Tag Archives: Red Hat

Checking connections on a particular service

So lets say you want to see how many established connections we have on a particular port/service. Most of the people would use netstat, however I prefer ss.

On a Debian based system ss can be installed with the iproute package.

user@server: ~ $ sudo dpkg -S `which ss`
iproute: /sbin/ss
user@server: ~ $

On a Red Hat based system it will be installed with iproute too.

[user@redhat ~]# sudo rpm -qf `which ss`
[user@redhat ~]#

aptitude install iproute and yum install iproute will install the package on a Debian and Red Hat system respectively.

Now lets show some examples. Lets say we want to see how many established ssh connections there are.

[user@redhat ~]# sudo ss -t '( sport = :22 )'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 ::ffff: ::ffff:
ESTAB 0 0 ::ffff: ::ffff:
ESTAB 0 0 ::ffff: ::ffff:
ESTAB 0 0 ::ffff: ::ffff:
ESTAB 0 0 ::ffff: ::ffff:
ESTAB 0 0 ::ffff: ::ffff:
ESTAB 0 304 ::ffff: ::ffff:
ESTAB 0 0 ::ffff: ::ffff:
ESTAB 0 0 ::ffff: ::ffff:
ESTAB 0 0 ::ffff: ::ffff:
ESTAB 0 0 ::ffff: ::ffff:
[user@redhat ~]#

-t displays all TCP sockets

You can also substitute the port number by the name of the service that runs in it by default.

user@debian:~$ sudo ss -t '( sport = :mysql )'
State Recv-Q Send-Q Local Address:Port Peer Address:Port

To see all opened ports on the server use the -a option.

xavi@linode2:~$ sudo ss -t -a
State       Recv-Q Send-Q                   Local Address:Port       Peer Address:Port   
LISTEN      0      5                                    *:nrpe              *:*       
LISTEN      0      50                        *:*       
LISTEN      0      8                                    *:pop3              *:*       
LISTEN      0      8                                    *:imap2             *:*       
LISTEN      0      128                                 :::www              :::*       
LISTEN      0      128                                  *:ssh               *:*       
LISTEN      0      128                                 :::ssh              :::*       
LISTEN      0      100                                  *:smtp              *:*       
LISTEN      0      128                                 :::https            :::*       
TIME-WAIT   0      0               ::ffff:          ::ffff:   
ESTAB       0      0                   
ESTAB       0      48                     
TIME-WAIT   0      0               ::ffff:          ::ffff:   
TIME-WAIT   0      0               ::ffff:          ::ffff: 

I believe ss command is simpler to use but less known than netstat. Enjoy.