Aim: To Study Socket Programming Commands
ss - socket statistics
The netstat command has been replaced by the ss command from the iproute suite of tools. The netstat command reads various /proc files to gather information. However this approach falls weak when there are lots of connections to display. This makes it slower. The ss command gets its information directly from kernel space. Following examples shows the use of ss command.
1. List all connections
The output contains all tcp, udp and unix socket connection details. We are piping the output to less so that the output is scrollable.
2. Filter out tcp,udp or unix connections
To view only tcp or udp or unix connections use the t, u or x option.
The "t" option alone reports only those connections that are "established" or CONNECTED". It does not report the tcp sockets that are "LISTENING". The “a” option tells ss to report both "CONNECTED" and "LISTENING" sockets.
UDP is a connection-less protocol, just "ss -u" will not report anything in most cases. Therefore we use the "a" option report all UDP connections (connected and listening). The “x” option to list out all unix socket connections.
3. Do not resolve hostname
To get the output faster, use the "n" option to prevent ss from resolving ip addresses to hostnames. But this will prevent resolution of port numbers as well.
4. Show only listening sockets
This will list out all the listening sockets. For example apache web server opens a socket connection on port 80 to listen for incoming connections.
The above command lists out all "listening" "tcp" connections. The n option disables hostname resolution of the ip addresses giving the output faster. To list out all listening udp connections replace t by u
5. Print process name and pid
To print out the process name/pid which owns the connection use the p option
6. Print summary statistics
The s option prints out the statistics.
7. Display timer information
With the '-o' option, the time information of each connection would be displayed.
8. Display only IPv4 or IPv6 socket connections
To display only IPv4 socket connections use the '-f inet' or '-4' option.
To display only IPv6 connections use the '-f inet6' or '-6' option.
9. Filtering connections by tcp state
The ss command supports filters that can be use to display only specific connections. The filter expression should be suffixed after all options. The ss command accepts filter in the following format. $ ss [ OPTIONS ] [ STATE-FILTER ] [ ADDRESS-FILTER ]
The state can be either of the following:
11. all - All of the above states
12. connected - All the states except for listen and closed 13. synchronized - All the connected states except for syn-sent 14. bucket - Show states, which are maintained as minisockets, i.e. time-wait and syn-recv. 15. big - Opposite to bucket state.
Now here are some examples of how to filter socket connections by socket states.
To display all Ipv4 tcp sockets that are in "connected" state.
Display sockets with state time-wait
Note that many states like syn-sent, syn-recv would not show any sockets most of the time, since sockets remain in such states for a very short time. It would be ideal to use the watch command to detect such socket states in real time.
10. Filter connections by address and port number
Apart from tcp socket states, the ss command also supports filtering based on address and port number of the socket. The following examples demonstrate that. Display all socket connections with source or destination port of ssh.
Sockets with destination port 443 or 80
The following syntax would also work
Filter By Address
CIDR notation is also supported
Address and Port combined
Ports can also be filtered with dport/sport options. Port...
Please join StudyMode to read the full document