How to See Linux TCP/UDP Network and Socket information
By Partho, Gaea News NetworkSaturday, September 19, 2009
After configuring services on the network in Linux system, it’s important for you to keep tabs on the ports that are actually listening on the system’s network interfaces. This is all more important because open ports are evidence of an intrusion. There are a Linux monitoring tools that will allow you the knowledge of open ports. There are some basic approaches for listing the ports that are listening on the network. Let’s have a look at one of the most easiest reliable ones.
We would like to show you the ss command to inspect the socket statistics. This is more reliable command that displays more TCP and state information than any other tools.
The ss command provides information about
- All TCP sockets.
- All UDP sockets.
- All established ssh / ftp / http / https connections.
- All local processes connected to X server.
- All the tcp sockets in state FIN-WAIT-1 and much more.
Have a look at various information that we can display using this command
To display Socket Summary type this in the terminal
# ss -s
Sample Output
Display all the open ports
# ss -l
Sample Output
To see the process names using open socket type this command
# ss -pl
Track who is responsible for opening socket/port
# ss -lp | grep <local address: port>
To show all the TCP sockets
# ss -t -a
To display all UDP sockets
# ss -u -a
Tags: Linux monitoring tools, Linux Socket Information, Linux system monitoring, Linux TCP Network, Linux UDP Network, The terminal