CMD ss
Jump to navigation
Jump to search
Shameless rip from https://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html
List currently established, closed, orphaned and waiting TCP sockets, enter:
ss -s
How to display all open network ports with ss command on Linux
ss -l
Type the following to see process named using open socket:
ss -pl
Look at resources related to a process
cd /proc/3772 ls -l
/proc/self
More
Display All TCP Sockets # ss -t -a Display All UDP Sockets # ss -u -a Display All RAW Sockets # ss -w -a Display All UNIX Sockets # ss -x -a Display All Established SMTP Connections # ss -o state established '( dport = :smtp or sport = :smtp )' Display All Established HTTP Connections # ss -o state established '( dport = :http or sport = :http )' Find All Local Processes Connected To X Server # ss -x src /tmp/.X11-unix/* List All The Tcp Sockets in State FIN-WAIT-1 List all the TCP sockets in state -FIN-WAIT-1 for our httpd to network 202.54.1/24 and look at their timers: # ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 202.54.1/24 How Do I Filter Sockets Using TCP States? The syntax is as follows: ## tcp ipv4 ## ss -4 state FILTER-NAME-HERE ## tcp ipv6 ## ss -6 state FILTER-NAME-HERE Where FILTER-NAME-HERE can be any one of the following, established syn-sent syn-recv fin-wait-1 fin-wait-2 time-wait closed close-wait last-ack listen closing all : All of the above states connected : All the states except for listen and closed synchronized : All the connected states except for syn-sent bucket : Show states, which are maintained as minisockets, i.e. time-wait and syn-recv. big : Opposite to bucket state. ss command examples Type the following command to see closing sockets: ss -4 state closing Recv-Q Send-Q Local Address:Port Peer Address:Port 1 11094 75.126.153.214:http 175.44.24.85:4669 How Do I Matches Remote Address And Port Numbers? Use the following syntax: ss dst ADDRESS_PATTERN ## Show all ports connected from remote 192.168.1.5## ss dst 192.168.1.5 ## show all ports connected from remote 192.168.1.5:http port## ss dst 192.168.1.5:http ss dst 192.168.1.5:smtp ss dst 192.168.1.5:443 Find out connection made by remote 123.1.2.100:http to our local virtual servers: # ss dst 123.1.2.100:http Sample outputs: State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 75.126.153.206:http 123.1.2.100:35710 ESTAB 0 0 75.126.153.206:http 123.1.2.100:35758 How Do I Matches Local Address And Port Numbers? ss src ADDRESS_PATTERN ### find out all ips connected to nixcraft.com ip address 75.126.153.214 ### ## Show all ports connected to local 75.126.153.214## ss src 75.126.153.214 ## http (80) port only ## ss src 75.126.153.214:http ss src 75.126.153.214:80 ## smtp (25) port only ## ss src 75.126.153.214:smtp ss src 75.126.153.214:25 How Do I Compare Local and/or Remote Port To A Number? Use the following syntax: ## Compares remote port to a number ## ss dport OP PORT ## Compares local port to a number ## sport OP PORT Where OP can be one of the following: <= or le : Less than or equal to port >= or ge : Greater than or equal to port == or eq : Equal to port != or ne : Not equal to port < or gt : Less than to port > or lt : Greater than to port Note: le, gt, eq, ne etc. are use in unix shell and are accepted as well. Examples ################################################################################### ### Do not forget to escape special characters when typing them in command line ### ################################################################################### ss sport = :http ss dport = :http ss dport \> :1024 ss sport \> :1024 ss sport \< :32000 ss sport eq :22 ss dport != :22 ss state connected sport = :http ss \( sport = :http or sport = :https \) ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1/24