CMD ss

From UVOO Tech Wiki
Revision as of 15:50, 15 July 2020 by Busk (talk | contribs) (Created page with "Shameless rip from https://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html List currently established, closed, orphaned and waiting TCP sockets, ent...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Shameless rip from https://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html

List currently established, closed, orphaned and waiting TCP sockets, enter:

ss -s

How to display all open network ports with ss command on Linux

ss -l

Type the following to see process named using open socket:

ss -pl

Look at resources related to a process

cd /proc/3772
ls -l

/proc/self

More

Display All TCP Sockets
# ss -t -a

Display All UDP Sockets
# ss -u -a

Display All RAW Sockets
# ss -w -a

Display All UNIX Sockets
# ss -x -a


Display All Established SMTP Connections
# ss -o state established '( dport = :smtp or sport = :smtp )'

Display All Established HTTP Connections
# ss -o state established '( dport = :http or sport = :http )'

Find All Local Processes Connected To X Server
# ss -x src /tmp/.X11-unix/*

List All The Tcp Sockets in State FIN-WAIT-1
List all the TCP sockets in state -FIN-WAIT-1 for our httpd to network 202.54.1/24 and look at their timers:
# ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 202.54.1/24

How Do I Filter Sockets Using TCP States?
The syntax is as follows:

## tcp ipv4 ##
ss -4 state FILTER-NAME-HERE

## tcp ipv6 ##
ss -6 state FILTER-NAME-HERE
Where FILTER-NAME-HERE can be any one of the following,

established
syn-sent
syn-recv
fin-wait-1
fin-wait-2
time-wait
closed
close-wait
last-ack
listen
closing
all : All of the above states
connected : All the states except for listen and closed
synchronized : All the connected states except for syn-sent
bucket : Show states, which are maintained as minisockets, i.e. time-wait and syn-recv.
big : Opposite to bucket state.
ss command examples
Type the following command to see closing sockets:

ss -4 state closing
Recv-Q Send-Q                                                  Local Address:Port                                                      Peer Address:Port
1      11094                                                  75.126.153.214:http                                                      175.44.24.85:4669
How Do I Matches Remote Address And Port Numbers?
Use the following syntax:

ss dst ADDRESS_PATTERN

## Show all ports connected from remote 192.168.1.5##
ss dst 192.168.1.5

## show all ports connected from remote 192.168.1.5:http port##
ss dst 192.168.1.5:http
ss dst 192.168.1.5:smtp
ss dst 192.168.1.5:443
Find out connection made by remote 123.1.2.100:http to our local virtual servers:
# ss dst 123.1.2.100:http

Sample outputs:

State      Recv-Q Send-Q                                             Local Address:Port                                                 Peer Address:Port
ESTAB      0      0                                                 75.126.153.206:http                                               123.1.2.100:35710
ESTAB      0      0                                                 75.126.153.206:http                                               123.1.2.100:35758
How Do I Matches Local Address And Port Numbers?
ss src ADDRESS_PATTERN
### find out all ips connected to nixcraft.com ip address 75.126.153.214 ###
## Show all ports connected to local 75.126.153.214##
ss src 75.126.153.214

## http (80) port only ##
ss src 75.126.153.214:http
ss src 75.126.153.214:80

## smtp (25) port only ##
ss src 75.126.153.214:smtp
ss src 75.126.153.214:25
How Do I Compare Local and/or Remote Port To A Number?
Use the following syntax:

## Compares remote port to a number ##
ss dport OP PORT

## Compares local port to a number ##
sport OP PORT
Where OP can be one of the following:

<= or le : Less than or equal to port
>= or ge : Greater than or equal to port
== or eq : Equal to port
!= or ne : Not equal to port
< or gt : Less than to port
> or lt : Greater than to port
Note: le, gt, eq, ne etc. are use in unix shell and are accepted as well.
Examples
###################################################################################
### Do not forget to escape special characters when typing them in command line ###
###################################################################################

ss  sport = :http
ss  dport = :http
ss  dport \> :1024
ss  sport \> :1024
ss sport \< :32000
ss  sport eq :22
ss  dport != :22
ss  state connected sport = :http
ss \( sport = :http or sport = :https \)
ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1/24