How to See Linux TCP/UDP Network and Socket information

By Partho, Gaea News Network
Saturday, September 19, 2009

linux-operating-system3After configuring services on the network in Linux system, it’s important for you to keep tabs on the ports that are actually listening on the system’s network interfaces. This is all more important because open ports are evidence of an intrusion. There are a Linux monitoring tools that will allow you the knowledge of open ports. There are some basic approaches for listing the ports that are listening on the network. Let’s have a look at one of the most easiest reliable ones.

We would like to show you the ss command to inspect the socket statistics. This is more reliable command that displays more TCP and state information than any other tools.

The ss command provides information about

  • All TCP sockets.
  • All UDP sockets.
  • All established ssh / ftp / http / https connections.
  • All local processes connected to X server.
  • All the tcp sockets in state FIN-WAIT-1 and much more.

Have a look at various information that we can display using this command

To display Socket Summary type this in the terminal

# ss -s

Sample Output

ss

Display all the open ports

# ss -l

Sample Output

ss2

To see the process names using open socket type this command

# ss -pl

Track who is responsible for opening socket/port

# ss -lp | grep <local address: port>

To show all the TCP sockets

# ss -t -a

To display all UDP sockets

# ss -u -a

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :