CIS 228



Socket Scan (ss)

The ss command is used to show socket statistics. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and more. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compared to netstat) tool for tracking TCP connections and sockets. SS can provide information about:

• All TCP sockets.

• All UDP sockets.

• All established ssh / ftp / http / https connections.

• All local processes connected to X server.

• Filtering by state (such as connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), addresses and ports.

• All the tcp sockets in state FIN-WAIT-1 and much more.

Some Linux distro considered the nestat command as deprecated and therefore should be phased out in favor of more modern replacements such as ss command. Most Linux distributions shipped with ss and many monitoring tools. Being familiar with this tool helps enhance your understanding of what’s going on in the system sockets and enables you to find the possible causes of a performance problem.

Ss options

1) ss -s

2) ss -l

3) ss -ta dumps all TCP socket

4) ss -ua dumps all UDP sockets

5) ss -wa dumps all RAW sockets

6) ss -xa dumps all UNIX sockets

7) ss -4a dumps all IPV4 sockets

8) ss -6a dumps all IPV6 sockets

9) ss -o state established '( dport = :smtp or sport = :smtp )'

10) ss -o state established '( dport = :http or sport = :http )'

11) ss dst 192.168.1.5(:port #)

12) ss src 75.126.153.214(:port #)

13) ss dport OP PORT

14) ss sport OP PORT

= or ge : Greater than or equal to port

== or eq : Equal to port

!= or ne : Not equal to port

< or gt : Less than to port

> or lt : Greater than to port

Note: le, gt, eq, ne etc. are use in unix shell and are accepted as well.

15) ss sport = :http

16) ss dport = :http

ss -4 (or -6) state FILTER-NAME-HERE

established

syn-sent

syn-recv

fin-wait-1

fin-wait-2

time-wait

closed

close-wait

last-ack

listen

closing

all : All of the above states

connected : All the states except for listen and closed

synchronized : All the connected states except for syn-sent

bucket : Show states, which are maintained as minisockets, i.e. time-wait and syn-recv.

big : Opposite to bucket state.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.