ss tool - alternative to netstat

By OK -
jenkins@ubuntu:~/.ssh$ ss -4 state listening
Netid Recv-Q Send-Q                           Local Address:Port                                            Peer Address:Port               
tcp   0      5                                    127.0.0.1:ipp                                                        *:*                    
tcp   0      50                                           *:39103                                                      *:*                    
tcp   0      1                                    127.0.0.1:32000                                                      *:*                    
tcp   0      50                                           *:9092                                                       *:*                    
tcp   0      50                                           *:44709                                                      *:*                    
tcp   0      128                                  127.0.0.1:4040                                                       *:*                    
tcp   0      25                                           *:9000                                                       *:*                    
tcp   0      50                                           *:45928                                                      *:*                    
tcp   0      128                                  127.0.0.1:4041                                                       *:*                    
tcp   0      50                                   127.0.0.1:9001                                                       *:*                    
tcp   0      50                                   127.0.0.1:38576                                                      *:*                    
tcp   0      5                                    127.0.1.1:domain                                                     *:*                   
jenkins@ubuntu:~/.ssh$

ss dst 192.168.1.139

With this knowledge, let's take a look at how we replicate the following netstat command:
[root@web01][01:29:57 PM][~]$ netstat -tlp
This command specifically is looking at TCP Listening Sockets, and listing the PID of the process utilizing the socket.  To get the same output out of ss, we would do the following:
[root@web01][01:29:57 PM][~]$ ss -tlp
You'll notice some distinct similarities here.  The only change is the name of the application we call with our shell.  The output is where things really get different.
[root@web01][01:29:57 PM][~]$ ss -tlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:memcache *:* users:(("memcached",pid=61424,fd=46))
LISTEN 0 128 *:ssh *:* users:(("sshd",pid=1672,fd=3))
LISTEN 0 100 127.0.0.1:smtp *:* users:(("master",pid=2337,fd=13))
LISTEN 0 128 127.0.0.1:smux *:* users:(("snmpd",pid=12442,fd=9))
("httpd",pid=24482,fd=4),("httpd",pid=19878,fd=4),("httpd",pid=7387,fd=4),("httpd",pid=7353,fd=4))
LISTEN 0 128 :::ssh :::* users:(("sshd",pid=1672,fd=4))
LISTEN 0 100 ::1:smtp :::* users:(("master",pid=2337,fd=14))
LISTEN 0 128 :::https :::* users:(("httpd",pid=60105,fd=6),("httpd",pid=60096,fd=6),("httpd",pid=47756,fd=6),("httpd",pid=45510,fd=6),("httpd",pid=44321,fd=6),("httpd",pid=35662,fd=6),("httpd",pid=31465,fd=6),("httpd",pid=24482,fd=6),("httpd",pid=19878,fd=6),("httpd",pid=7387,fd=6),("httpd",pid=7353,fd=6))
As you can see, this specific server is listening on both port 80 (http above) and port 443 (https above).  The huge difference comes with the fact that we are able to gather additional information regarding FD (file descriptors), individual PID's for each Apache process, and a local send/receive-Q status.  These may assist further in diagnostic work you may undertake.

So as to provide additional examples;

If you would like to view ALL listening sockets, you would type:
[root@web01][01:30:00 PM][~]$ ss -s
To display ALL open network ports, you would type:
[root@web01][01:40:36 PM][~]$ ss -l
To filter by connection state, for example if you wanted to see all connected HTTP sockets, you would type:
[root@web01][01:52:14 PM][~]$ ss -o state established '( dport = :http )'
Where :http in the example above is the name of the process for which you want to see established process statistics, and dport stands for destination port.  You can choose to change 'dport' in the above example to 'sport', if you're looking for outbound http connections

Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log global mode http option httplog option dontlognull         contimeout 5000    
Read more

tomcat catalina coyote jasper cluster

By OK -
Tomcat Component are Catalina Coyote Jasper Cluster Catalina :  Catalina is the name of the servlet container of Apache Tomcat since version 4.x. Tomcat implements Sun Microsystems' specifications for servlet and JavaServer Pages (JSP), which are important Java-based Web technologies. Tomcat's servlet container was redesigned as Catalina in Tomcat version 4.x. other components of the Tomcat engine are: Tomcat Jasper which converts the code portions within JavaServer Pages into servlets and pass them to Catalina to process. Tomcat Coyote which is an HTTP connector based on HTTP/1.1 specifications that receives and transmits web requests to the Tomcat engine by listening to a TCP/IP port and returns requests back to the requesting client. Coyote :  The Coyote JK Connector element represents a Connector component that communicates with a web connector via the JK protocol (also known as the AJP protocol). This is used for cases where you wish to invisibly integr
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availability ssh   ports:   protocols:   masquera
Read more