cix-iproute2.org

iproute2

|≣|

Author	Alexey Kuznetsovd
Contributors	Nikolay Aleksandrov,
	Stephen Hemminger,
	Daniel Borkmann,
	Roopa Prabhu,
	Zhang Sheng (all..)
Released	2007
Source	iproute2.git

The iproute package contains networking utilities (ip and rtmon, for example) which are designed to use the advanced networking capabilities of the Linux 2.4.x and 2.6.x kernel.

---

Index

ip (8)     - show / manipulate routing, devices, policy routing and tunnels
ss (8)     - another utility to investigate sockets
tc (8)     - show / manipulate traffic control settings
arpd (8)   - userspace arp daemon.
nstat (8)  - network statistics tools.
bridge (8) - show / manipulate bridge addresses and devices
rtacct (8) - network statistics tools.
rtmon (8)  - listens to and monitors RTnetlink
ctstat (8) - unified linux network statistics
lnstat (8) - unified linux network statistics
routef (8) - flush routes
routel (8) - list routes with pretty output format
rtstat (8) - unified linux network statistics

net-tools vs iproute2

Description	net-tools	iproute2
Bring ${IF} UP/DOWN	ifconfig ${IF} up/down	ip link set ${IF} up/down
Add ${IP} to ${IF}	ifcofnig ${IF} ${IP} netmask ${NM}	ip addr add ${IP}/24 dev ${IF}

${IF} - interface
${IP} - IPv4/IPv6 address
${NM} - netmask

---

Recipients

ip

⬆

ip::options

Command	Valid abbreviations
address	a ad add addr addres address

ip::examples

ip-161108233852

watch trafic statistics on interface enp2s0:

   ~$ watch ip -s link show enp2s0

ip-190109003612

list status as structured and colored output:

   ~$ ip -c address
   ~$ ip -c link
   ~$ ip -c route

ip::files

ip::see-also

ss

⬆

ss [ OPTIONS ] [ STATE-FILTER ] [ ADDRESS-FILTER ]

<Netid> <State> <Recv-Q> <Send-Q> <address> <port>

ss::options

OPTIONS	TYPE	V++	V–	DESCRIPTION
-0, --packet				display PACKET sockets
-4, --ipv4				display only IP version 4 sockets
-6, --ipv6				display only IP version 6 sockets
-A, --query=QUERY, --socket=QUERY
-D, --diag=FILE				Dump raw information about TCP sockets to FILE
-E, --events				continually display sockets as they are destroyed
-F, --filter=FILE				read filter information from FILE
-H, --no-header				Suppress header line
-K, --kill				forcibly close sockets, display what was closed
-N, --net				switch to the specified network namespace name
-S, --sctp				display only SCTP sockets
-V, --version				output version information
-Z, --context				display process SELinux security contexts
-a, --all				display all sockets
-b, --bpf				show bpf filter socket information
-d, --dccp				display only DCCP sockets
-e, --extended				show detailed socket information
-f, --family=FAMILY				display sockets of type FAMILY
-h, --help				this message
-i, --info				show internal TCP information
-l, --listening				display listening sockets
-m, --memory				show socket memory usage
-n, --numeric				don’t resolve service names
-o, --options				show timer information
-p, --processes				show process using socket
-r, --resolve				resolve host names
-s, --summary				show socket usage summary
-t, --tcp				display only TCP sockets
-u, --udp				display only UDP sockets
-w, --raw				display only RAW sockets
-x, --unix				display only Unix domain sockets
-z, --contexts				display process and socket SELinux security contexts

FAMILY

{inet|inet6|link|unix|netlink|help}

QUERY

{all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink}[,QUERY]

STATE-FILTER

• {established|syn-sent|syn-recv|fin-wait-1|fin-wait-2|time-wait|closed|close-wait|last-ack|listen|closing}
• all: for all the states
• connected: all the states except for listen and closed
• synchronized: all the connected states except for syn-sent
• bucket: states, which are maintained as minisockets, i.e. time-wait and syn-recv.
• big: opposite to bucket

ADDRESS-FILTER

Is boolean expression with operations and, or and not, which can be abbreviated in C style f.e. as &, &&.

Predicates check socket addresses, both local and remote. There are the following kinds of predicates:

• dst ADDRESS_PATTERN - matches remote address and port
• src ADDRESS_PATTERN - matches local address and port
• dport RELOP PORT - compares remote port to a number
• sport RELOP PORT - compares local port to a number
• autobound - checks that socket is bound to an ephemeral port

ss::examples

ss-161116231307

programms that request access to Internet

   ~# ss -p | cat
   ~# ss -p | grep STA
   ~# ss -p | cut -f2 -sd\"or # Just process/command name
   ~# ss -p | grep STA | cut -f2 -d\"

cat cut grep

ss-170817234939

list top 10 PIDs wich has most of all connections:

   ~# ss -nap | grep -P "(?<=pid\=)[0-9]+" -o | sort | uniq -c | sort -rn | head

sort uniq head grep

ss-180114231711

dump TCP, UDP, RAW or UNIX sockets:

   ~# ss -t -a
   ~# ss -u -a
   ~# ss -w -a
   ~# ss -x -a

ss-180707091236

realtime TCP network connections:

   ~$ watch ss -sp

ss::files

• /proc/net/tcp
• /etc/services
• /etc/protocols
• /etc/iproute2/nl_protos

ss::see-also

Referances

Links

• http://baturin.org/docs/iproute2/
• http://lartc.org/lartc.html
• IPROUTE2 Utility Suite Howto http://www.policyrouting.org/iproute2-toc.html

RFC

RFC-793

TRANSMISSION CONTROL PROTOCOL https://tools.ietf.org/rfc/rfc793.txt