LabEx
Log InJoin Free

How to check if a specific network socket is open in Linux

LinuxBeginner
Practice Now

Introduction

In this lab, you will learn how to check if a specific network socket is open in Linux. Understanding how to identify and inspect active network sockets is a fundamental skill for network troubleshooting and monitoring.

Through hands-on exercises, you will utilize powerful command-line tools like ss and netstat to list and filter network connections. You will also explore the /proc/net filesystem to gain deeper insights into socket details, providing a comprehensive approach to verifying the status of network sockets on your system.

Check socket with ss -tuln

In this step, you will learn how to use the ss command to inspect network sockets on your Linux system. Sockets are endpoints for sending and receiving data across a network. Understanding how to view active sockets is crucial for network troubleshooting and monitoring.

The ss command is a powerful tool for examining sockets. We will use it with the following options:

  • -t: Display TCP sockets.
  • -u: Display UDP sockets.
  • -l: Display listening sockets (sockets waiting for connections).
  • -n: Do not resolve service names (display port numbers instead).

Open your terminal if it's not already open. You can find the Xfce Terminal icon on the left side of your desktop.

Now, type the following command and press Enter:

ss -tuln

You will see output similar to this:

Netid State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
tcp   LISTEN     0      128    0.0.0.0:22                       0.0.0.0:*
tcp   LISTEN     0      128    127.0.0.1:631                    0.0.0.0:*
tcp   LISTEN     0      128    0.0.0.0:5900                     0.0.0.0:*
tcp   LISTEN     0      128    127.0.0.1:25                     0.0.0.0:*
tcp   LISTEN     0      128    [::]:22                          [::]:*
tcp   LISTEN     0      128    [::1]:631                        [::]:*
tcp   LISTEN     0      128    [::]:5900                        [::]:*
tcp   LISTEN     0      128    [::1]:25                         [::]:*
udp   UNCONN     0      0      127.0.0.1:323                    0.0.0.0:*
udp   UNCONN     0      0      0.0.0.0:631                      0.0.0.0:*
udp   UNCONN     0      0      [::1]:323                        [::]:*
udp   UNCONN     0      0      [::]:631                         [::]:*

Let's break down the output:

  • Netid: The type of socket (e.g., tcp, udp).
  • State: The state of the socket (e.g., LISTEN means it's waiting for a connection).
  • Recv-Q: The number of received bytes in the queue.
  • Send-Q: The number of sent bytes in the queue.
  • Local Address:Port: The local IP address and port number the socket is bound to. 0.0.0.0 and [::] indicate that the socket is listening on all available network interfaces (IPv4 and IPv6 respectively).
  • Peer Address:Port: The remote IP address and port number the socket is connected to. * indicates that the socket is listening for connections from any remote address.

This output shows you which services are running and listening for connections on your system. For example, you can see that SSH (port 22), CUPS (port 631), VNC (port 5900), and the mail server (port 25) are listening.

Understanding this output is the first step in diagnosing network connectivity issues or identifying potentially unwanted services running on your system.

Click Continue to proceed to the next step.

Verify socket with netstat -tuln

In this step, you will use another command, netstat, to verify the network sockets. netstat is an older command compared to ss, but it is still widely used and provides similar information about network connections, routing tables, and interface statistics.

We will use netstat with the same options as ss to see the listening TCP and UDP sockets without resolving service names:

  • -t: Display TCP sockets.
  • -u: Display UDP sockets.
  • -l: Display listening sockets.
  • -n: Do not resolve service names.

Type the following command in your terminal and press Enter:

netstat -tuln

You will see output similar to this:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 ::1:631                 :::*                    LISTEN
tcp6       0      0 :::5900                 :::*                    LISTEN
tcp6       0      0 ::1:25                  :::*                    LISTEN
udp        0      0 127.0.0.1:323           0.0.0.0:*
udp        0      0 0.0.0.0:631             0.0.0.0:*
udp6       0      0 ::1:323                 :::*
udp6       0      0 :::631                  :::*

Notice that the output from netstat -tuln is very similar to the output from ss -tuln. Both commands provide information about the protocol (Proto), the local address and port (Local Address), the foreign address and port (Foreign Address), and the state of the connection (State).

While ss is generally considered faster and more informative for complex scenarios, netstat is still a valuable tool to have in your Linux command arsenal. It's good practice to be familiar with both.

You have now successfully used both ss and netstat to view listening sockets. This is a fundamental skill for understanding network activity on your system.

Click Continue to move on to the next step.

Inspect socket details in /proc/net

In this step, you will explore the /proc/net directory, which provides detailed information about the network stack and network protocols in the Linux kernel. This is where commands like ss and netstat get their data.

The /proc filesystem is a virtual filesystem that provides information about processes and other system information. It's a powerful way to inspect the kernel's internal state.

Inside /proc/net, you'll find files that contain raw data about network connections. For example, tcp, udp, tcp6, and udp6 contain information about active TCP and UDP sockets (IPv4 and IPv6 respectively).

Let's look at the contents of the tcp file. Type the following command in your terminal and press Enter:

cat /proc/net/tcp

You will see output that looks something like this:

sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode ref pointer drops
   0: 0100007F:0019 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 12345 1 0000000000000000 0
   1: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 67890 1 0000000000000000 0
   ... (more lines)

This output is less human-readable than ss or netstat because it's the raw kernel data. Each line represents a TCP socket and contains various fields, including:

  • sl: The socket list index.
  • local_address: The local IP address and port in hexadecimal format. 0100007F is the hexadecimal representation of 127.0.0.1 (loopback address), and 0019 is the hexadecimal representation of port 25.
  • rem_address: The remote IP address and port in hexadecimal format.
  • st: The state of the socket (e.g., 0A represents LISTEN).
  • tx_queue: The transmit queue size.
  • rx_queue: The receive queue size.
  • uid: The user ID that owns the socket.
  • inode: The inode number of the socket.

You can also view UDP sockets by looking at the /proc/net/udp file:

cat /proc/net/udp

And for IPv6 sockets, you can check /proc/net/tcp6 and /proc/net/udp6.

While you won't typically parse these files directly for everyday use, understanding that this is where the network information originates provides deeper insight into how Linux manages network connections. Commands like ss and netstat essentially read and format the data from these files for easier understanding.

You have now explored the raw socket information available in the /proc/net filesystem.

Click Continue to complete the lab.

Summary

In this lab, you learned how to check if a specific network socket is open in Linux using various command-line tools. You began by utilizing the ss command with the -tuln options to display listening TCP and UDP sockets, understanding the output columns such as Netid, State, Local Address:Port, and Peer Address:Port.

Following the use of ss, you would typically verify the socket information using the netstat command, which provides similar network statistics. Finally, you would explore how to inspect detailed socket information directly from the /proc/net filesystem, which offers a lower-level view of the network stack. These steps provide a comprehensive approach to identifying and examining open network sockets on a Linux system.

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

linux
Become a Junior System Administrator

Become a Junior System Administrator

linuxshell
Linux for Noobs

Linux for Noobs

linux