ss -ntl sport :443 # list sockets lisenting on port 443
ss -ntl src :443 # same as above and can additionally filter by IP address

ss -tunap # list all TCP and UDP sockets, including both listening and non-listening sockets, and show the associated processes

For ss -tiepm output,

  1. app_limited, rwnd_limited or sndbuf_limited could indicated if the connection bandwidth is limited by the send buffer or not.

  2. Send-Q is READ_ONCE(tp->write_seq) - tp->snd_una, which means .

  3. notsent is bytes not yet sent to the peer, which is part of Send-Q. It is calculated from max_t(int, 0, tp->write_seq - tp->snd_nxt), which means .

  4. The difference between Send-Q and notsent is snd_nxt - snd_una, representing all sent and yet unacknowledged data.

  5. skmem:(t<wmem_alloc>) includes qdisc queues and NIC tx queue. Why is it often 0 during active transmission?

  6. skmem:(w<wmem_queued>) is total memory allocated for unsent or unacknowleged packets. It is incremented in tcp_sendmsg_locked() and decremented in either tcp_trim_head() or tcp_wmem_free_skb().

  7. skmem:(tb<snd_buf>) is the total send buffer size, including unused bytes.

  8. rtt:<rtt>/<rttvar> and bbr:(<bw>,<mrtt>) could be used to estimate your BDP.

  9. snd_wnd is peer’s advertised receive window after scaling (bytes).

  10. rcv_wnd is local advertised receive window after scaling (bytes), supported since iproute2-6.6.0 with linux-6.2 kernel.

  11. cwnd is congestion window in MSS units. You need to multiply it by mss before comparing it with snd_wnd.

With an iperf3 test, you could use the following Bash script to trace the statistics in ~ 1 second interval. You should replace dst with src where appropriate:

for i in {0..1000}; do ss -ntim dst :5201 | grep -B1 --color=always _limited; sleep 1; done