۳ مطلب با کلمه‌ی کلیدی «internet protocol» ثبت شده است

۱۴

اسفند

IP Command

Show address:

ip: show commands:

ip help ---> #Display ip commands and arguments
ip -4 a ---> #Only show TCP/IP IPv4
ip -6 a ---> #Only show TCP/IP IPv6
ip a list eth0 ---> #Only show eth0 interface
ip a show dev eth0 ---> #Only show eth0 interface
ip a show eth0 ---> #Only show eth0 interface

addr: Display IP Addresses and property information(abbreviation of address)

ip addr ---> #Show information for all addresses
ip addr help ---> #Display address commands and arguments
ip addr show dev eth0 ---> #Display information only for device

link: Manage and display the state of all network interfaces

ip link help ---> #Display link commands and arguments
ip link ls up ---> #Only show running interfaces
ip link show dev eth0 ---> #Display information only for device eth0
ip link ---> #Show information for all interfaces
ip -s link ---> #Display interface statistics
ip -s -s link ls eth0 ---> #get information about a particular network interface
ip link set eth0 up ---> #Bring eth0 online
ip link set eth0 down ---> #Bring eth0 offline
ip link set eth0 promisc on ---> #Enable promiscuous mode for eth0

Add or Delete Address:

ip a add {ip_addr/mask} dev {interface} ---> #The syntax is as follows to add an IPv4/IPv6 address
ip a del {ipv6_addr_OR_ipv4_addr} dev {interface} ---> The syntax is as follows to remove an IPv4/IPv6 address:
ip addr add 192.168.1.1/24 dev eth0 ---> #Add address 192.168.1.1 with netmask 24 to device eth0
ip a add 192.168.1.200/255.255.255.0 dev eth0 ---> To assign 192.168.1.200/255.255.255.0 to eth0
ip a add 192.168.1.200/24 dev eth0 ---> To assign 192.168.1.200/255.255.255.0 to eth0
ip addr del 192.168.1.1/24 dev eth0 ---> #Remove address 192.168.1.1/24 from device eth0
ip a del 192.168.1.200/24 dev eth0 ---> To delete 192.168.1.200/24 from eth0

neigh

neigh : ARP, Show neighbour objects; also known as the ARP table for IPv4

ip neigh ---> #Display neighbour objects(Show neighbour objects; also known as the ARP table for IPv4)
ip neigh help ---> #Display neighbour commands and arguments
ip neighbour ---> #View the MAC address of the devices connected in your LAN
ip neigh show dev eth0 ---> #Show the ARP cache for device eth0
ip neigh add 192.168.1.1 lladdr 1:2:3:4:5:6 dev eth0 ---> #Add address 192.168.1.1 with MAC 1:2:3:4:5:6 to eth0
ip neigh del 192.168.1.1 dev eth0 ---> #Invalidate the entry for 192.168.1.1 on eth0
ip neigh replace 192.168.1.1 lladdr 1:2:3:4:5:6 dev eth0 ---> #Replace the entry for address 192.168.1.1 to use MAC 1:2:3:4:5:6 on eth0
ip n show ---> #Display neighbour/arp cache
ip neigh show ---> #Display neighbour/arp cache

Sample outputs (note: masked out some data with alphabets):

74.xx.yy.zz dev eth1 lladdr 00:30:48:yy:zz:ww REACHABLE

10.10.29.66 dev eth0 lladdr 00:30:48:c6:0a:d8 REACHABLE

74.ww.yyy.xxx dev eth1 lladdr 00:1a:30:yy:zz:ww REACHABLE

10.10.29.68 dev eth0 lladdr 00:30:48:33:bc:32 REACHABLE

74.fff.uu.cc dev eth1 lladdr 00:30:48:yy:zz:ww STALE

74.rr.ww.fff dev eth1 lladdr 00:30:48:yy:zz:ww DELAY

10.10.29.65 dev eth0 lladdr 00:1a:30:38:a8:00 REACHABLE

10.10.29.74 dev eth0 lladdr 00:30:48:8e:31:ac REACHABLE

The last field show the the state of the “neighbour unreachability detection” machine for this entry:

STALE – The neighbour is valid, but is probably already unreachable, so the kernel will try to check it at the first transmission.

DELAY – A packet has been sent to the stale neighbour and the kernel is waiting for confirmation.

REACHABLE – The neighbour is valid and apparently reachable.

Add a new ARP entry:

ip neigh add {IP-HERE} lladdr {MAC/LLADDRESS} dev {DEVICE} nud {STATE} ---> #syntax is
ip neigh add 192.168.1.5 lladdr 00:1a:30:38:a8:00 dev eth0 nud perm ---> #add a permanent ARP entry for the neighbour 192.168.1.5 on the device eth0:

neighbour state (nud):

permanent The neighbour entry is valid forever and can be only be removed administratively

noarp The neighbour entry is valid. No attempts to validate this entry will be made but it can be removed when its lifetime expires.

stale The neighbour entry is valid but suspicious. This option to ip neigh does not change the neighbour state if it was valid and the address is not changed by this command.

reachable The neighbour entry is valid until the reachability timeout expires.

Delete a ARP entry:

ip neigh del {IPAddress} dev {DEVICE} ---> #Syntax
ip neigh del 192.168.1.5 dev eth1 ---> #invalidate or delete an ARP entry for the neighbour 192.168.1.5 on the device eth0

Change ARP state:

ip neigh chg 192.168.1.100 dev eth1 nud reachable ---> #TO REACHABLE FOR THE NEIGHBOUR 192.168.1.100 ON THE DEVICE ETH1:

Route

Route:Display and alter the routing table

ip route ---> #List all of the route entries in the kernel[routing tables]
ip route show ---> #check the routing table information of the system
ip route add default via 192.168.1.1 dev eth0 ---> #Add a default route (for all addresses) via the local gateway 192.168.1.1 that can be reached on device eth0
ip route add 192.168.1.0/24 via 192.168.1.1 ---> #Add a route to 192.168.1.0/24 via the gateway at 192.168.1.1
ip route add 192.168.1.0/24 dev eth0 ---> #Add a route to 192.168.1.0/24 that can be reached on device eth0
ip route del default via 192.168.1.1 ---> #delete default gateway
ip route delete 192.168.1.0/24 via 192.168.1.1 ---> #Delete the route for 192.168.1.0/24 via the gateway at 192.168.1.1
ip route replace 192.168.1.0/24 dev eth0 ---> #Replace the defined route for 192.168.1.0/24 to use device eth0
ip route get 192.168.1.5 ---> #Display the route taken for IP 192.168.1.5
ip r ---> #display the contents of the routing tables
ip r list ---> #display the contents of the routing tables
ip route list ---> #display the contents of the routing tables
ip r list 192.168.1.0/24 ---> #Display routing for 192.168.1.0/24

output:192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10

Add a new route:

ip route add {NETWORK/MASK} via {GATEWAYIP} ---> #The syntax is
ip route add {NETWORK/MASK} dev {DEVICE} ---> #The syntax is
ip route add default {NETWORK/MASK} dev {DEVICE} ---> #The syntax is
ip route add default {NETWORK/MASK} via {GATEWAYIP} ---> #The syntax is
ip route add 192.168.1.0/24 via 192.168.1.254 ---> #Add a plain route to network 192.168.1.0/24 via gateway 192.168.1.254
ip route add 192.168.1.0/24 dev eth0 ---> #To route all traffic via 192.168.1.254 gateway connected via eth0 network interface

Delete a route:

ip route del default ---> #The syntax is[as follows to delete default gateway]
ip route del 192.168.1.0/24 dev eth0 ---> #In this example, delete the route created in previous subsection:

Disable [or] flush:

This flush or f command flushes neighbour/arp tables, by specifying some condition.

ip -s -s n f {IPAddress} ---> #The syntax is
ip -s -s n f 192.168.1.5 ---> #In this example, flush neighbour/arp table
ip -s -s n flush 192.168.1.5 ---> #In this example, flush neighbour/arp table
ip -4 addr flush label "ppp*" ---> #disable IP address on all the ppp (Point-to-Point) interfaces
ip -4 addr flush label "eth*" ---> #Here is another example for all the Ethernet interfaces
ip -s -s a f to 192.168.2.0/24 ---> #Delete all the IP addresses from the private network (For example) 192.168.2.0/24

output:

2: eth0 inet 192.168.2.201/24 scope global secondary eth0

2: eth0 inet 192.168.2.200/24 scope global eth0

*** Round 1, deleting 2 addresses ***

*** Flush is complete after 1 round ***

Txqueuelen

set the length of the transmit queue of the device using ip command as follows:

ip link set txqueuelen {NUMBER} dev {DEVICE} ---> # Syntax
ip link set txqueuelen 10000 dev eth0 ---> #change the default txqueuelen from 1000 to 10000 for the eth0
ip a list eth0

MTU

For gigabit networks, set maximum transmission units (MTU) sizes (JumboFrames) for better network performance. The syntax is:

ip link set mtu {NUMBER} dev {DEVICE} ---> #Syntax
ip link set eth0 mtu 9000 ---> #Set the MTU on eth0 to 9000
ip link set mtu 9000 dev eth0 ---> #To change the MTU of the device eth0 to 9000
ip a list eth0

Sample outputs:

2: eth0: mtu 9000 qdisc pfifo_fast state UP qlen 1000

link/ether 00:08:9b:c4:30:30 brd ff:ff:ff:ff:ff:ff

inet 192.168.1.10/24 brd 192.168.1.255 scope global eth1

inet6 fe80::208:9bff:fec4:3030/64 scope link

valid_lft forever preferred_lft forever

Broadcast:

Notice:By default, the ip command does not set any broadcast address unless explicitly requested

ip addr add brd {ADDDRESS-HERE} dev {interface} ---> #ADDING THE BROADCAST ADDRESS ON THE INTERFACE
ip addr add broadcast {ADDDRESS-HERE} dev {interface} ---> #ADDING THE BROADCAST ADDRESS ON THE INTERFACE
ip addr add broadcast 172.20.10.255 dev eth0 ---> #add 172.20.10.255 as broadcast on eth0

Multicast

maddr: Manage and display multicast IP addresses

ip maddr ---> #Display multicast information for all devices
ip maddr show dev eth0 ---> #Display multicast information for device eth0

OLD and NEW Commands:

arp -a -----> ip neigh
arp -v -----> ip -s neigh
arp -s 192.168.1.1 1:2:3:4:5:6 -----> ip neigh add 192.168.1.1 lladdr 1:2:3:4:5:6 dev eth1
arp -i eth1 -d 192.168.1.1 -----> ip neigh del 192.168.1.1 dev eth1
ifconfig -a -----> ip addr
ifconfig eth0 down -----> ip link set eth0 down
ifconfig eth0 up -----> ip link set eth0 up
ifconfig eth0 192.168.1.1 -----> ip addr add 192.168.1.1/24 dev eth0
ifconfig eth0 netmask 255.255.255.0 -----> ip addr add 192.168.1.1/24 dev eth0
ifconfig eth0 mtu 9000 -----> ip link set eth0 mtu 9000
ifconfig eth0:0 192.168.1.2 -----> ip addr add 192.168.1.2/24 dev eth0
netstat -g -----> ip maddr
route -----> ip route
route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0 -----> ip route add 192.168.1.0/24 dev eth0
route add default gw 192.168.1.1 -----> ip route add default via 192.168.1.1

Abbreviation:

Object Abbreviated form Purpose

link(l) ----> Network device.
address(a [or] addr) ----> Protocol (IP or IPv6) address on a device.
addrlabel(addrl) ----> Label configuration for protocol address selection.
neighbour(n [or] neigh) ----> ARP or NDISC cache entry.
route(r) ----> Routing table entry.
rule(ru) ----> Rule in routing policy database.
maddress(m [or] maddr) ----> Multicast address.
mroute(mr) ----> Multicast routing cache entry.
tunnel(t) ----> Tunnel over IP.
xfrm(x) ----> Framework for IPsec protocol.

URL1

behrooz mohamadi nsasab

۱۹

خرداد

ss Command - Sockets and Ports

1. List Established Connections

By default if we run the ss command with no further options specified it will display a list of open non-listening sockets that have established connections, so for example TCP, UDP or UNIX sockets.
```
[root@centos7 ~]# ss | head -n 5
Netid  State      Recv-Q Send-Q Local Address:Port      Peer Address:Port
u_str  ESTAB      0      0       * 23740                * 23739
u_str  ESTAB      0      0       * 23707                * 23706
u_str  ESTAB      0      0       * 87021                * 88383
u_str  ESTAB      0      0       * 17056                * 17112
```
In the above example I have limited the output, on my server I have over 500 lines printed out by running the ss command, so you may wish to pipe it into something like less to easily read it, or otherwise append additional options on the end to only show what you’re after.

2. Show Listening Sockets

Rather than listing all sockets, we can use the -l option to specifically list the sockets that are currently listening for a connection.

[root@centos7 ~]# ss -lt
State       Recv-Q Send-Q  Local Address:Port                Peer Address:Port
LISTEN      0      2                   *:kerberos-adm        *:*
LISTEN      0      128                 *:sunrpc              *:*
LISTEN      0      5                   *:kpasswd             *:*
LISTEN      0      10       192.168.1.14:domain              *:*
LISTEN      0      10          127.0.0.1:domain              *:*
LISTEN      0      5       192.168.122.1:domain              *:*
LISTEN      0      128                 *:ssh                 *:*

In this example we have also used the -t option to only list TCP, more on this later. In future examples you will see that we will combine multiple options like this in order to quickly filter down to what we’re after.

3. Show Processes

We can print out the process or PID number that owns a socket with the -p option.
```
[root@centos7 ~]# ss -pl
Netid  State      Recv-Q Send-Q Local Address:Port     Peer Address:Port
tcp    LISTEN     0      128    :::http                :::*                 users:(("httpd",pid=10522,fd=4),("httpd",pid=10521,fd=4),("httpd",pid=10520,fd=4),("httpd",pid=10519,fd=4),("httpd",pid=10518,fd=4),("httpd",pid=10516,fd=4))
```
In the above example I have only listed a single result, without any further options the full output of ss prints out over 500 lines to stdout. Regardless, we can see the process ID’s of the various Apache processes that are running on this server.
4. Don’t Resolve Service Names

By default ss will only resolve port numbers as we have previously seen, for example in the line below we can see 192.168.1.14:ssh where ssh is listed as the local port.
```
[root@centos7 ~]# ss
Netid  State      Recv-Q Send-Q Local Address:Port    Peer Address:Port
tcp    ESTAB      0      64     192.168.1.14:ssh      192.168.1.191:57091
```
However if we specify the -n option, this resolution will not take place and we will instead see the port number rather than the service name.
```
[root@centos7 ~]# ss -n
Netid  State      Recv-Q Send-Q Local Address:Port    Peer Address:Port
tcp    ESTAB      0      0      192.168.1.14:22       192.168.1.191:57091
```
Note that :22 is now displayed rather than :ssh as we have disabled all name resolution of hostnames and ports. You can check the /etc/services file to see a full list of which ports map to which services.
5. Resolve Numeric Address/Ports

We can also do the opposite of this and resolve both the IP address and port number with the -r option. With this we now see the hostname of the 192.168.1.14 server listed.
```
[root@centos7 ~]# ss -r
Netid  State      Recv-Q Send-Q Local Address:Port         Peer Address:Port
tcp    ESTAB      0      64     centos7.example.com:ssh    192.168.1.191:57091
```

6. IPv4 Sockets

We can use the -4 option to only display information corresponding to IPv4 sockets. In the below example we also make use of the -l option to list everything listening on an IPv4 address.

[root@centos7 ~]# ss -l4
Netid  State      Recv-Q Send-Q     Local Address:Port        Peer Address:Port
udp    UNCONN     0      0              127.0.0.1:323         *:*
udp    UNCONN     0      0          192.168.122.1:domain      *:*
udp    UNCONN     0      0               *%virbr0:bootps      *:*
udp    UNCONN     0      0                      *:bootpc      *:*
tcp    LISTEN     0      128                    *:sunrpc      *:*
tcp    LISTEN     0      5          192.168.122.1:domain      *:*
tcp    LISTEN     0      128                    *:ssh         *:*
tcp    LISTEN     0      128            127.0.0.1:ipp         *:*
tcp    LISTEN     0      100            127.0.0.1:smtp        *:*

7. IPv6 Sockets

Likewise, we can use the -6 option to only display information related to IPv6 sockets. In the below example we also make use of the -l option to list everything listening on an IPv6 address.

[root@centos7 ~]# ss -l6
Netid  State      Recv-Q Send-Q     Local Address:Port          Peer Address:Port
udp    UNCONN     0      0                     :::ipv6-icmp     :::*
udp    UNCONN     0      0                     :::22834         :::*
udp    UNCONN     0      0                    ::1:323           :::*
tcp    LISTEN     0      128                   :::sunrpc        :::*
tcp    LISTEN     0      128                   :::http          :::*
tcp    LISTEN     0      128                   :::ssh           :::*
tcp    LISTEN     0      128                  ::1:ipp           :::*
tcp    LISTEN     0      100                  ::1:smtp          :::*

8. TCP Only

The -t option can be used to display only TCP sockets. When combined with -l to only print out listening sockets we can see everything listening on TCP.

[root@centos7 ~]# ss -lt
State      Recv-Q Send-Q      Local Address:Port       Peer Address:Port
LISTEN     0      128                     *:sunrpc     *:*
LISTEN     0      5           192.168.122.1:domain     *:*
LISTEN     0      128                     *:ssh        *:*
LISTEN     0      128             127.0.0.1:ipp        *:*
LISTEN     0      100             127.0.0.1:smtp       *:*
LISTEN     0      128                    :::sunrpc    :::*
LISTEN     0      128                    :::http      :::*
LISTEN     0      128                    :::ssh       :::*
LISTEN     0      128                   ::1:ipp       :::*
LISTEN     0      100                   ::1:smtp      :::*

9. UDP Only

The -u option can be used to display only UDP sockets. As UDP is a connection-less protocol, simply running with only the -u option will display no output. We can instead combine this with the -a or -l option to see all listening UDP sockets, as shown below.

[root@centos7 ~]# ss -ul
State       Recv-Q Send-Q  Local Address:Port       Peer Address:Port
UNCONN      0      0                   *:mdns       *:*
UNCONN      0      0                   *:kpasswd    *:*
UNCONN      0      0                   *:839        *:*
UNCONN      0      0                   *:36812      *:*
UNCONN      0      0       192.168.122.1:domain     *:*
UNCONN      0      0        192.168.1.14:domain     *:*

10. Unix Sockets

The -x option can be used to display unix domain sockets only.

[root@centos7 ~]# ss -x
Netid  State      Recv-Q Send-Q Local Address:Port           Peer Address:Port
u_str  ESTAB      0      0      @/tmp/.X11-unix/X0 27818     * 27817
u_str  ESTAB      0      0      @/tmp/.X11-unix/X0 26656     * 26655
u_str  ESTAB      0      0       * 28344                     * 26607
u_str  ESTAB      0      0       * 24704                     * 24705
u_str  ESTAB      0      0      @/tmp/.X11-unix/X0 25195     * 24086
u_str  ESTAB      0      0      @/tmp/dbus-CRqRiw6V 28388    * 28693
...

11. Display All Information

the -a option shows all, both listening and non-listening sockets. In the case of TCP this means established connections. This option is useful for combining with others, for instance to show all UDP sockets we can add -a, as by default with just the -u option we don’t see as much information.

[root@centos7 ~]# ss -u
Recv-Q Send-Q       Local Address:Port           Peer Address:Port
0      0             192.168.1.14:56658          129.250.35.251:ntp

[root@centos7 ~]# ss -ua
State       Recv-Q Send-Q  Local Address:Port           Peer Address:Port
UNCONN      0      0                   *:mdns           *:*
UNCONN      0      0           127.0.0.1:323            *:*
ESTAB       0      0        192.168.1.14:56658          129.250.35.251:ntp
UNCONN      0      0                   *:21014          *:*
UNCONN      0      0                   *:60009          *:*
UNCONN      0      0       192.168.122.1:domain         *:*
UNCONN      0      0            *%virbr0:bootps         *:*
UNCONN      0      0                   *:bootpc         *:*
UNCONN      0      0                 ::1:323           :::*
UNCONN      0      0                  :::43209         :::*

12. Show Socket Memory Usage

The -m option can be used to display the amount of memory that each socket is using.

[root@centos7 ~]# ss -ltm
State      Recv-Q Send-Q                Local Address:Port       Peer Address:Port
LISTEN     0      128                               *:sunrpc     *:*
  skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
LISTEN     0      5                     192.168.122.1:domain     *:*
  skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
LISTEN     0      128                               *:ssh        *:*
  skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
LISTEN     0      128                       127.0.0.1:ipp        *:*
  skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
LISTEN     0      100                       127.0.0.1:smtp       *:*
  skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)

13. Show Internal TCP Information

We can request additional internal TCP information with the -i info option.

[root@centos7 ~]# ss -lti
State      Recv-Q Send-Q                Local Address:Port                        Peer Address:Port
LISTEN     0      128                               *:sunrpc                                    *:*
  cubic rto:1000 mss:536 cwnd:10 lastsnd:373620 lastrcv:373620 lastack:373620
LISTEN     0      5                     192.168.122.1:domain                                    *:*
  cubic rto:1000 mss:536 cwnd:10 lastsnd:373620 lastrcv:373620 lastack:373620
LISTEN     0      128                               *:ssh                                       *:*
  cubic rto:1000 mss:536 cwnd:10 segs_in:2 lastsnd:373620 lastrcv:373620 lastack:373620
LISTEN     0      128                       127.0.0.1:ipp                                       *:*
  cubic rto:1000 mss:536 cwnd:10 lastsnd:373620 lastrcv:373620 lastack:373620
LISTEN     0      100                       127.0.0.1:smtp                                      *:*
  cubic rto:1000 mss:536 cwnd:10 lastsnd:373620 lastrcv:373620 lastack:373620

Underneath each listening socket we can see additional information. Note that the -i option does not work with UDP, if you instead specify -u instead of -t this extra information will not be present.

14. Show Summary

We can see a quick overview of the statistics with the -s option.

[root@centos7 ~]# ss -s
Total: 1253 (kernel 1721)
TCP:   13 (estab 1, closed 2, orphaned 0, synrecv 0, timewait 0/0), ports 0

Transport Total     IP        IPv6
*   1721      -         -
RAW     1         0         1
UDP     9         7         2
TCP     11        6         5
INET    21        13        8
FRAG    0         0         0

This quickly allows us to see things like the total number of established connections, as well as counts of each type of socket and whether IPv4 or IPv6 is in use.

15. Filter Based On State

We can specify the state of a socket to only print out sockets in this state. For example we can specify states including established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, closed-wait, last-ack, listen and closing. The below example shows all established TCP connections. To generate this I was connected to the server by SSH and just loaded a web page from Apache. We can then see that the connections to Apache quickly change to time-wait.

[root@centos7 ~]# ss -t state established
Recv-Q Send-Q               Local Address:Port           Peer Address:Port
0      64                     192.168.1.14:ssh         192.168.1.191:57091
0      0              ::ffff:192.168.1.14:http   ::ffff:192.168.1.191:57373
0      0              ::ffff:192.168.1.14:http   ::ffff:192.168.1.191:57372

[root@centos7 ~]# ss -t state time-wait
Recv-Q Send-Q               Local Address:Port           Peer Address:Port
0      0              ::ffff:192.168.1.14:http   ::ffff:192.168.1.191:57373
0      0              ::ffff:192.168.1.14:http   ::ffff:192.168.1.191:57372

16. Filter Based On Port Number

Filtering can also be performed to list all ports that are less than (lt), greater than (gt), equal to (eq), not equal to (ne), less than or equal to (le), or greater than or equal to (ge).

For example, the below command shows all listening ports on port number 500 or below.

[root@centos7 ~]# ss -ltn sport le 500
State       Recv-Q Send-Q    Local Address:Port      Peer Address:Port
LISTEN      0      128                   *:111       *:*
LISTEN      0      5         192.168.122.1:53        *:*
LISTEN      0      128                   *:22        *:*
LISTEN      0      100           127.0.0.1:25        *:*
LISTEN      0      128                  :::111       :::*
LISTEN      0      128                  :::22        :::*
LISTEN      0      100                 ::1:25        :::*

For comparison we can perform the opposite, and view all ports greater than 500 with ‘gt’

[root@centos7 ~]# ss -ltn sport gt 500
State       Recv-Q Send-Q    Local Address:Port       Peer Address:Port
LISTEN      0      128           127.0.0.1:631        *:*
LISTEN      0      128                 ::1:631        :::*

We can also filter based on items such as source or destination port, for example below we search for TCP sockets that have a source port (sport) of ssh.

[root@centos7 ~]# ss -t '( sport = :ssh )'
State       Recv-Q Send-Q       Local Address:Port         Peer Address:Port
ESTAB       0      64             192.168.1.14:ssh        192.168.1.191:57091

17. Show SELinux Context

The -Z and -z options can be used to show the SELinux security context of a socket. In the example below we also use the -t and -l options to only list listening TCP sockets, with the -Z option we can also see the SELinux contexts.

[root@centos7 ~]# ss -tlZ
State      Recv-Q Send-Q     Local Address:Port     Peer Address:Port
LISTEN     0      128                    *:sunrpc     *:*                users:(("systemd",pid=1,proc_ctx=system_u:system_r:init_t:s0,fd=71))
LISTEN     0      5          192.168.122.1:domain     *:*                users:(("dnsmasq",pid=1810,proc_ctx=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023,fd=6))
LISTEN     0      128                    *:ssh        *:*                users:(("sshd",pid=1173,proc_ctx=system_u:system_r:sshd_t:s0-s0:c0.c1023,fd=3))
LISTEN     0      128            127.0.0.1:ipp        *:*                users:(("cupsd",pid=1145,proc_ctx=system_u:system_r:cupsd_t:s0-s0:c0.c1023,fd=12))
LISTEN     0      100            127.0.0.1:smtp       *:*                users:(("master",pid=1752,proc_ctx=system_u:system_r:postfix_master_t:s0,fd=13))

18. Display Version

The -v option can be used to display specific version information for the ss command, in this instance we see the version of the iproute package which provides ss.
```
[root@centos7 ~]# ss -v
ss utility, iproute2-ss130716
```
19. Print Help Documentation

The -h option can be used to display further help regarding the ss command, it’s good to use as a quick reference if you need a short description on some of the most commonly used options. Note that the full output here has not been included for brevity.
```
[root@centos7 ~]# ss -h
Usage: ss [ OPTIONS ]
```

20. Show Extended Information

We can use the -e option which shows extended detailed information, as shown below we can see the extended information appended to the end of each line.

[root@centos7 ~]# ss -lte
State      Recv-Q Send-Q      Local Address:Port         Peer Address:Port
LISTEN     0      128                     *:sunrpc       *:*                 ino:16090 sk:ffff880000100000 <->
LISTEN     0      5           192.168.122.1:domain       *:*                 ino:23750 sk:ffff880073e70f80 <->
LISTEN     0      128                     *:ssh          *:*                 ino:22789 sk:ffff880073e70000 <->
LISTEN     0      128             127.0.0.1:ipp          *:*                 ino:23091 sk:ffff880073e707c0 <->
LISTEN     0      100             127.0.0.1:smtp         *:*                 ino:24659 sk:ffff880000100f80 <->

21. Show Timer Information

The -o option can be used to display the timer information. This information shows us things such as the retransmission timer value, number of retransmissions that have occurred, and the number of keepalive probes that have been sent.

[root@centos7 ~]# ss -to
State       Recv-Q Send-Q         Local Address:Port             Peer Address:Port
ESTAB       0      64              192.168.1.14:ssh              192.168.1.191:57091      timer:(on,242ms,0)
ESTAB       0      0        ::ffff:192.168.1.14:http      ::ffff:192.168.1.191:57295      timer:(keepalive,120min,0)
ESTAB       0      0        ::ffff:192.168.1.14:http      ::ffff:192.168.1.191:57296      timer:(keepalive,120min,0)

behrooz mohamadi nsasab

۱۶

بهمن

Get hostname from ip

sudo nmblookup -A IP | grep '<00' | grep -v GROUP | awk '{print $1}'

behrooz mohamadi nsasab

لینوکس و شبکه