ss tool - alternative to netstat

By OK -
jenkins@ubuntu:~/.ssh$ ss -4 state listening
Netid Recv-Q Send-Q                           Local Address:Port                                            Peer Address:Port               
tcp   0      5                                    127.0.0.1:ipp                                                        *:*                    
tcp   0      50                                           *:39103                                                      *:*                    
tcp   0      1                                    127.0.0.1:32000                                                      *:*                    
tcp   0      50                                           *:9092                                                       *:*                    
tcp   0      50                                           *:44709                                                      *:*                    
tcp   0      128                                  127.0.0.1:4040                                                       *:*                    
tcp   0      25                                           *:9000                                                       *:*                    
tcp   0      50                                           *:45928                                                      *:*                    
tcp   0      128                                  127.0.0.1:4041                                                       *:*                    
tcp   0      50                                   127.0.0.1:9001                                                       *:*                    
tcp   0      50                                   127.0.0.1:38576                                                      *:*                    
tcp   0      5                                    127.0.1.1:domain                                                     *:*                   
jenkins@ubuntu:~/.ssh$

ss dst 192.168.1.139

With this knowledge, let's take a look at how we replicate the following netstat command:
[root@web01][01:29:57 PM][~]$ netstat -tlp
This command specifically is looking at TCP Listening Sockets, and listing the PID of the process utilizing the socket.  To get the same output out of ss, we would do the following:
[root@web01][01:29:57 PM][~]$ ss -tlp
You'll notice some distinct similarities here.  The only change is the name of the application we call with our shell.  The output is where things really get different.
[root@web01][01:29:57 PM][~]$ ss -tlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:memcache *:* users:(("memcached",pid=61424,fd=46))
LISTEN 0 128 *:ssh *:* users:(("sshd",pid=1672,fd=3))
LISTEN 0 100 127.0.0.1:smtp *:* users:(("master",pid=2337,fd=13))
LISTEN 0 128 127.0.0.1:smux *:* users:(("snmpd",pid=12442,fd=9))
("httpd",pid=24482,fd=4),("httpd",pid=19878,fd=4),("httpd",pid=7387,fd=4),("httpd",pid=7353,fd=4))
LISTEN 0 128 :::ssh :::* users:(("sshd",pid=1672,fd=4))
LISTEN 0 100 ::1:smtp :::* users:(("master",pid=2337,fd=14))
LISTEN 0 128 :::https :::* users:(("httpd",pid=60105,fd=6),("httpd",pid=60096,fd=6),("httpd",pid=47756,fd=6),("httpd",pid=45510,fd=6),("httpd",pid=44321,fd=6),("httpd",pid=35662,fd=6),("httpd",pid=31465,fd=6),("httpd",pid=24482,fd=6),("httpd",pid=19878,fd=6),("httpd",pid=7387,fd=6),("httpd",pid=7353,fd=6))
As you can see, this specific server is listening on both port 80 (http above) and port 443 (https above).  The huge difference comes with the fact that we are able to gather additional information regarding FD (file descriptors), individual PID's for each Apache process, and a local send/receive-Q status.  These may assist further in diagnostic work you may undertake.

So as to provide additional examples;

If you would like to view ALL listening sockets, you would type:
[root@web01][01:30:00 PM][~]$ ss -s
To display ALL open network ports, you would type:
[root@web01][01:40:36 PM][~]$ ss -l
To filter by connection state, for example if you wanted to see all connected HTTP sockets, you would type:
[root@web01][01:52:14 PM][~]$ ss -o state established '( dport = :http )'
Where :http in the example above is the name of the process for which you want to see established process statistics, and dport stands for destination port.  You can choose to change 'dport' in the above example to 'sport', if you're looking for outbound http connections

Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log ...
Read more

teamcity Automatic Agent Start under Linux

By OK -
Automatic Agent Start under Linux To run agent automatically on the machine boot under Linux, configure daemon process with the  agent.sh start  command to start it and  agent.sh stop  command to stop it. Refer to an example procedure below: 1. Navigate to the services start/stop services scripts directory: cd /etc/init.d/ 2. Open the build agent service script: sudo vim buildAgent 3. Paste the following into the file : #!/bin/sh ### BEGIN INIT INFO # Provides: TeamCity Build Agent # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start build agent daemon at boot time # Description: Enable service provided by daemon. ### END INIT INFO #Provide the correct user name: USER="agentuser" case "$1" in start) su - $USER -c "cd BuildAgent/bin ; ./agent.sh start" ;; stop) su - $USER -c "cd BuildAgent/bin ; ./agent....
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availabi...
Read more