Author | Alexey Kuznetsovd |
Contributors | Nikolay Aleksandrov, |
Stephen Hemminger, | |
Daniel Borkmann, | |
Roopa Prabhu, | |
Zhang Sheng (all..) | |
Released | 2007 |
Source | iproute2.git |
---|
The iproute package contains networking utilities (ip and rtmon, for example) which are designed to use the advanced networking capabilities of the Linux 2.4.x and 2.6.x kernel.
ip (8) - show / manipulate routing, devices, policy routing and tunnels ss (8) - another utility to investigate sockets tc (8) - show / manipulate traffic control settings arpd (8) - userspace arp daemon. nstat (8) - network statistics tools. bridge (8) - show / manipulate bridge addresses and devices rtacct (8) - network statistics tools. rtmon (8) - listens to and monitors RTnetlink ctstat (8) - unified linux network statistics lnstat (8) - unified linux network statistics routef (8) - flush routes routel (8) - list routes with pretty output format rtstat (8) - unified linux network statistics
net-tools vs iproute2
Description | net-tools | iproute2 |
---|---|---|
Bring ${IF} UP/DOWN | ifconfig ${IF} up/down | ip link set ${IF} up/down |
Add ${IP} to ${IF} | ifcofnig ${IF} ${IP} netmask ${NM} | ip addr add ${IP}/24 dev ${IF} |
${IF} - interface ${IP} - IPv4/IPv6 address ${NM} - netmask
Command | Valid abbreviations |
---|---|
address | a ad add addr addres address |
watch trafic statistics on interface enp2s0:
~$ watch ip -s link show enp2s0
list status as structured and colored output:
~$ ip -c address ~$ ip -c link ~$ ip -c route
ss [ OPTIONS ] [ STATE-FILTER ] [ ADDRESS-FILTER ]
<Netid> <State> <Recv-Q> <Send-Q> <address> <port>
OPTIONS | TYPE | V++ | V– | DESCRIPTION |
---|---|---|---|---|
-0, --packet | display PACKET sockets | |||
-4, --ipv4 | display only IP version 4 sockets | |||
-6, --ipv6 | display only IP version 6 sockets | |||
-A, --query=QUERY, --socket=QUERY | ||||
-D, --diag=FILE | Dump raw information about TCP sockets to FILE | |||
-E, --events | continually display sockets as they are destroyed | |||
-F, --filter=FILE | read filter information from FILE | |||
-H, --no-header | Suppress header line | |||
-K, --kill | forcibly close sockets, display what was closed | |||
-N, --net | switch to the specified network namespace name | |||
-S, --sctp | display only SCTP sockets | |||
-V, --version | output version information | |||
-Z, --context | display process SELinux security contexts | |||
-a, --all | display all sockets | |||
-b, --bpf | show bpf filter socket information | |||
-d, --dccp | display only DCCP sockets | |||
-e, --extended | show detailed socket information | |||
-f, --family=FAMILY | display sockets of type FAMILY | |||
-h, --help | this message | |||
-i, --info | show internal TCP information | |||
-l, --listening | display listening sockets | |||
-m, --memory | show socket memory usage | |||
-n, --numeric | don’t resolve service names | |||
-o, --options | show timer information | |||
-p, --processes | show process using socket | |||
-r, --resolve | resolve host names | |||
-s, --summary | show socket usage summary | |||
-t, --tcp | display only TCP sockets | |||
-u, --udp | display only UDP sockets | |||
-w, --raw | display only RAW sockets | |||
-x, --unix | display only Unix domain sockets | |||
-z, --contexts | display process and socket SELinux security contexts |
- FAMILY
- {inet|inet6|link|unix|netlink|help}
- QUERY
- {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink}[,QUERY]
- {established|syn-sent|syn-recv|fin-wait-1|fin-wait-2|time-wait|closed|close-wait|last-ack|listen|closing}
- all: for all the states
- connected: all the states except for listen and closed
- synchronized: all the connected states except for syn-sent
- bucket: states, which are maintained as minisockets, i.e. time-wait and syn-recv.
- big: opposite to bucket
Is boolean expression with operations and, or and not, which can be abbreviated in C style f.e. as &, &&.
Predicates check socket addresses, both local and remote. There are the following kinds of predicates:
- dst ADDRESS_PATTERN - matches remote address and port
- src ADDRESS_PATTERN - matches local address and port
- dport RELOP PORT - compares remote port to a number
- sport RELOP PORT - compares local port to a number
- autobound - checks that socket is bound to an ephemeral port
programms that request access to Internet
~# ss -p | cat ~# ss -p | grep STA ~# ss -p | cut -f2 -sd\"or # Just process/command name ~# ss -p | grep STA | cut -f2 -d\"
list top 10 PIDs wich has most of all connections:
~# ss -nap | grep -P "(?<=pid\=)[0-9]+" -o | sort | uniq -c | sort -rn | head
dump TCP, UDP, RAW or UNIX sockets:
~# ss -t -a ~# ss -u -a ~# ss -w -a ~# ss -x -a
realtime TCP network connections:
~$ watch ss -sp
- /proc/net/tcp
- /etc/services
- /etc/protocols
- /etc/iproute2/nl_protos
- http://baturin.org/docs/iproute2/
- http://lartc.org/lartc.html
- IPROUTE2 Utility Suite Howto http://www.policyrouting.org/iproute2-toc.html
- RFC-793
- TRANSMISSION CONTROL PROTOCOL https://tools.ietf.org/rfc/rfc793.txt