3 test, you could use the following Bash script to trace the statistics in ~ 1 second interval. You should replace dst with src where appropriate:

for i in {0..1000}; do ss -ntim dst :5201 | grep -B1 --color=always _limited; sleep 1; done

🪴 Zero's Garden

Explorer

ss

Graph View