Getting current TCP connection count on a Linux Server with tshark

Do you have a lot of connections because of a DOS attack? or, perhaps your mysql server has a lot of connection-storms? Do you need to know what is the exact number of those TCP connections?

Ok... there we go!

Install wireshark for terminal in your Linux and later write:

tshark -f 'tcp port 80 and tcp[tcpflags] & (tcp-syn) !=0 and tcp[tcpflags] & (tcp-ack) = 0' -n -q -z io,stat,1 -i eth0 -a "duration:10"

• "port 80" could be "port 3306" or "port whatever-you-want"
• "eth0" and "duration:10" can be changed too.

Description:

During 10 seconds tshark is capturing traffic. After that, it will write a report with your connection count each one second (Frames field).

=============================
| IO Statistics             |
|                           |
| Interval size: 1 secs     |
| Col 1: Frames and bytes   |
|---------------------------|
|          |1               |
| Interval | Frames | Bytes |
|---------------------------|
|  0 <>  1 |     10 |   740 |
|  1 <>  2 |    105 |  7770 |
|  2 <>  3 |      1 |    74 |
|  3 <>  4 |      0 |     0 |
|  4 <>  5 |      3 |   222 |
|  5 <>  6 |     85 |  6290 |
|  6 <>  7 |     16 |  1184 |
|  7 <>  8 |     31 |  2294 |
|  8 <>  9 |     72 |  5328 |
|  9 <> 10 |      3 |   222 |

=============================

That's all.