SCAR-iT/LWM-Linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
LWM-Linux/12 - Network Configuration and Troubleshooting/Network Troubleshooting (ss).md

3.0 KiB
Raw Blame History

network troubleshooting using the ss (Socket Statistics)

1. Introduction to ss:

ss is a powerful utility for investigating sockets. It replaces the older netstat command and provides more detailed information about network connections.

2. Basic usage:

To display all connections:

ss

3. Common options:

  • -t: Show TCP sockets
  • -u: Show UDP sockets
  • -l: Show only listening sockets
  • -a: Show both listening and non-listening sockets
  • -n: Don't resolve service names
  • -p: Show process using the socket

4. Displaying TCP connections:

ss -t

5. Showing listening sockets:

ss -l

6. Combining options:

To show listening TCP sockets with process information:

ss -tlp

7. Filtering connections:

  • By state: 
    ss state established
  • By port: 
    ss sport = :80
  • By IP address: 
    ss dst 192.168.1.1

8. Advanced filtering:

Use expressions for complex filters:

ss -t '( dport = :ssh or sport = :ssh )'

9. Displaying socket statistics:

ss -s

10. Checking for specific issues:

- High number of TIME_WAIT connections:
  ```
  ss -t state time-wait | wc -l
  ```
- Connections in SYN-SENT state (potential connectivity issues):
  ```
  ss -t state syn-sent
  ```

11. Investigating socket buffers:

ss -tm

12. Displaying timer information:

ss -to

13. Checking for UNIX domain sockets:

ss -x

14. Combining with other tools:

  • Use with grep for specific searches: 
    ss -tuln | grep :80
  • Pipe to less for easier navigation: 
    ss -tuna | less

15. Troubleshooting steps:

  • a. Check for listening services: ss -tlnp
  • b. Verify established connections: ss -tnp state established
  • c. Look for connection attempts: ss -tnp state syn-sent
  • d. Investigate connection closures: ss -tnp state time-wait
  • e. Check for any unusual states or high connection counts

16. Performance considerations:

- Use `ss -i` to display TCP internal information
- Monitor retransmission rates and window sizes

17. Security checks:

- Look for unexpected listening ports
- Check for connections from unknown IP addresses

18. Debugging application issues:

- Use `-p` option to correlate sockets with processes
- Investigate socket states for hung connections

19. Network tuning:

- Use socket statistics to identify bottlenecks
- Adjust system parameters based on observed behavior

20. Scripting with ss:

- Use in shell scripts for automated monitoring
- Combine with `awk` or `sed` for custom output formatting

Remember that some ss commands may require root privileges to access all information. Always use caution when interpreting network data, especially in production environments.