136 lines
3.0 KiB
Markdown
136 lines
3.0 KiB
Markdown
|
# network troubleshooting using the `ss` (Socket Statistics)
|
||
|
|
|
||
|
|
## 1. Introduction to `ss`:
|
||
|
|
`ss` is a powerful utility for investigating sockets. It replaces the older `netstat` command and provides more detailed information about network connections.
|
||
|
|
|
||
|
|
## 2. Basic usage:
|
||
|
|
To display all connections:
|
||
|
|
```
|
||
|
|
ss
|
||
|
|
```
|
||
|
|
|
||
|
|
## 3. Common options:
|
||
|
|
- `-t`: Show TCP sockets
|
||
|
|
- `-u`: Show UDP sockets
|
||
|
|
- `-l`: Show only listening sockets
|
||
|
|
- `-a`: Show both listening and non-listening sockets
|
||
|
|
- `-n`: Don't resolve service names
|
||
|
|
- `-p`: Show process using the socket
|
||
|
|
|
||
|
|
## 4. Displaying TCP connections:
|
||
|
|
```
|
||
|
|
ss -t
|
||
|
|
```
|
||
|
|
|
||
|
|
## 5. Showing listening sockets:
|
||
|
|
```
|
||
|
|
ss -l
|
||
|
|
```
|
||
|
|
|
||
|
|
## 6. Combining options:
|
||
|
|
To show listening TCP sockets with process information:
|
||
|
|
```
|
||
|
|
ss -tlp
|
||
|
|
```
|
||
|
|
|
||
|
|
## 7. Filtering connections:
|
||
|
|
- By state:
|
||
|
|
```
|
||
|
|
ss state established
|
||
|
|
```
|
||
|
|
- By port:
|
||
|
|
```
|
||
|
|
ss sport = :80
|
||
|
|
```
|
||
|
|
- By IP address:
|
||
|
|
```
|
||
|
|
ss dst 192.168.1.1
|
||
|
|
```
|
||
|
|
|
||
|
|
## 8. Advanced filtering:
|
||
|
|
Use expressions for complex filters:
|
||
|
|
```
|
||
|
|
ss -t '( dport = :ssh or sport = :ssh )'
|
||
|
|
```
|
||
|
|
|
||
|
|
## 9. Displaying socket statistics:
|
||
|
|
```
|
||
|
|
ss -s
|
||
|
|
```
|
||
|
|
|
||
|
|
## 10. Checking for specific issues:
|
||
|
|
- High number of TIME_WAIT connections:
|
||
|
|
```
|
||
|
|
ss -t state time-wait | wc -l
|
||
|
|
```
|
||
|
|
- Connections in SYN-SENT state (potential connectivity issues):
|
||
|
|
```
|
||
|
|
ss -t state syn-sent
|
||
|
|
```
|
||
|
|
|
||
|
|
## 11. Investigating socket buffers:
|
||
|
|
```
|
||
|
|
ss -tm
|
||
|
|
```
|
||
|
|
|
||
|
|
## 12. Displaying timer information:
|
||
|
|
```
|
||
|
|
ss -to
|
||
|
|
```
|
||
|
|
|
||
|
|
## 13. Checking for UNIX domain sockets:
|
||
|
|
```
|
||
|
|
ss -x
|
||
|
|
```
|
||
|
|
|
||
|
|
## 14. Combining with other tools:
|
||
|
|
- Use with `grep` for specific searches:
|
||
|
|
```
|
||
|
|
ss -tuln | grep :80
|
||
|
|
```
|
||
|
|
- Pipe to `less` for easier navigation:
|
||
|
|
```
|
||
|
|
ss -tuna | less
|
||
|
|
```
|
||
|
|
|
||
|
|
## 15. Troubleshooting steps:
|
||
|
|
- a. Check for listening services:
|
||
|
|
```
|
||
|
|
ss -tlnp
|
||
|
|
```
|
||
|
|
- b. Verify established connections:
|
||
|
|
```
|
||
|
|
ss -tnp state established
|
||
|
|
```
|
||
|
|
- c. Look for connection attempts:
|
||
|
|
```
|
||
|
|
ss -tnp state syn-sent
|
||
|
|
```
|
||
|
|
- d. Investigate connection closures:
|
||
|
|
```
|
||
|
|
ss -tnp state time-wait
|
||
|
|
```
|
||
|
|
- e. Check for any unusual states or high connection counts
|
||
|
|
|
||
|
|
## 16. Performance considerations:
|
||
|
|
- Use `ss -i` to display TCP internal information
|
||
|
|
- Monitor retransmission rates and window sizes
|
||
|
|
|
||
|
|
## 17. Security checks:
|
||
|
|
- Look for unexpected listening ports
|
||
|
|
- Check for connections from unknown IP addresses
|
||
|
|
|
||
|
|
## 18. Debugging application issues:
|
||
|
|
- Use `-p` option to correlate sockets with processes
|
||
|
|
- Investigate socket states for hung connections
|
||
|
|
|
||
|
|
## 19. Network tuning:
|
||
|
|
- Use socket statistics to identify bottlenecks
|
||
|
|
- Adjust system parameters based on observed behavior
|
||
|
|
|
||
|
|
## 20. Scripting with `ss`:
|
||
|
|
- Use in shell scripts for automated monitoring
|
||
|
|
- Combine with `awk` or `sed` for custom output formatting
|
||
|
|
|
||
|
|
Remember that some `ss` commands may require root privileges to access all information. Always use caution when interpreting network data, especially in production environments.
|