Troubleshooting sockets with ss
Connection State
You can use the --query
or -A
query addition to dump a sockets table. The magic word autobound
checks for ephemeral ports that sockets have attached themselves to. Prepare yourself for screeds of output, even on a quiet system. An abbreviated version of the output is shown in Listing 8.
Listing 8
ss -a -A all autobound
You can also filter by TCP states; for instance, the following command filters for sFTP traffic:
# ss state connected dport = :sftp
Anything treated as "current" in relation to the sFTP port is displayed promptly.
You can complicate the command a little more with a boolean operator:
# ss ( sport = :ftp or dport = :http )
You can even use ss to find connections that are in a specific TCP state, including the established
, syn-sent
, syn-recv
, fin-wait-1
, fin-wait-2
, time-wait
, closed
, close-wait
, last-ack
, listen
, and closing
.
The TCP state parameters let you do some very powerful querying. For example, checking for FIN--WAIT--1 states lets you identify whether your application has closed its side of a connection, but a remote host has not closed its side, thus tying up your machine's precious ports:
ss -o state fin-wait-1 '( sport = \ :ftp or sport = :http )' \ dst 10.10.3.3/24:22
Sso It Ends
The ss utility is a powerful tool that will help you query your network in significant detail. Ss is extremely high performance for both manual and automated queries, and it requires very few keystrokes to execute common commands.
This tiny but heroic tool helps flex the muscles of any sys admin. If you want to increase the power of your admin toolkit, try practicing some of the more complex commands in your day-to-day work.
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
News
-
Kali Linux 2019.1 Released
The favorite Linux distro of Mr. Robot gets the first update of 2019.
-
Linux Foundation Releases a New Draft of OpenChain Spec
OpenChain provides a standard for open source compliance throughout the software supply chain.
-
Linux Kernel Continues To Offer Mitigation for Spectre Mitigation
Kernel 4.19 has added another family of Spectre vulnerabilities to its list of mitigating the mitigation.
-
SpeakUp Trojan Targets Linux Servers
It’s exploiting a known vulnerability.
-
KDE Plasma 5.15 Beta Arrives
Major improvements to software management.
-
Canonical Announces Latest Ubuntu Core for IoT
Now offers 10 years of support.
-
GitHub Offers Free Private Repositories
Popular source code collaboration site makes a major change to feature set.
-
Linus Torvalds Welcomes 2019 with Linux 5.x
Better support for GPUs and CPUs.
-
Keep your edge with these powerful Linux administration tools:
Keep All Your Linux Servers in Check
Watching the Bad Guys with Cowrie
Become a certified Linux Admin professional with the Linux Professional Institute LPIC-1 Systems Administrator certification.
-
Microsoft Gets an Open Source Web Browser
The company will use Google Chromium web browser as the foundation for its next browser.