Friday, August 30, 2013

Resource Management : Socket Statistics

“ss” command is another very useful command available in Linux. The “ss” command is used to show socket statistics. Statistics for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets can be seen using the ss command. This command is much similar to netstat command in linux. The command displays the list of all socket and port status and related information's.

Basic Example

Dev:vx11aaa:jbs002-~ $ ss -s
Total: 186 (kernel 218)
TCP: 73 (estab 20, closed 13, orphaned 0, synrecv 0, timewait 1/0), ports 54

Transport Total IP IPv6
*              218    -   -
RAW          0      0   0
UDP         17      9   8
TCP         60     52   8
INET        77     61 16
FRAG       0       0    0

From the above output ,we can see the established , closed ,orphaned and many more details divided by the protocol family.

Display All Open Network Ports
Dev:vx11aaa:jbs002-~ $ ss -l
Recv-Q Send-Q Local Address:Port                               Peer Address:Port
0           0                  :::48578                                      :::*

See the Process Using the Sockets
Dev:vx11aaa:jbs002-~ $ ss -pl
Recv-Q  Send-Q   Local Address:Port            Peer Address:Port
0           0             :::48578                          :::*  users:(("java",32506,12))

In the above out put we can see both the Open Ports as well as the process that is using that (in this case a Java process

Find out who is responsible for opening socket / port
Dev:vx11aaa:jbs002-~ $ ss -lp | grep 10012( )
0        0                :::10012               :::*     users:(("java",32506,67))

connected host's
Dev:vx11aaa:jbs002-~ $ ss -r
State  Recv-Q  Send-Q Local Address:Port    Peer Address:Port
ESTAB   0           0        vx1379:8629    
ESTAB   0           0        vx1379:24035  

Socket Memory usage
Dev:vx11aaa:jbs002-~ $ ss -m
State   Recv-Q Send-Q Local Address:Port          Peer Address:Port
ESTAB  0          0 mem:(r0,w0,f0,t0)
ESTAB  0          0 mem:(r0,w0,f0,t0)

r represents the read (inbound) buffer
w represents the write (outbound) buffer
f represents the "forward allocated memory" (memory available to the socket)
t represents the transmit queue (stuff waiting to be sent or waiting on an ACK)

ss -t -a dumps all TCP sockets
ss -u -a dumps all UDP sockets
ss -w -a dumps all RAW sockets
ss -x -a dumps all UNIX sockets

as we said earlier , ss is almost equal to netstat command but it provides a lot more than netstat like the filtering capabilities.

“Ss” allows to filter socket states, using keywords state and exclude, followed by some state identifier.

State identifier are standard TCP state names

Find all the Established Ports
Dev:vx11aaa:jbs002-~ $ ss -o state established ( )
Recv-Q Send-Q Local Address:Port                               Address:Port
0           0                 

Where FILTER-NAME can be any from the below list,
all : All of the above states
connected : All the states except for listen and closed
synchronized : All the connected states except for syn-sent
bucket : Show states, which are maintained as mini sockets, i.e. time-wait and syn-recv.
big : Opposite to bucket state.

For example , to dump all tcp sockets except TIME_WAIT:
Dev:vx11aaa:jbs002-~ $ ss exclude TIME_WAIT

Mapping of PID to Port
Dev:vx11aaa:jbs002-~ $ ss -p -l '( sport = :10012 )'
Recv-Q  Send-Q                Local Address:Port                 Peer Address:Port
0           0                         :::10012                  :::* users:(("java",32506,67))

How to list all unique ip address currently connected to a specific port?
ss -o state established '( dport = :10012 )'|awk -F"[\t :]+" 'NR!=1{ ip[$5]+=1 } END{ for (i in ip){n++};print n }'

User ID Information's
Dev:vx11aaa:jbs002-~ $ ss -e | head
State    Recv-Q    Send-Q         Local Address:Port      Peer Address:Port
ESTAB   0            0         ino:24265172 sk:f28c4080ffff8800
ESTAB   0           0          ino:22405856 sk:9e954080ffff8800
ESTAB   0           0          uid:7281 ino:24335602 sk:9e955340ffff8800
ESTAB  0            0         uid:7281 ino:24334169 sk:62d6e080ffff8800

More To Come On Advanced Socket Management With ss. Stay Tuned