linux-network-performance

Posted on Edited on In ,

Overview

socket

There are two popular tools for inspecting the socket states (netstat and ss)

netstat gets its information from /proc/net directly. It parses the file and prints out information based on it.

ss was written more recently to use the netlink API (it will fall back to proc/net if netlink is unavailable). The information in both systems is essentially the same, but netlink API exposes more information than procfs. so try to use ss for socket stats if it’s available.

NOTE: netstat provides other info except socket statistics, like routing table etc.

ss command

The ss command shows socket information, pretty much like netstat does. but use netlink API, with more details, ss always shows socket with Local address and Remote address even for unix socket!!!

options

  • –n, –numeric don’t resolve service names
  • -r, –resolve : resolve host hostnames.
  • -l, –listening display listening sockets
  • -o, –options show timer information
  • -e, –extended show detailed socket information
  • -m, –memory show socket memory usage
  • -p, –processes show process using socket
  • –s, –summary show socket usage summary
  • -N, –net switch to the specified network namespace name
  • -t, –tcp display only TCP sockets
  • -u, –udp display only UDP sockets
  • -w, –raw display only RAW sockets
  • -x, –unix display only Unix domain sockets
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# Show all listing tcp sockets including the corresponding process

$ ss -tlp

# check unix socket
# Local Address:Port    /var/lib/openvswitch/port-d3f1ehosfc -565918981
# Peer Address:Port     * -564914601 
$ ss -xp | grep port-d3f1ehosfc
Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port
u_str  ESTAB      0      0      /var/lib/openvswitch/port-d3f1ehosfc -565918981            * -564914601            users:(("qemu-kvm",pid=26495,fd=24))

# get its peer
$ ss -xp | grep 564914601
u_str  ESTAB      0      0       * -564914601            * -565918981            users:(("ovs-vswitchd",pid=85046,fd=187))
u_str  ESTAB      0      0      /var/lib/openvswitch/port-d3f1ehosfc -565918981            * -564914601            users:(("qemu-kvm",pid=26495,fd=24))

##################### Filter #################################
# Show all sockets connecting to 192.168.1.10 on port 443
# ss [option] dst [IP Address]
$ ss -t dst 192.168.1.10:443

# Show all ssh related connection
# ss [option] [state] [name of the socet state]
# ss [option] dport = :[port number]
# ss [option] sport = :[port number]
# ss [option] '( dport = :[port number] or sport = :[port number] )'
$ ss -lt sport = :22
$ ss -t state established '( dport = :ssh or sport = :ssh )'

##################### Filter #################################

# memory and backlog size
$ ss -ltm

lsof

The lsof utility shows all the currently active file handles(open file) on the system.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# which process(es) open this file
$ lsof /some/file

# total sockets opened by a process
$ lsof -p <PID>

# show number ports opened by a process
# -P to show port number instead of its common name
$ lsof -p <PID> -P

# total sockets opened by a givn user
$ lsof -u <USERNAME>

# other useful command like 
# who opens port 80
# who opens tcp/udp socket
$ lsof -i :80

# show host and port with ip not name
# show all open tcp ports or udp ports
$ lsof -i tcp -P
$ lsof -i udp -P

Ref