لینوکس و شبکه

لینوکس و شبکه
طبقه بندی موضوعی
آخرین مطالب
  • ۹۹/۱۱/۱۳
    java

۳ مطلب با کلمه‌ی کلیدی «internet protocol» ثبت شده است

۱۴
اسفند

 

 

Show address:

ip: show commands:

  • ip help                                    ---> #Display ip commands and arguments
  • ip -4 a                                     ---> #Only show TCP/IP IPv4
  • ip -6 a                                     ---> #Only show TCP/IP IPv6
  • ip a list eth0                           ---> #Only show eth0 interface
  • ip a show dev eth0                 ---> #Only show eth0 interface
  • ip a show eth0                        ---> #Only show eth0 interface

addr: Display IP Addresses and property information(abbreviation of address)

  • ip addr                                    ---> #Show information for all addresses
  • ip addr help                            ---> #Display address commands and arguments
  • ip addr show dev eth0            ---> #Display information only for device

link: Manage and display the state of all network interfaces

  • ip link help                             ---> #Display link commands and arguments
  • ip link ls up                            ---> #Only show running interfaces
  • ip link show dev eth0             ---> #Display information only for device eth0
  • ip link                                     ---> #Show information for all interfaces
  • ip -s link                                 ---> #Display interface statistics
  • ip -s -s link ls eth0                  ---> #get information about a particular network interface
  • ip link set eth0 up                   ---> #Bring eth0 online
  • ip link set eth0 down              ---> #Bring eth0 offline
  • ip link set eth0 promisc on     ---> #Enable promiscuous mode for eth0
 

Add or Delete Address:

  • ip a add {ip_addr/mask} dev {interface}                             ---> #The syntax is as follows to add an IPv4/IPv6 address
  • ip a del {ipv6_addr_OR_ipv4_addr} dev {interface}          ---> The syntax is as follows to remove an IPv4/IPv6 address:
  • ip addr add 192.168.1.1/24 dev eth0                                   ---> #Add address 192.168.1.1 with netmask 24 to device eth0
  • ip a add 192.168.1.200/255.255.255.0 dev eth0                   ---> To assign 192.168.1.200/255.255.255.0 to eth0
  • ip a add 192.168.1.200/24 dev eth0                                     ---> To assign 192.168.1.200/255.255.255.0 to eth0
  • ip addr del 192.168.1.1/24 dev eth0                                     ---> #Remove address 192.168.1.1/24 from device eth0
  • ip a del 192.168.1.200/24 dev eth0                                       ---> To delete 192.168.1.200/24 from eth0

 


neigh

neigh : ARP, Show neighbour objects; also known as the ARP table for IPv4

  • ip neigh                                                                                    ---> #Display neighbour objects(Show neighbour objects; also known as the ARP table for IPv4)
  • ip neigh help                                                                           ---> #Display neighbour commands and arguments
  • ip neighbour                                                                            ---> #View the MAC address of the devices connected in your LAN
  • ip neigh show dev eth0                                                            ---> #Show the ARP cache for device eth0
  • ip neigh add 192.168.1.1 lladdr 1:2:3:4:5:6 dev eth0              ---> #Add address 192.168.1.1 with MAC 1:2:3:4:5:6 to eth0
  • ip neigh del 192.168.1.1 dev eth0                                            ---> #Invalidate the entry for 192.168.1.1 on eth0
  • ip neigh replace 192.168.1.1 lladdr 1:2:3:4:5:6 dev eth0         ---> #Replace the entry for address 192.168.1.1 to use MAC 1:2:3:4:5:6 on eth0
  • ip n show                                                                                  ---> #Display neighbour/arp cache
  • ip neigh show                                                                            ---> #Display neighbour/arp cache

Sample outputs (note: masked out some data with alphabets):

74.xx.yy.zz dev eth1 lladdr 00:30:48:yy:zz:ww REACHABLE

10.10.29.66 dev eth0 lladdr 00:30:48:c6:0a:d8 REACHABLE

74.ww.yyy.xxx dev eth1 lladdr 00:1a:30:yy:zz:ww REACHABLE

10.10.29.68 dev eth0 lladdr 00:30:48:33:bc:32 REACHABLE

74.fff.uu.cc dev eth1 lladdr 00:30:48:yy:zz:ww STALE

74.rr.ww.fff dev eth1 lladdr 00:30:48:yy:zz:ww DELAY

10.10.29.65 dev eth0 lladdr 00:1a:30:38:a8:00 REACHABLE

10.10.29.74 dev eth0 lladdr 00:30:48:8e:31:ac REACHABLE

 

The last field show the the state of the “neighbour unreachability detection” machine for this entry:

STALE – The neighbour is valid, but is probably already unreachable, so the kernel will try to check it at the first transmission.

DELAY – A packet has been sent to the stale neighbour and the kernel is waiting for confirmation.

REACHABLE – The neighbour is valid and apparently reachable.

 

Add a new ARP entry:

  • ip neigh add {IP-HERE} lladdr {MAC/LLADDRESS} dev {DEVICE} nud {STATE}     ---> #syntax is
  • ip neigh add 192.168.1.5 lladdr 00:1a:30:38:a8:00 dev eth0 nud perm         ---> #add a permanent ARP entry for the neighbour 192.168.1.5 on the device eth0:

neighbour state (nud):

permanent The neighbour entry is valid forever and can be only be removed administratively

noarp The neighbour entry is valid. No attempts to validate this entry will be made but it can be removed when its lifetime expires.

stale The neighbour entry is valid but suspicious. This option to ip neigh does not change the neighbour state if it was valid and the address is not changed by this command.

reachable The neighbour entry is valid until the reachability timeout expires.

Delete a ARP entry:

  • ip neigh del {IPAddress} dev {DEVICE}               ---> #Syntax
  • ip neigh del 192.168.1.5 dev eth1                            ---> #invalidate or delete an ARP entry for the neighbour 192.168.1.5 on the device eth0

Change ARP state:

 

  • ip neigh chg 192.168.1.100 dev eth1 nud reachable ---> #TO REACHABLE FOR THE NEIGHBOUR 192.168.1.100 ON THE DEVICE ETH1:


 


Route

Route:Display and alter the routing table

  • ip route                                                                      ---> #List all of the route entries in the kernel[routing tables]
  • ip route show                                                            ---> #check the routing table information of the system
  • ip route add default via 192.168.1.1 dev eth0          ---> #Add a default route (for all addresses) via the local gateway 192.168.1.1 that can be reached on device eth0
  • ip route add 192.168.1.0/24 via 192.168.1.1            ---> #Add a route to 192.168.1.0/24 via the gateway at 192.168.1.1
  • ip route add 192.168.1.0/24 dev eth0                       ---> #Add a route to 192.168.1.0/24 that can be reached on device eth0
  • ip route del default via 192.168.1.1                          ---> #delete default gateway                                     
  • ip route delete 192.168.1.0/24 via 192.168.1.1        ---> #Delete the route for 192.168.1.0/24 via the gateway at 192.168.1.1
  • ip route replace 192.168.1.0/24 dev eth0                  ---> #Replace the defined route for 192.168.1.0/24 to use device eth0
  • ip route get 192.168.1.5                                            ---> #Display the route taken for IP 192.168.1.5
  • ip r                                                                             ---> #display the contents of the routing tables
  • ip r list                                                                       ---> #display the contents of the routing tables
  • ip route list                                                                ---> #display the contents of the routing tables
  • ip r list 192.168.1.0/24                                              ---> #Display routing for 192.168.1.0/24

output:192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.10

 

Add a new route:

  • ip route add {NETWORK/MASK} via {GATEWAYIP}               ---> #The syntax is
  • ip route add {NETWORK/MASK} dev {DEVICE}                      ---> #The syntax is
  • ip route add default {NETWORK/MASK} dev {DEVICE}          ---> #The syntax is
  • ip route add default {NETWORK/MASK} via {GATEWAYIP}   ---> #The syntax is
  • ip route add 192.168.1.0/24 via 192.168.1.254                               ---> #Add a plain route to network 192.168.1.0/24 via gateway 192.168.1.254
  • ip route add 192.168.1.0/24 dev eth0                                              ---> #To route all traffic via 192.168.1.254 gateway connected via eth0 network interface

Delete a route:

  • ip route del default                                                                           ---> #The syntax is[as follows to delete default gateway]
  • ip route del 192.168.1.0/24 dev eth0                                                ---> #In this example, delete the route created in previous subsection:

 


Disable [or] flush:

This flush or f command flushes neighbour/arp tables, by specifying some condition.

  • ip -s -s n f {IPAddress}                   ---> #The syntax is
  • ip -s -s n f 192.168.1.5                    ---> #In this example, flush neighbour/arp table
  • ip -s -s n flush 192.168.1.5             ---> #In this example, flush neighbour/arp table
  • ip -4 addr flush label "ppp*"           ---> #disable IP address on all the ppp (Point-to-Point) interfaces
  • ip -4 addr flush label "eth*"            ---> #Here is another example for all the Ethernet interfaces
  • ip -s -s a f to 192.168.2.0/24           --->  #Delete all the IP addresses from the private network (For example) 192.168.2.0/24

output:

2: eth0    inet 192.168.2.201/24 scope global secondary eth0

2: eth0    inet 192.168.2.200/24 scope global eth0

*** Round 1, deleting 2 addresses ***

*** Flush is complete after 1 round ***

 


Txqueuelen

set the length of the transmit queue of the device using  ip command as follows:

  • ip link set txqueuelen {NUMBER} dev {DEVICE}    --->   # Syntax
  • ip link set txqueuelen 10000 dev eth0                           ---> #change the default txqueuelen from 1000 to 10000 for the eth0
  • ip a list eth0

 


MTU

For gigabit networks, set maximum transmission units (MTU) sizes (JumboFrames) for better network performance. The syntax is:
  • ip link set mtu {NUMBER} dev {DEVICE}          ---> #Syntax
  • ip link set eth0 mtu 9000                                         ---> #Set the MTU on eth0 to 9000
  • ip link set mtu 9000 dev eth0                                   ---> #To change the MTU of the device eth0 to 9000
  • ip a list eth0

Sample outputs:

2: eth0:  mtu 9000 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:08:9b:c4:30:30 brd ff:ff:ff:ff:ff:ff

    inet 192.168.1.10/24 brd 192.168.1.255 scope global eth1

    inet6 fe80::208:9bff:fec4:3030/64 scope link 

       valid_lft forever preferred_lft forever


 


Broadcast:

Notice:By default, the ip command does not set any broadcast address unless explicitly requested

  • ip addr add brd {ADDDRESS-HERE} dev {interface}          ---> #ADDING THE BROADCAST ADDRESS ON THE INTERFACE
  • ip addr add broadcast {ADDDRESS-HERE} dev {interface} ---> #ADDING THE BROADCAST ADDRESS ON THE INTERFACE
  • ip addr add broadcast 172.20.10.255 dev eth0                           ---> #add 172.20.10.255 as broadcast on eth0
 

Multicast

 

maddr: Manage and display multicast IP addresses

  • ip maddr                                   ---> #Display multicast information for all devices
  • ip maddr show dev eth0           ---> #Display multicast information for device eth0


 

OLD and NEW Commands:

  • arp -a                                                      -----> ip neigh
  • arp -v                                                      -----> ip -s neigh
  • arp -s 192.168.1.1 1:2:3:4:5:6                -----> ip neigh add 192.168.1.1 lladdr 1:2:3:4:5:6 dev eth1
  • arp -i eth1 -d 192.168.1.1                       -----> ip neigh del 192.168.1.1 dev eth1
  • ifconfig -a                                               -----> ip addr
  • ifconfig eth0 down                                 -----> ip link set eth0 down
  • ifconfig eth0 up                                      -----> ip link set eth0 up
  • ifconfig eth0 192.168.1.1                       -----> ip addr add 192.168.1.1/24 dev eth0
  • ifconfig eth0 netmask 255.255.255.0     -----> ip addr add 192.168.1.1/24 dev eth0
  • ifconfig eth0 mtu 9000                           -----> ip link set eth0 mtu 9000
  • ifconfig eth0:0 192.168.1.2                    -----> ip addr add 192.168.1.2/24 dev eth0
  • netstat -g                                                 -----> ip maddr
  • route                                                        -----> ip route
  • route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0              -----> ip route add 192.168.1.0/24 dev eth0
  • route add default gw 192.168.1.1                                                        -----> ip route add default via 192.168.1.1
 

Abbreviation:

Object Abbreviated form Purpose
  • link(l)                               ----> Network device.
  • address(a [or] addr)         ----> Protocol (IP or IPv6) address on a device.
  • addrlabel(addrl)               ----> Label configuration for protocol address selection.
  • neighbour(n [or] neigh)   ----> ARP or NDISC cache entry.
  • route(r)                             ----> Routing table entry.
  • rule(ru)                             ----> Rule in routing policy database.
  • maddress(m [or] maddr)  ----> Multicast address.
  • mroute(mr)                       ----> Multicast routing cache entry.
  • tunnel(t)                            ----> Tunnel over IP.
  • xfrm(x)                              ----> Framework for IPsec protocol.


URL1

  • behrooz mohamadi nsasab
۱۹
خرداد
  • 1. List Established Connections

    By default if we run the ss command with no further options specified it will display a list of open non-listening sockets that have established connections, so for example TCP, UDP or UNIX sockets.

    [root@centos7 ~]# ss | head -n 5
    Netid  State      Recv-Q Send-Q Local Address:Port      Peer Address:Port
    u_str  ESTAB      0      0       * 23740                * 23739
    u_str  ESTAB      0      0       * 23707                * 23706
    u_str  ESTAB      0      0       * 87021                * 88383
    u_str  ESTAB      0      0       * 17056                * 17112
    

    In the above example I have limited the output, on my server I have over 500 lines printed out by running the ss command, so you may wish to pipe it into something like less to easily read it, or otherwise append additional options on the end to only show what you’re after.

  • 2. Show Listening Sockets

    Rather than listing all sockets, we can use the -l option to specifically list the sockets that are currently listening for a connection.

    [root@centos7 ~]# ss -lt
    State       Recv-Q Send-Q  Local Address:Port                Peer Address:Port
    LISTEN      0      2                   *:kerberos-adm        *:*
    LISTEN      0      128                 *:sunrpc              *:*
    LISTEN      0      5                   *:kpasswd             *:*
    LISTEN      0      10       192.168.1.14:domain              *:*
    LISTEN      0      10          127.0.0.1:domain              *:*
    LISTEN      0      5       192.168.122.1:domain              *:*
    LISTEN      0      128                 *:ssh                 *:*
    

    In this example we have also used the -t option to only list TCP, more on this later. In future examples you will see that we will combine multiple options like this in order to quickly filter down to what we’re after.

  • 3. Show Processes

    We can print out the process or PID number that owns a socket with the -p option.

    [root@centos7 ~]# ss -pl
    Netid  State      Recv-Q Send-Q Local Address:Port     Peer Address:Port
    tcp    LISTEN     0      128    :::http                :::*                 users:(("httpd",pid=10522,fd=4),("httpd",pid=10521,fd=4),("httpd",pid=10520,fd=4),("httpd",pid=10519,fd=4),("httpd",pid=10518,fd=4),("httpd",pid=10516,fd=4))
    

    In the above example I have only listed a single result, without any further options the full output of ss prints out over 500 lines to stdout. Regardless, we can see the process ID’s of the various Apache processes that are running on this server.

  • 4. Don’t Resolve Service Names

    By default ss will only resolve port numbers as we have previously seen, for example in the line below we can see 192.168.1.14:ssh where ssh is listed as the local port.

    [root@centos7 ~]# ss
    Netid  State      Recv-Q Send-Q Local Address:Port    Peer Address:Port
    tcp    ESTAB      0      64     192.168.1.14:ssh      192.168.1.191:57091
    

    However if we specify the -n option, this resolution will not take place and we will instead see the port number rather than the service name.

    [root@centos7 ~]# ss -n
    Netid  State      Recv-Q Send-Q Local Address:Port    Peer Address:Port
    tcp    ESTAB      0      0      192.168.1.14:22       192.168.1.191:57091
    

    Note that :22 is now displayed rather than :ssh as we have disabled all name resolution of hostnames and ports. You can check the /etc/services file to see a full list of which ports map to which services.

  • 5. Resolve Numeric Address/Ports

    We can also do the opposite of this and resolve both the IP address and port number with the -r option. With this we now see the hostname of the 192.168.1.14 server listed.

    [root@centos7 ~]# ss -r
    Netid  State      Recv-Q Send-Q Local Address:Port         Peer Address:Port
    tcp    ESTAB      0      64     centos7.example.com:ssh    192.168.1.191:57091
    
  • 6. IPv4 Sockets

    We can use the -4 option to only display information corresponding to IPv4 sockets. In the below example we also make use of the -l option to list everything listening on an IPv4 address.

    [root@centos7 ~]# ss -l4
    Netid  State      Recv-Q Send-Q     Local Address:Port        Peer Address:Port
    udp    UNCONN     0      0              127.0.0.1:323         *:*
    udp    UNCONN     0      0          192.168.122.1:domain      *:*
    udp    UNCONN     0      0               *%virbr0:bootps      *:*
    udp    UNCONN     0      0                      *:bootpc      *:*
    tcp    LISTEN     0      128                    *:sunrpc      *:*
    tcp    LISTEN     0      5          192.168.122.1:domain      *:*
    tcp    LISTEN     0      128                    *:ssh         *:*
    tcp    LISTEN     0      128            127.0.0.1:ipp         *:*
    tcp    LISTEN     0      100            127.0.0.1:smtp        *:*
    
  • 7. IPv6 Sockets

    Likewise, we can use the -6 option to only display information related to IPv6 sockets. In the below example we also make use of the -l option to list everything listening on an IPv6 address.

    [root@centos7 ~]# ss -l6
    Netid  State      Recv-Q Send-Q     Local Address:Port          Peer Address:Port
    udp    UNCONN     0      0                     :::ipv6-icmp     :::*
    udp    UNCONN     0      0                     :::22834         :::*
    udp    UNCONN     0      0                    ::1:323           :::*
    tcp    LISTEN     0      128                   :::sunrpc        :::*
    tcp    LISTEN     0      128                   :::http          :::*
    tcp    LISTEN     0      128                   :::ssh           :::*
    tcp    LISTEN     0      128                  ::1:ipp           :::*
    tcp    LISTEN     0      100                  ::1:smtp          :::*
    
  • 8. TCP Only

    The -t option can be used to display only TCP sockets. When combined with -l to only print out listening sockets we can see everything listening on TCP.

    [root@centos7 ~]# ss -lt
    State      Recv-Q Send-Q      Local Address:Port       Peer Address:Port
    LISTEN     0      128                     *:sunrpc     *:*
    LISTEN     0      5           192.168.122.1:domain     *:*
    LISTEN     0      128                     *:ssh        *:*
    LISTEN     0      128             127.0.0.1:ipp        *:*
    LISTEN     0      100             127.0.0.1:smtp       *:*
    LISTEN     0      128                    :::sunrpc    :::*
    LISTEN     0      128                    :::http      :::*
    LISTEN     0      128                    :::ssh       :::*
    LISTEN     0      128                   ::1:ipp       :::*
    LISTEN     0      100                   ::1:smtp      :::*
    
  • 9. UDP Only

    The -u option can be used to display only UDP sockets. As UDP is a connection-less protocol, simply running with only the -u option will display no output. We can instead combine this with the -a or -l option to see all listening UDP sockets, as shown below.

    [root@centos7 ~]# ss -ul
    State       Recv-Q Send-Q  Local Address:Port       Peer Address:Port
    UNCONN      0      0                   *:mdns       *:*
    UNCONN      0      0                   *:kpasswd    *:*
    UNCONN      0      0                   *:839        *:*
    UNCONN      0      0                   *:36812      *:*
    UNCONN      0      0       192.168.122.1:domain     *:*
    UNCONN      0      0        192.168.1.14:domain     *:*
    
  • 10. Unix Sockets

    The -x option can be used to display unix domain sockets only.

    [root@centos7 ~]# ss -x
    Netid  State      Recv-Q Send-Q Local Address:Port           Peer Address:Port
    u_str  ESTAB      0      0      @/tmp/.X11-unix/X0 27818     * 27817
    u_str  ESTAB      0      0      @/tmp/.X11-unix/X0 26656     * 26655
    u_str  ESTAB      0      0       * 28344                     * 26607
    u_str  ESTAB      0      0       * 24704                     * 24705
    u_str  ESTAB      0      0      @/tmp/.X11-unix/X0 25195     * 24086
    u_str  ESTAB      0      0      @/tmp/dbus-CRqRiw6V 28388    * 28693
    ...
    
  • 11. Display All Information

    the -a option shows all, both listening and non-listening sockets. In the case of TCP this means established connections. This option is useful for combining with others, for instance to show all UDP sockets we can add -a, as by default with just the -u option we don’t see as much information.

    [root@centos7 ~]# ss -u
    Recv-Q Send-Q       Local Address:Port           Peer Address:Port
    0      0             192.168.1.14:56658          129.250.35.251:ntp
    
    [root@centos7 ~]# ss -ua
    State       Recv-Q Send-Q  Local Address:Port           Peer Address:Port
    UNCONN      0      0                   *:mdns           *:*
    UNCONN      0      0           127.0.0.1:323            *:*
    ESTAB       0      0        192.168.1.14:56658          129.250.35.251:ntp
    UNCONN      0      0                   *:21014          *:*
    UNCONN      0      0                   *:60009          *:*
    UNCONN      0      0       192.168.122.1:domain         *:*
    UNCONN      0      0            *%virbr0:bootps         *:*
    UNCONN      0      0                   *:bootpc         *:*
    UNCONN      0      0                 ::1:323           :::*
    UNCONN      0      0                  :::43209         :::*
    
  • 12. Show Socket Memory Usage

    The -m option can be used to display the amount of memory that each socket is using.

    [root@centos7 ~]# ss -ltm
    State      Recv-Q Send-Q                Local Address:Port       Peer Address:Port
    LISTEN     0      128                               *:sunrpc     *:*
      skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
    LISTEN     0      5                     192.168.122.1:domain     *:*
      skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
    LISTEN     0      128                               *:ssh        *:*
      skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
    LISTEN     0      128                       127.0.0.1:ipp        *:*
      skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
    LISTEN     0      100                       127.0.0.1:smtp       *:*
      skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
    
  • 13. Show Internal TCP Information

    We can request additional internal TCP information with the -i info option.

    [root@centos7 ~]# ss -lti
    State      Recv-Q Send-Q                Local Address:Port                        Peer Address:Port
    LISTEN     0      128                               *:sunrpc                                    *:*
      cubic rto:1000 mss:536 cwnd:10 lastsnd:373620 lastrcv:373620 lastack:373620
    LISTEN     0      5                     192.168.122.1:domain                                    *:*
      cubic rto:1000 mss:536 cwnd:10 lastsnd:373620 lastrcv:373620 lastack:373620
    LISTEN     0      128                               *:ssh                                       *:*
      cubic rto:1000 mss:536 cwnd:10 segs_in:2 lastsnd:373620 lastrcv:373620 lastack:373620
    LISTEN     0      128                       127.0.0.1:ipp                                       *:*
      cubic rto:1000 mss:536 cwnd:10 lastsnd:373620 lastrcv:373620 lastack:373620
    LISTEN     0      100                       127.0.0.1:smtp                                      *:*
      cubic rto:1000 mss:536 cwnd:10 lastsnd:373620 lastrcv:373620 lastack:373620
    

    Underneath each listening socket we can see additional information. Note that the -i option does not work with UDP, if you instead specify -u instead of -t this extra information will not be present.

  • 14. Show Summary

    We can see a quick overview of the statistics with the -s option.

    [root@centos7 ~]# ss -s
    Total: 1253 (kernel 1721)
    TCP:   13 (estab 1, closed 2, orphaned 0, synrecv 0, timewait 0/0), ports 0
    
    Transport Total     IP        IPv6
    *   1721      -         -
    RAW     1         0         1
    UDP     9         7         2
    TCP     11        6         5
    INET    21        13        8
    FRAG    0         0         0
    

    This quickly allows us to see things like the total number of established connections, as well as counts of each type of socket and whether IPv4 or IPv6 is in use.

  • 15. Filter Based On State

    We can specify the state of a socket to only print out sockets in this state. For example we can specify states including established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, closed-wait, last-ack, listen and closing. The below example shows all established TCP connections. To generate this I was connected to the server by SSH and just loaded a web page from Apache. We can then see that the connections to Apache quickly change to time-wait.

    [root@centos7 ~]# ss -t state established
    Recv-Q Send-Q               Local Address:Port           Peer Address:Port
    0      64                     192.168.1.14:ssh         192.168.1.191:57091
    0      0              ::ffff:192.168.1.14:http   ::ffff:192.168.1.191:57373
    0      0              ::ffff:192.168.1.14:http   ::ffff:192.168.1.191:57372
    
    [root@centos7 ~]# ss -t state time-wait
    Recv-Q Send-Q               Local Address:Port           Peer Address:Port
    0      0              ::ffff:192.168.1.14:http   ::ffff:192.168.1.191:57373
    0      0              ::ffff:192.168.1.14:http   ::ffff:192.168.1.191:57372
    
  • 16. Filter Based On Port Number

    Filtering can also be performed to list all ports that are less than (lt), greater than (gt), equal to (eq), not equal to (ne), less than or equal to (le), or greater than or equal to (ge).

    For example, the below command shows all listening ports on port number 500 or below.

    [root@centos7 ~]# ss -ltn sport le 500
    State       Recv-Q Send-Q    Local Address:Port      Peer Address:Port
    LISTEN      0      128                   *:111       *:*
    LISTEN      0      5         192.168.122.1:53        *:*
    LISTEN      0      128                   *:22        *:*
    LISTEN      0      100           127.0.0.1:25        *:*
    LISTEN      0      128                  :::111       :::*
    LISTEN      0      128                  :::22        :::*
    LISTEN      0      100                 ::1:25        :::*
    

    For comparison we can perform the opposite, and view all ports greater than 500 with ‘gt’

    [root@centos7 ~]# ss -ltn sport gt 500
    State       Recv-Q Send-Q    Local Address:Port       Peer Address:Port
    LISTEN      0      128           127.0.0.1:631        *:*
    LISTEN      0      128                 ::1:631        :::*
    

    We can also filter based on items such as source or destination port, for example below we search for TCP sockets that have a source port (sport) of ssh.

    [root@centos7 ~]# ss -t '( sport = :ssh )'
    State       Recv-Q Send-Q       Local Address:Port         Peer Address:Port
    ESTAB       0      64             192.168.1.14:ssh        192.168.1.191:57091
    
  • 17. Show SELinux Context

    The -Z and -z options can be used to show the SELinux security context of a socket. In the example below we also use the -t and -l options to only list listening TCP sockets, with the -Z option we can also see the SELinux contexts.

    [root@centos7 ~]# ss -tlZ
    State      Recv-Q Send-Q     Local Address:Port     Peer Address:Port
    LISTEN     0      128                    *:sunrpc     *:*                users:(("systemd",pid=1,proc_ctx=system_u:system_r:init_t:s0,fd=71))
    LISTEN     0      5          192.168.122.1:domain     *:*                users:(("dnsmasq",pid=1810,proc_ctx=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023,fd=6))
    LISTEN     0      128                    *:ssh        *:*                users:(("sshd",pid=1173,proc_ctx=system_u:system_r:sshd_t:s0-s0:c0.c1023,fd=3))
    LISTEN     0      128            127.0.0.1:ipp        *:*                users:(("cupsd",pid=1145,proc_ctx=system_u:system_r:cupsd_t:s0-s0:c0.c1023,fd=12))
    LISTEN     0      100            127.0.0.1:smtp       *:*                users:(("master",pid=1752,proc_ctx=system_u:system_r:postfix_master_t:s0,fd=13))
    
  • 18. Display Version

    The -v option can be used to display specific version information for the ss command, in this instance we see the version of the iproute package which provides ss.

    [root@centos7 ~]# ss -v
    ss utility, iproute2-ss130716
    
  • 19. Print Help Documentation

    The -h option can be used to display further help regarding the ss command, it’s good to use as a quick reference if you need a short description on some of the most commonly used options. Note that the full output here has not been included for brevity.

    [root@centos7 ~]# ss -h
    Usage: ss [ OPTIONS ]
    
  • 20. Show Extended Information

    We can use the -e option which shows extended detailed information, as shown below we can see the extended information appended to the end of each line.

    [root@centos7 ~]# ss -lte
    State      Recv-Q Send-Q      Local Address:Port         Peer Address:Port
    LISTEN     0      128                     *:sunrpc       *:*                 ino:16090 sk:ffff880000100000 <->
    LISTEN     0      5           192.168.122.1:domain       *:*                 ino:23750 sk:ffff880073e70f80 <->
    LISTEN     0      128                     *:ssh          *:*                 ino:22789 sk:ffff880073e70000 <->
    LISTEN     0      128             127.0.0.1:ipp          *:*                 ino:23091 sk:ffff880073e707c0 <->
    LISTEN     0      100             127.0.0.1:smtp         *:*                 ino:24659 sk:ffff880000100f80 <->
    
  • 21. Show Timer Information

    The -o option can be used to display the timer information. This information shows us things such as the retransmission timer value, number of retransmissions that have occurred, and the number of keepalive probes that have been sent.

    [root@centos7 ~]# ss -to
    State       Recv-Q Send-Q         Local Address:Port             Peer Address:Port
    ESTAB       0      64              192.168.1.14:ssh              192.168.1.191:57091      timer:(on,242ms,0)
    ESTAB       0      0        ::ffff:192.168.1.14:http      ::ffff:192.168.1.191:57295      timer:(keepalive,120min,0)
    ESTAB       0      0        ::ffff:192.168.1.14:http      ::ffff:192.168.1.191:57296      timer:(keepalive,120min,0)
    
  • behrooz mohamadi nsasab
۱۶
بهمن

sudo nmblookup -A  IP | grep '<00' | grep -v GROUP | awk '{print $1}'

  • behrooz mohamadi nsasab