ss command in RHEL7
NAME
ss - another utility to investigate sockets
ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state informations than other tools.
When no option is used ss displays a list of open non-listening sockets (e.g. TCP/UNIX/UDP) that have established connection.
[root@nsk ~]# ss -tpna | grep -i 25
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1198,fd=13))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=1198,fd=14))
Here,
-t, --tcp Display TCP sockets
-p, --processes Show process using socket
-n, --numeric Do not try to resolve service names
-a, --all Display both listening and non-listening (for TCP this means established connections) sockets
SS command example:
Display all TCP sockets[root@nsk ~]# ss -t -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:ssh *:*
LISTEN 0 100 127.0.0.1:smtp *:*
ESTAB 0 0 10.0.2.15:ssh 10.0.2.2:56004
ESTAB 0 0 10.0.2.15:ssh 10.0.2.2:55714
LISTEN 0 128 :::ssh :::*
LISTEN 0 100 ::1:smtp :::*
[root@nsk ~]#
Display all TCP sockets with process SELinux security contexts
[root@nsk ~]# ss -t -a -Z
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:ssh *:* users:(("sshd",pid=966,proc_ctx=system_u:system_r:sshd_t:s0-s0:c0.c1023,fd=3))
LISTEN 0 100 127.0.0.1:smtp *:* users:(("master",pid=1198,proc_ctx=system_u:system_r:postfix_master_t:s0,fd=13))
ESTAB 0 0 10.0.2.15:ssh 10.0.2.2:56004 users:(("sshd",pid=1329,proc_ctx=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023,fd=3))
ESTAB 0 0 10.0.2.15:ssh 10.0.2.2:55714 users:(("sshd",pid=1263,proc_ctx=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023,fd=3))
LISTEN 0 128 :::ssh :::* users:(("sshd",pid=966,proc_ctx=system_u:system_r:sshd_t:s0-s0:c0.c1023,fd=4))
LISTEN 0 100 ::1:smtp :::* users:(("master",pid=1198,proc_ctx=system_u:system_r:postfix_master_t:s0,fd=14))
Display all UDP sockets
[root@nsk ~]# ss -u -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:42417 198.55.111.50:ntp
ESTAB 0 0 10.0.2.15:39451 66.135.44.92:ntp
ESTAB 0 0 10.0.2.15:50903 198.60.22.240:ntp
ESTAB 0 0 10.0.2.15:51175 198.58.105.63:ntp
UNCONN 0 0 *:bootpc *:*
UNCONN 0 0 *:42307 *:*
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 :::42236 :::*
UNCONN 0 0 ::1:323 :::*
Display all established ssh connections.
[root@nsk ~]# ss -o state established '( dport = :ssh or sport = :ssh )'
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp 0 0 10.0.2.15:ssh 10.0.2.2:56004 timer:(keepalive,117min,0)
tcp 0 0 10.0.2.15:ssh 10.0.2.2:55714 timer:(keepalive,110min,0)
For more infor, please refer man ss.
No comments:
Post a Comment