In the Linux operating system, multiple methods can be used to check all open sockets. The following are three commonly used approaches:
1. Using the ss Command
The ss (Socket Statistics) command is a highly practical tool for examining socket-related information. It displays details such as open network connections, routing tables, and interface statistics. This command is faster than the traditional netstat command because it retrieves data directly from the kernel.
Example Command:
ss -tulwn
Parameter Explanation:
-t: Displays TCP sockets.-u: Displays UDP sockets.-l: Shows sockets in listening state (only those waiting for incoming connections).-w: Displays raw sockets.-n: Shows port numbers without resolving service names.
This command lists all sockets in various states, including listening and non-listening sockets.
2. Using the netstat Command
Although ss is a more modern option, netstat remains a traditional tool commonly used on older Linux systems. It provides information on network connections, routing tables, interface statistics, and spoofed connections.
Example Command:
netstat -auntp
Parameter Explanation:
-a: Displays all sockets.-u: Displays UDP sockets.-n: Shows host and port numbers in numeric form.-t: Displays TCP sockets.-p: Shows the program that opened the socket.
3. Using the /proc File System
The Linux /proc filesystem contains extensive system state information, with files under the net directory providing detailed network stack data.
Example Command:
cat /proc/net/tcp cat /proc/net/udp
These files offer detailed information about current TCP and UDP sockets, though the output is in hexadecimal and protocol-specific formats, requiring parsing for full understanding.
Summary
When inspecting open sockets in Linux, ss and netstat are the most direct and commonly used commands. For advanced users needing lower-level or more detailed data, examining the /proc filesystem is recommended. In practice, select the appropriate tools and parameters based on specific requirements.