Utilizing the ss command on Linux to see information on sockets


The ss command is used to discard socket stats on Linux systems. It works as a replacement for the netstat command and is often utilized for repairing network problems.What is a socket?To make the best usage of the ss command, it is necessary to comprehend what a socket is. A socket is a kind of pseudo file (i.e., not an actual file )that represents a network connection. A socket determines both the remote host and the port that it links to so that information can be sent out between the systems. Sockets resemble pipelines except that pipes only assist in connections in between processes on the very same system where sockets deal with the exact same or different systems. Unlike pipes, sockets also provide bidirectional communication.Once a socket is developed, communications between the local and a remote host will take the type of network packets.Using the ss command With no arguments, ss will list all developed( open non-listening)network connections regardless of their status. Here’s an example revealing simply the first couple of lines of the command’s output along with a single line including IP addresses:$ ss|head -3; ss|grep 192|tail -1 Netid State Recv-Q Send-Q Resident Address: Port Peer Address:

Port Process u_str ESTAB 0 0 * 31510 * 31511 u_str ESTAB 0 0 * 30253 * 30254 tcp ESTAB 0 288 ssh activesync The fields as shown in the ss command output above include: Netid– The kind of socket– TCP, UDP, u_str (Unix stream ), or u_seq(Unix sequence)State– The state of the socket– ESTAB (established), UNCONN(inapplicable) and LISTEN(listening)Recv-Q– The

  • number of gotten packets in the queue waiting to be read Send-Q– The number of packets
  • in the queue waiting to be sent Local address: port– Address of the local system and port Peer address: port– Address of the remote system and port The * characters in the above output indicate that
  • the sockets are listening for traffic on all addresses. I included the last line to show a connection between two specific systems– this system and an ssh connection to a regional host. You can anticipate to see hundreds of lines of output when you

    use the ss command. To count the socket connections that are established on your system(adding one line for the heading), you can use a command like this:$ss|wc -l 622 The command listed below, which uses awk to look only at the

    2nd field in each line of ss output, shows that a person socket is unconnected while 620 are established connections. This command is sorting on the content of the “State” field. The 2nd row in the output revealed below programs that

    column heading.$ss|awk ”| sort|uniq-c 620 ESTAB 1 State 1 UNCONN Using the ss-a(reveal all sockets )command will make the ss output display both listening and non-listening sockets. For TCP,”non-listening “suggests recognized connections while” listening”indicates waiting on a connection. The commands listed below show the difference in the amount of output. $ss|wc-l 617 $ss-| wc -l 820 For example, the ss -a output is most likely to start with output like this:$ss-| head -7 Netid State Recv-Q Send-Q Resident Address: Port Peer Address: Port Process nl UNCONN 0 0 … Source

  • Leave a Reply

    Your email address will not be published. Required fields are marked *