1 00:00:00,000 --> 00:00:10,320 In this video, you'll learn how to analyze network sockets. 2 00:00:10,320 --> 00:00:12,880 A network socket is a connection endpoint, 3 00:00:12,880 --> 00:00:16,360 and it consists of an IP address followed by a port. 4 00:00:16,360 --> 00:00:22,360 So 127.0.0.1 colon 80 is the network socket 5 00:00:22,360 --> 00:00:26,959 that defines port 80 listening on local host. 6 00:00:26,959 --> 00:00:29,959 Sockets also exist as Unix sockets, 7 00:00:29,959 --> 00:00:33,040 and Unix sockets are endpoints in communication 8 00:00:33,040 --> 00:00:36,639 with services on Linux or Unix. 9 00:00:36,639 --> 00:00:40,680 SS is a standard tool to show socket information. 10 00:00:40,680 --> 00:00:45,119 It replaces the legacy net set utility. 11 00:00:45,119 --> 00:00:47,599 So SS will show all connections, 12 00:00:47,599 --> 00:00:50,040 and it can be used with a couple of parameters. 13 00:00:50,040 --> 00:00:52,599 And that can be handy to figure out 14 00:00:52,599 --> 00:00:55,880 if anything is listening on a specific socket. 15 00:00:55,880 --> 00:01:00,599 So SS-TU shows connected TCP and UDP sockets. 16 00:01:00,599 --> 00:01:04,800 SS-TUA adds sockets that are in a listening state. 17 00:01:04,800 --> 00:01:10,239 SS-TLN is showing TCP sockets in listening state 18 00:01:10,239 --> 00:01:12,720 only without resolving host names. 19 00:01:12,720 --> 00:01:17,639 And SS-DULPIN shows TCP and UDP sockets 20 00:01:17,639 --> 00:01:20,320 which are in listening state, and it adds process name 21 00:01:20,320 --> 00:01:22,000 or PID to the output. 22 00:01:22,000 --> 00:01:23,360 Let me show you. 23 00:01:23,360 --> 00:01:25,839 So here we have SS, as you can see, 24 00:01:25,839 --> 00:01:27,400 lots of information. 25 00:01:27,400 --> 00:01:30,400 Many of the items that are listed here are files. 26 00:01:30,400 --> 00:01:33,400 Pipe it to less if you want to see what exactly it is. 27 00:01:33,400 --> 00:01:35,639 So local address can be a file, 28 00:01:35,639 --> 00:01:40,000 and a port can be associated to a file as well. 29 00:01:40,000 --> 00:01:41,400 That's the idea of sockets. 30 00:01:41,400 --> 00:01:44,760 Sockets are not uniquely about IP addresses. 31 00:01:44,760 --> 00:01:47,320 But to make it a little bit more specific, 32 00:01:47,320 --> 00:01:53,000 SS-TU for TCP and UDP sockets, 33 00:01:53,000 --> 00:01:54,800 well, add an A to it, 34 00:01:54,800 --> 00:01:59,160 and you can see sockets that are in a listening state. 35 00:01:59,160 --> 00:02:01,080 And if you add an N to it, 36 00:02:01,080 --> 00:02:05,279 you see port numbers instead of port names. 37 00:02:05,279 --> 00:02:10,880 Now, what I like as well is SS-TULPN, 38 00:02:10,880 --> 00:02:14,600 where we get information about the sockets, 39 00:02:14,600 --> 00:02:17,360 but also about the listening process. 40 00:02:17,360 --> 00:02:19,600 And that's something that is often required. 41 00:02:19,600 --> 00:02:21,960 If you see an illegal socket on your system, 42 00:02:21,960 --> 00:02:23,800 you might want to terminate it. 43 00:02:23,800 --> 00:02:27,119 And then the P information is giving the related process 44 00:02:27,119 --> 00:02:28,880 and PID information, 45 00:02:28,880 --> 00:02:31,479 which allows you to easily use kill on that 46 00:02:31,479 --> 00:02:33,080 if you want to get rid of it.