Além das análises das conexões, você poderá realizar filtros bem específicos.
Instalação (Install)
Ubuntu, Debian and Linux Mint
sudo apt update
sudo apt install iproute2
CentOS and Red Hat (RHEL)
sudo yum install iproute
Fedora
sudo dnf install iproute
Arch Linux
sudo pacman -S iproute2
macOS (Homebrew)
brew install iproute2mac
Utilizando o comando ss
O comando ss é uma excelente alternativa para realizar filtros e pesquisas mais precisos.
Opções utilizadas
- l: Lista os sockets LISTEN, exceto as defaults.
- t: Conexões TCP.
- a: Todas as conexões TCP.
- n: Mostra o número das portas.
- s: statistics.
- u: Conexões UDP.
- dst: Host destino
- src: Host de origem
- dport: Porta destino
- sport: Porta origem
Mostrando todas as estatísticas
$ ss -s
Total: 1091
TCP: 17 (estab 13, closed 0, orphaned 0, timewait 0)
Transport Total IP IPv6
RAW 1 0 1
UDP 7 5 2
TCP 17 16 1
INET 25 21 4
FRAG 0 0 0
Listando todas as conexões TCP ativas com ss
$ ss -tn
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
ESTAB 0 0 192.168.31.228:35320 52.168.117.168:443
ESTAB 0 0 192.168.31.228:32768 35.186.227.140:443
ESTAB 0 0 192.168.31.228:54558 34.107.243.93:443
Listando todas as portas LISTEN TCP ativas com ss
$ ss -ltn
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.1:80 0.0.0.0:*
LISTEN 0 128 127.0.0.1:443 0.0.0.0:*
Listando todas as portas LISTEN e conexões TCP ativas com ss
$ ss -ltna
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.1:80 0.0.0.0:*
LISTEN 0 128 127.0.0.1:443 0.0.0.0:*
ESTAB 0 0 192.168.31.228:37438 34.36.165.17:443
ESTAB 0 0 192.168.31.228:54558 34.107.243.93:443
ESTAB 0 0 192.168.31.228:39520 20.50.201.200:443
Listando todas as portas LISTEN e conexões UDP ativas com ss
$ ss -luna
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:*
ESTAB 0 0 192.168.31.228%enp12s0:68 192.168.31.1:67
Listando todas conexões com destino o IP specífico. (Ex: do Github)
$ ss -lna dst 185.199.111.154
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp ESTAB 0 0 192.168.31.228:36856 185.199.111.154:443
tcp ESTAB 0 0 192.168.31.228:36794 185.199.111.154:443
Listando todas conexões do Host destino e porta porta específica. (Ex: do Github)
$ ss -lna dst 185.199.111.154 dport = :443
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp ESTAB 0 0 192.168.31.228:36856 185.199.111.154:443
tcp ESTAB 0 0 192.168.31.228:36794 185.199.111.154:443
Listando todas conexões com o state established.
Podemos utilizar os seguintes states para TCP: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listening e closing.
$ ss -lnat -o state established '( sport = :443 or dport = :443 )'
Recv-Q Send-Q Local Address:Port Peer Address:Port Process
0 0 192.168.31.228:54232 185.199.109.154:443 timer:(keepalive,3.105ms,0)
0 0 192.168.31.228:41954 52.168.117.168:443 timer:(keepalive,23sec,0)
0 0 192.168.31.228:54224 185.199.109.154:443 timer:(keepalive,3.104ms,0)
0 0 192.168.31.228:50572 185.199.108.133:443 timer:(keepalive,39sec,0)
0 0 192.168.31.228:46844 35.186.194.58:443 timer:(keepalive,17sec,0)
0 0 192.168.31.228:37402 35.201.112.186:443 timer:(keepalive,3.102ms,0)