Julia EvansFeb 23

on linux: what arguments do you use with netstat or ss? (and what situation do you run it in?)

the only thing I can think of is `netstat -tulpn` to show all processes that are listening on a port and the PID (so I can kill the offending process) but I feel like there must be one or two more useful ones

(I say "linux" because linux netstat is a bit different)

Show threadChris Siebenmann

@b0rk In theory I should use ss to find listening ports, connected ports, and so on. In practice ss has options that fail to stick in my mind even after I wrote a whole entry about them for myself¹, so I keep using lsof and grep. Sometimes I'll use 'netstat -nr' instead of 'ip route list', partly because the netstat version works on OpenBSD and FreeBSD too.

¹ https://utcc.utoronto.ca/~cks/space/blog/linux/SsSomeUsageNotes

Chris's Wiki :: blog/linux/SsSomeUsageNotes

Feb 23 at 10:13pmWeb
Show threadanarcatFeb 23
@cks @b0rk i did the same and wrote my own blog post https://anarc.at/blog/2023-03-10-listening-processes/ i am mostly `ss -anpe` because the French told me about the acronym in relation to https://en.wikipedia.org/wiki/Agence_nationale_pour_l%27emploi (which is essentially employment insurance in france)
how to audit for open services with iproute2

anarcat

Show threadAlanFeb 24

@Anarcat @cks @b0rk 3rding: I wrote a StackExchange answer, which I look up and paste when I need it :-).

sudo ss -l -p | grep -vE '^(u_|nl )'

https://unix.stackexchange.com/questions/309083/how-do-i-list-all-sockets-which-are-open-to-remote-machines/309089#309089

How do I list all sockets which are open to remote machines?

A vanilla ss -l lists (on my current machine) lots of open sockets, with various Netid types and many of which are only listening on localhost. How do I get a list of all and only those sockets th...

Unix & Linux Stack Exchange