Linux list connections process

List all internet connections

I’d like to know all the connections my system is making to the internet. I tried netstat but that shows a lot of connections — all of which aren’t applicable I think. Can it be displayed like top does for processes ? I’m a little security conscious and would like to know all the incoming and outgoing connections happening on my system.

2 Answers 2

Using netstat

netstat by itself monitors all major protocols including TCP and UDP on every port.

If you want to display TCP and UDP connections:

If you want to display that continously:

Similar to top :

  1. nethogs — shows a list of the top processes that use bandwidth
  2. jnettop — shows list of top connections
  3. iftop — shows list of top connections with bandwidth bars

GUI Interface (just in case):

You may try ss as well, it’s more advanced than netstat .

List all TCP connections (including those with non-established state, e.g. SYN-SENT , LISTEN , and TIME-WAIT ). Read more about TCP states transition in RFC793.

State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 4096 127.0.0.1:5672 0.0.0.0:* ESTAB 0 0 192.168.1.4:57310 35.157.63.229:443 ESTAB 0 0 127.0.0.1:43764 127.0.0.1:8080 CLOSE-WAIT 1 0 192.168.1.4:34554 142.250.186.33:443 CLOSE-WAIT 1 0 192.168.1.4:34564 142.250.186.33:443 

Include information about the owner process of the connections (e.g., process name and PID)

Display all established SSH connections.

List all the TCP sockets in state FIN-WAIT-1 for network 193.233.7/24 and look at their timers with —options , which shows timer information.

Источник

How to list all the current network connections for a given PID?

but this does not seem to work. I need a command that will take that PID and print all the open network connections but I have no idea how. I have seen on other forms about strace but this does not make sense to me.

Читайте также:  Расширить существующий диск linux

4 Answers 4

If you’re not root , you’ll only be able to get that for your processes.

Technically, that’s only for the internet sockets (connected or not).

If you want all established connections (or associations), internet or not (like for Unix domain sockets), you could try (at least on Linux and with lsof 4.89):

lsof -Ep "$pid" | grep -e '(ESTABLISHED)$' -e '->INO=.* ' 

For instance, for the process I use to write this answer, that gives:

firefox 6261 chazelas 3u unix 0xffff88026785d000 0t0 741948 type=STREAM ->INO=743009 4244,dbus-daem,58u firefox 6261 chazelas 4u unix 0xffff88017194c000 0t0 741280 type=STREAM ->INO=742999 3575,Xorg,57u firefox 6261 chazelas 6u unix 0xffff8802f544d400 0t0 743000 type=STREAM ->INO=741281 4244,dbus-daem,56u firefox 6261 chazelas 11u unix 0xffff8802f544e800 0t0 743004 type=STREAM ->INO=737278 4167,cinnamon-,21u firefox 6261 chazelas 14u unix 0xffff8801474b3c00 0t0 737279 type=STREAM ->INO=737280 6261,firefox,15u firefox 6261 chazelas 15u unix 0xffff8801474b7c00 0t0 737280 type=STREAM ->INO=737279 6261,firefox,14u firefox 6261 chazelas 34u unix 0xffff8801d0d01800 0t0 741294 type=STREAM ->INO=743006 4244,dbus-daem,57u firefox 6261 chazelas 45u IPv4 741950 0t0 TCP UNKNOWN:44232->host24-rangeA-akamai-aanp.cdn.thlon.isp.sky.com:http (ESTABLISHED) firefox 6261 chazelas 53u unix 0xffff880178356800 0t0 741947 type=STREAM ->INO=743008 3575,Xorg,56u firefox 6261 chazelas 60u IPv4 743011 0t0 TCP UNKNOWN:52760->a95-101-128-57.deploy.akamaitechnologies.com:http (ESTABLISHED) firefox 6261 chazelas 73u IPv4 742158 0t0 TCP UNKNOWN:54674->lhr35s01-in-f14.1e100.net:http (ESTABLISHED) firefox 6261 chazelas 87u IPv4 743521 0t0 TCP UNKNOWN:33564->stackoverflow.com:https (ESTABLISHED) firefox 6261 chazelas 91u IPv4 743522 0t0 TCP UNKNOWN:53940->93.184.220.29:http (ESTABLISHED) firefox 6261 chazelas 92u IPv4 742153 0t0 TCP UNKNOWN:36836->151.101.65.69:https (ESTABLISHED) firefox 6261 chazelas 94u IPv4 742154 0t0 TCP UNKNOWN:33716->192.0.73.2:https (ESTABLISHED) firefox 6261 chazelas 96u IPv4 742157 0t0 TCP UNKNOWN:51166->lhr26s04-in-f234.1e100.net:https (ESTABLISHED) firefox 6261 chazelas 113u IPv4 744875 0t0 TCP UNKNOWN:43262->lhr35s01-in-f1.1e100.net:https (ESTABLISHED) 

Источник

12 ss Command Examples to Monitor Network Connections

ss command is a tool that is used for displaying network socket related information on a Linux system. The tool displays more detailed information that the netstat command which is used for displaying active socket connections.

In this guide, we delve in and see how the ss command can be used to display varied socket connection information in Linux.

1. Listing all Connections

The basic ss command without any options simply lists all the connections regardless of the state they are in.

List All Connections in Linux

2. Listing Listening and Non-listening Ports

You can retrieve a list of both listening and non-listening ports using the -a option as shown below.

List All Ports in Linux

3. Listing Listening Sockets

To display listening sockets only, use the -l flag as shown.

List Listening Sockets in Linux

4. List all TCP Connections

To display all TCP connection, use the -t option as shown.

List TCP Connections in Linux

5. List all Listening TCP Connections

To have a view of all the listening TCP socket connection use the -lt combination as shown.

List Listening TCP Connections in Linux

6. List all UDP Connections

To view all the UDP socket connections use the -ua option as shown.

Читайте также:  Steam вылетает при запуске linux

List UDP Socket Connections in Linux

7. List all Listening UDP Connections

To list listening UDP connections use the -lu option.

List Listening UDP Connections in Linux

8. Display PID (Process IDs) of Sockets

To display the Process IDs related to socket connections, use the -p flag as shown.

Find Process ID of Sockets in Linux

9. Display Summary Statistics

To list the summary statistics, use the -s option.

Find Summary Statistics

10. Display IPv4 and IPv6 Socket Connections

If you are curious about the IPv4 socket connections use the -4 option.

Find IPv4 Socket Connections in Linux

To display IPv6 connections, use the -6 option.

Find IPv6 Socket Connections in Linux

11. Filter Connections by Port Number

ss command also lets you filter socket port number or address number. For example, to display all socket connections with a destination or source port of ssh run the command.

$ ss -at '( dport = :22 or sport = :22 )'

Filter Connections by Port Number

Alternatively, you can run the command.

$ ss -at '( dport = :ssh or sport = :ssh )'

Filter Connections by Service

12. Check Man Pages for ss Command

To get more insights into the ss command usage, check the man pages using the command.

Find ss Command Usage and Options

Those are some of the commonly used options that are used with ss command. The command is considered more superior to netstat command and provide detailed information about network connections.

Источник

Top 14 SS Command Examples to Monitor Socket Connections

SS is a command line tool that displays socket statistics and monitor network connections of a Linux system. It has replaced the netstat command which has now been deprecated. The ss command is much faster and prints more detailed network statistics than the netstat command. In this guide, we focus on the how to use ss command to monitor socket connections on a Linux system.

1) View all socket connections (ss)

In its basic form, without any arguments, the ss command displays all the socket or network connections (TCP/UDP/UNIX) as shown:

ss-command-output-without-agruments

To make it easier to view the output, you can pipe the output to less as shown.

2) View TCP / UDP socket connections

The ss command comes with a myriad of options that you can pass to view different statistics. For example, to view TCP scoket connections only, pass the -t option only as shown.

view-tcp-network-connection-ss-command

To filter out UDP connections, pass the -ua option as shown.

UDP-Network-Connection-ss-command

3) View all listening sockets (ss -l)

To get a glimpse of all the listening sockets, – which are usually omitted by default, use the -l option.

List-all-listening-sockets-ss-command

4) View all listening TCP socket connections (ss -lt)

To narrow down the search results and list only the TCP listening connections, use the -lt option .

List-all-tcp-listening-sockets-ss-command

5) View all listening UDP socket connections (ss -lu)

For UDP listening connections, pass the -lu option as shown. In most cases, the listening UDP connections will be fewer than TCP connections

List-all-udp-listening-sockets-ss-command

6) View all the listening and non-listening sockets (ss -a)

The -a option will print out all the connected and non-listening sockets on your Linux system as shown.

Читайте также:  Ubuntu linux для планшетов

Listening-NonListening-Socket-Connections-ss-command

7) List IPv4 and Ipv6 socket connections

To have a peek at the current IPv4 socket connections use the -4 option .

Ipv4-Socket-Session-ss-command

For IPv6, pass the -6 argument .

[email protected]:~$ ss -6 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port icmp6 UNCONN 0 0 *:ipv6-icmp *:* [email protected]:~$

8) List Summary of all socket connections (ss -s)

If you want to just view the overall statistics of the socket connections including the number of TCP & UDP, IPv4 and IPv6 connections simply pass -s option as shown. This prints out the results in a tabular format.

Socket-Connections-summary-ss-command

9) Filter connections by port number

You can also decide to filter connections by the port number. For instance, in the example below, we have filtered connections lined to SSH port 22

$ ss -at '( dport = :22 or sport = :22 )'

Filter-Socket-Connections-ss-command

10) List socket connections without resolving hostname (ss -nt)

By default, ss command tries to resolve ip address into the hostname. In case you want ss command to prevent ip address to hostname resolution then use ‘-n’ option , example is shown below:

[email protected]:~$ ss -nt State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.1.80:22 192.168.1.3:53155 ESTAB 0 36 192.168.1.80:22 192.168.1.3:53152 [email protected]:~$

11) List process name and pid for socket connections (ss -p)

Use ‘-p’ option in ss command to list the process name and pid associated to the network connections. Example is shown below,

Socket-Connection-Process-Name-PID

12) Extended output of socket connections (ss -e)

Use ‘-e’ option in ss command to display the extended output of socket connections. Extended output will display the uid of the socket, socket’s inode number and uuid of the socket.

Run below command to list the extended tcp listening sockets.

Extended-socket-connection-details

For UDP extended socket connection details, run

13) View memory usage of socket connections (ss -m)

Use -m option in ss command to view how much memory is consumed by a socket connection.

Socket memory format would look like below:

Socket-Memory-Usage-Format

Below command will display the memory usage of tcp connections.

TCP-Socket-Memory-Usage-ss-command

14) Kill IPv4 / IPv6 Socket Connection (ss -k)

ss command can terminate or kill ipv4 & ipv6 socket connection forcefully using -k option . Let’s suppose we want to kill ipv4 ssh socket connection.

[email protected]:~$ ss -4 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp ESTAB 0 0 192.168.1.80:ssh 192.168.1.3:53155 tcp ESTAB 0 36 192.168.1.80:ssh 192.168.1.3:53152 [email protected]:~$

To terminate the 2nd ssh session, use below ss command,

[email protected]:~$ sudo ss -K dst 192.168.1.3 dport = 53152

For more options on the ss command usage, visit the man pages as shown.

This wraps up our guide today. Hopefully, you can now use the ss command confidently to view your socket connections. Thanks for taking your time, and as always, we appreciate your feedback

Источник

Оцените статью
Adblock
detector