netsstat - Parsing ss (iproute2) - Linux Networking

❌ Another human-readable utility of another utility (ss) to investigate sockets

[↗] - Presentation of this « human-readable utility »

What is netsstat ?

Answer: netsstat is just a ss (iproute2) parser written in Perl.

The tool netsstat is just a handy Perl script which allows you to get information about ingoing and outgoing sockets for controlling TCP / IP networking and traffic control on your favorite Linux, like many people did for years with netstat, from the old package net-tools.

But net-tools is over, and people like me, accustomed to using this command, were probably anxious when we have discovered the network utility ss (iproute2), written by Alexey Kuznetsov. This « other utility to investigate sockets » ss is a great network tool within iproute2 to get all information needed, and more, faster than ever. But it is, undoubtedly, not very friendly as netstat could be.

So, using Debian Stretch, running iproute2 and ss, and fed up with always waiting for nets[completionnn]nnnothing, I decided to write a small script to parse those results:

[user@linux|00:13:37]:~/$ sudo ss -aimpeno state all
[sudo] password for user :

tcp    ESTAB      0      0     192.XXX.XXX.XXX:50136      163.XXX.XXX.XXX:443      users:(("firefox",pid=3608,fd=98)) timer:(keepalive,6.848ms,0) uid:1000 ino:804889 sk:4d2 <->
         skmem:(r0,rb372480,t0,tb87040,f0,w0,o0,bl0) ts sack cubic wscale:7,7 rto:256 rtt:55.609/6.83 ato:40 mss:1440 cwnd:10 ssthresh:7 bytes_acked:9180 bytes_received:13604 segs_out:54 segs_in:30 send 2.1Mbps lastsnd:3160 lastrcv:3108 lastack:3108 pacing_rate 2.5Mbps rcv_rtt:45.375 rcv_space:29200
tcp    ESTAB      0      0     192.XXX.XXX.XXX:58046       74.XXX.XXX.XXX:993      users:(("thunderbird",pid=3724,fd=45)) uid:1000 ino:422982 sk:dd <->
         skmem:(r0,rb372480,t0,tb46080,f0,w0,o0,bl0) ts sack cubic wscale:8,7 rto:240 rtt:36.468/0.912 ato:40 mss:1368 cwnd:10 bytes_acked:105692 bytes_received:135374 segs_out:4566 segs_in:6171 send 3.0Mbps lastsnd:16088 lastrcv:15888 lastack:16052 pacing_rate 6.0Mbps retrans:0/9 rcv_rtt:171 rcv_space:29200
tcp    TIME-WAIT  0      0     [...]

Why don't you continue to use netstat in Linux ?

Because net-tools is abandoned since 2001, and no longer available on most operating systems.

So why will I continue to use an obsolete tool ?

I'm getting old and tired, and I become lazy with awk/sed/grep/regex/... So I tried to draft a tool for lazy people :)


What netsstat can do for me ?

  • 1) Moving on from net-tools.

  • 2) It uses ss (iproute2).

  • 3) It is the alternative to netstat.

  • 4) You can preset your favorites columns output (Cf Bundles).

  • 5) It's easy to use and documented.

  • 6) Some say it saves the whales (unconfirmed).


[↗] - Prerequisites of this Networking tool


[↗] - Installation of netsstat in Linux

[↗] - Try netsstat easily

  • 1) Install dependencies (debian/ubuntu)

    [user@linux|00:13:37]:~/$ sudo apt-get install libgetopt-complete-perl libconfig-inifiles-perl libwww-perl
  • 2) Download the latest version of netsstat in Linux [↘]

  • 3) Uncompress the file netsstat_v1.1.gz

    [user@linux|00:13:37]:~/$ gzip -d -N netsstat_v1.1.gz
    [user@linux|00:13:37]:~/$ chmod +x netsstat
    [user@linux|00:13:37]:~/$
  • 4) Use it

    [user@linux|00:13:37]:~/$ ./netsstat -h

[↗] - You like netsstat ? Install netsstat !

[user@linux|00:13:37]:~/$ sudo mv netsstat /usr/bin/
[sudo] password for user :
[user@linux|00:13:37]:~/$ netsstat -h

[↗] - You hate it ? Uninstall it !

[user@linux|00:13:37]:~/$ sudo rm /usr/bin/netsstat
[sudo] password for user :
[user@linux|00:13:37]:~/$ rm -rf ~/.config/netsstat
[user@linux|00:13:37]:~/$

[↗] - Let's have a look at netsstat in Linux

netsstat is a ASCII text executable written in Perl.

[user@linux|00:13:37]:~/$ file netsstat
netsstat: a /usr/bin/perl script, ASCII text executable, with very long lines
[user@linux|00:13:37]:~/$ head -n 16 netsstat
#!/usr/bin/perl
###########################################################################################
##  netsstat
##  Another human-readable utility of another utility (ss) to investigate sockets
##
##  Drafted by JcP aka moog (moog+netsstat(*)sud-ouest.org)
##  Website : https://agmen.org/netsstat
##  License: WTFPL ( http://www.wtfpl.net/ )
##  From: 2018-03-24  To: 2018-04-04
##
my $version="1.1";
###########################################################################################

use strict;
use warnings;
        

[↗] - Description of the options of netsstat in Linux

[user@linux|00:13:37]:~/$ netsstat -h

 netsstat v1.1
 Another human-readable utility of another utility (ss) to investigate sockets

 Usage: netsstat [ OPTIONS ] [[ FILTER ]]

        -h, --help               Here you are !
        -X, --exthelp            Details of all columns.
        -x, --detcol COLUMN      Details of Specified column: FULL NAME|LETTER.
        -t, --proto PROTO        Filter by Standard Protocols: TCP|UDP.
        -4, --ipv4               Filter by IP Version 4 Sockets.
        -6, --ipv6               Filter by IP Version 6 Sockets.
        -s, --src IP             Filter by IP Source.
        -S, --sport PORT         Filter by Source Port or Service Name.
        -d, --dst IP             Filter by IP Destination.
        -D, --dport PORT         Filter by Destination Port or Service Name.
        -C, --country CODE       Filter by Country Code.
        -f, --filter STATE       Filter by TCP States: ALL|ESTAB|LISTEN|TIME-WAIT|CLOSE-WAIT|LAST-ACK|UNCONN.
        -p, --pid PID            Filter by PID.
        -P, --prog NAME          Filter by Program Name.
        -U, --uid UID            Filter by UID.
        -I, --inode INODE        Filter by Inode.
        -E, --extend             Show Extra Columns.
        -g, --geoip              Show Countries (geoip-bin required).
        -R, --resolvsrc          Show Source Hostnames or IP.
        -r, --resolvdst          Show Destination Hostnames or IP.
        -c, --cols COLUMNS       Organize Columns to Display.
        -B, --bundle NAME        Use This Bundle.
        -W, --bundles            List of Your netsstat's Bundles.
        -w, --detbundle NAME     Details of Your netsstat's Bundle.
        -T, --title              Remove Title bar of Columns.
        -H, --hide               Hide Displayed IP.
        -A, --about              About netsstat.
        -L, --license            License of netsstat.
        -V, --update             Check for update.
        -v, --version            Print Version Number and Exit.

 Examples:

            netsstat -t TCP -f "ESTAB|TIME-WAIT" -4 -g -D 443
            netsstat -t TCP -P ssh -C fr -U 1000
            netsstat -t UDP -s 0.0.0.0

 NB: Source code and updates are available at https://agmen.org/netsstat
        

[↗] - Render of the results

[user@linux|00:13:37]:~/$ sudo netsstat -H -g
[sudo] password for user :

Proto Recv-Q Send-Q  Local_Address          SPort  Remote_Address         DPort  CC  State         PID  Program_Name       UID    Inode
udp        0      0  127.XXX.XXX.XXX        43660  127.XXX.XXX.XXX        53     ??  ESTAB        3888  chrome-gnome-sh   1000    34550
udp        0      0  *                      5353   *                      *      -   UNCONN       1179  avahi-daemon       111    19679
udp        0      0  127.XXX.XXX.XXX        56325  127.XXX.XXX.XXX        53     ??  ESTAB        3888  chrome-gnome-sh   1000    44089
udp        0      0  *%wlp4s0               40895  *                      *      -   UNCONN       1876  dnsmasq          65534    26343
udp        0      0  127.XXX.XXX.XXX        53     *                      *      -   UNCONN       1876  dnsmasq              -    29944
udp        0      0  *                      68     *                      *      -   UNCONN       1864  dhclient             -    26306
udp        0      0  *                      41158  *                      *      -   UNCONN       1179  avahi-daemon       111    19681
udp        0      0  *                      631    *                      *      -   UNCONN       4199  cups-browsed         -    41856
udp6       0      0  ::                     43754  ::                     *      -   UNCONN       1179  avahi-daemon       111    19682
udp6       0      0  ::                     5353   ::                     *      -   UNCONN       1179  avahi-daemon       111    19680
tcp        0      5  127.XXX.XXX.XXX        53     *                      *      -   LISTEN       1876  dnsmasq              -    29945
tcp        0    128  *                      22     *                      *      -   LISTEN       1289  sshd                 -    29135
tcp        0      5  127.XXX.XXX.XXX        631    *                      *      -   LISTEN       4198  cupsd                -    44366
tcp        0      0  192.XXX.XXX.XXX        42226  163.XXX.XXX.XXX        22     GB  ESTAB        6489  ssh               1000    81065
tcp        0      0  192.XXX.XXX.XXX        49712  216.XXX.XXX.XXX        443    US  ESTAB        3608  firefox           1000    75589
tcp        0      0  192.XXX.XXX.XXX        44436  68.XXX.XXX.XXX         443    US  TIME-WAIT       -  -                    -        0
tcp        0      0  192.XXX.XXX.XXX        39376  83.XXX.XXX.XXX         993    NL  ESTAB        3724  thunderbird       1000    43580
tcp        0     32  192.XXX.XXX.XXX        49178  92.XXX.XXX.XXX         443    DE  FIN-WAIT-1      -  -                    -        0
tcp        0      0  192.XXX.XXX.XXX        58520  172.XXX.XXX.XXX        443    US  ESTAB        3608  firefox           1000    76590
tcp        0      0  192.XXX.XXX.XXX        58256  74.XXX.XXX.XXX         993    US  ESTAB        3724  thunderbird       1000    34663
tcp        0      0  192.XXX.XXX.XXX        59106  216.XXX.XXX.XXX        443    US  ESTAB        3608  firefox           1000    75590
tcp        0      0  192.XXX.XXX.XXX        58198  74.XXX.XXX.XXX         993    US  ESTAB        3724  thunderbird       1000    43277
tcp        0      0  192.XXX.XXX.XXX        58196  74.XXX.XXX.XXX         993    US  ESTAB        3724  thunderbird       1000    43276
tcp        0      0  192.XXX.XXX.XXX        39374  83.XXX.XXX.XXX         993    NL  ESTAB        3724  thunderbird       1000    44382
tcp        0      0  192.XXX.XXX.XXX        37596  178.XXX.XXX.XXX        443    NL  TIME-WAIT       -  -                    -        0
tcp        0      0  192.XXX.XXX.XXX        51210  51.XXX.XXX.XXX         22     GB  ESTAB        6512  ssh               1000    78717
tcp        0      0  192.XXX.XXX.XXX        43760  216.XXX.XXX.XXX        443    US  TIME-WAIT       -  -                    -        0
tcp        0      0  192.XXX.XXX.XXX        41428  96.XXX.XXX.XXX         443    US  ESTAB        3608  firefox           1000    75588
tcp        0      0  192.XXX.XXX.XXX        58254  74.XXX.XXX.XXX         993    US  ESTAB        3724  thunderbird       1000    43592
tcp        0      0  192.XXX.XXX.XXX        39326  83.XXX.XXX.XXX         993    NL  ESTAB        3724  thunderbird       1000    43279
tcp        0      0  192.XXX.XXX.XXX        39378  83.XXX.XXX.XXX         993    NL  ESTAB        3724  thunderbird       1000    43586
tcp        0      0  192.XXX.XXX.XXX        56366  185.XXX.XXX.XXX        6667   NL  ESTAB        3571  weechat           1000    43166
tcp        0      0  192.XXX.XXX.XXX        39460  165.XXX.XXX.XXX        6667   NL  ESTAB        3571  weechat           1000    42202
tcp        0      0  192.XXX.XXX.XXX        39328  83.XXX.XXX.XXX         993    NL  ESTAB        3724  thunderbird       1000    43280
tcp        0      0  192.XXX.XXX.XXX        47962  216.XXX.XXX.XXX        443    US  ESTAB        3608  firefox           1000    79084
tcp6       0    128  ::                     22     ::                     *      -   LISTEN       1289  sshd                 -    29137
tcp6       0      5  ::1                    631    ::                     *      -   LISTEN       4198  cupsd                -    44365
        

[↗] - Display what you want

[user@linux|00:13:37]:~/$ sudo netsstat -c FbcelmopruvST -H -g -t tcp -4
[sudo] password for user :

 Remote_Address          Timer-N      ExpTime    Cookie Wscale    Rto      Rtt   Rttvar   Mss  Segs_Out Segs_In     P-Rate  Recv-ttl
 *                       -                  -         c      -      -        -        -     -         -       -          -         -
 *                       -                  -         d      -      -        -        -     -         -       -          -         -
 *                       -                  -         e      -      -        -        -     -         -       -          -         -
 163.XXX.XXX.XXX         KEEPALIVE      38min        38    7,7    256   53.852   24.215  1440        19      17    4.3Mbps  01:21:01
 68.XXX.XXX.XXX          KEEPALIVE        43s        a4    9,7    244   41.499   14.934  1452        19      20    5.6Mbps  00:02:17
 83.XXX.XXX.XXX          -                  -         f    7,7    244   43.514    5.402  1452       569     577    5.3Mbps  00:00:40
 163.XXX.XXX.XXX         KEEPALIVE    9.824ms        a3    7,7    292   83.381   31.973  1440       114      62    2.8Mbps  00:00:00
 74.XXX.XXX.XXX          -                  -        15    8,7    240    39.21    0.891  1368       898    1220    5.6Mbps  00:00:23
 74.XXX.XXX.XXX          -                  -        18    8,7    248   44.478    5.714  1368       871     716    4.9Mbps  00:00:51
 83.XXX.XXX.XXX          -                  -        19    7,7    244   40.512    1.613  1452       436     388    5.7Mbps  00:01:25
 51.XXX.XXX.XXX          KEEPALIVE      39min        3e    7,7    244   43.005    8.806  1440        19      18    5.4Mbps  01:20:57
 192.XXX.XXX.XXX         KEEPALIVE        22s        9c    0,7    668  199.375   117.06  1448        22      20    1.2Mbps  00:13:08
 83.XXX.XXX.XXX          -                  -        1b    7,7    248   47.051    5.571  1452       416     371    4.9Mbps  00:00:00
 83.XXX.XXX.XXX          -                  -        36    7,7    256   52.353   10.167  1452       786     642    4.4Mbps  00:00:32
 185.XXX.XXX.XXX         KEEPALIVE      12min        1c    7,7    256   52.465    6.425  1440       235     133    4.4Mbps  00:00:58
 165.XXX.XXX.XXX         KEEPALIVE      12min        1d    7,7    732  316.197  103.503  1440       274     272  728.7Kbps  00:00:04
 40.XXX.XXX.XXX          KEEPALIVE    7.812ms        22    8,7    800  351.993   96.402  1428       262     467  649.1Kbps  00:00:07
 216.XXX.XXX.XXX         -                  -        a6    8,7    248   44.136    14.34  1368        10      11    5.0Mbps  00:00:52
 163.XXX.XXX.XXX         KEEPALIVE    6.156ms        9f    7,7    276   74.999   18.117  1440       198     102    3.1Mbps  00:00:03
 83.XXX.XXX.XXX          -                  -        24    7,7    252   48.162    6.208  1452      1194     943    4.8Mbps  00:00:02
 146.XXX.XXX.XXX         -                  -        a7    8,7    272   68.604   23.307  1440        11       9    3.4Mbps  00:00:29
        

[↗] - Description of the availables columns to display

[user@linux|00:13:37]:~/$ netsstat -X

 netsstat v1.1
 Another human-readable utility of another utility (ss) to investigate sockets

 Details of columns (-X) :

 [COL]  [TITLE]          [ss REF]         [SIZE]    [DESCRIPTION]
   A    Proto             protocol          5       The protocol (tcp, udp, udpl, raw) used by the socket
   B    Recv-Q            recv-q            6       Established: The count of bytes not copied by the user program connected to this
                                                    socket. Listening: Since Kernel 2.6.18 this column contains the current syn backlog.
   C    Send-Q            send-q            6       Established: The count of bytes not acknowledged by the remote host. Listening:
                                                    Since Kernel 2.6.18 this column contains the maximum size of the syn backlog.
   D    Local_Address     src               22      Address of the local end of the socket. Unless the -R and -r options is specified,
                                                    the socket address is not resolved to its canonical host name (FQDN).
   E    SPort             sport             5       Port number of the local end.
   F    Remote_Address    dst               22      Address of the remote end of the socket. Analogous to Local Address.
   G    DPort             dport             5       Port number of the remote end.
   H    CC                -                 2       ISO 3166 Country Code of remote end.
   I    State             state             10      Standard TCP States.
   J    PID               pid               5       Process id (PID).
   K    Program_Name      process           15      Process name of the process that owns the socket.
   L    UID               uid               5       User id (UID) of the owner of the socket.
   M    Inode             inode_number      8       Socket's inode number in VFS.
   N    Recv-B            rcv_buf           6       The total memory can be allocated for receiving packet.
   O    Send-B            snd_buf           6       The total memory can be allocated for sending packet.
   P    Recv              bytes_received    6       Bytes received.
   Q    Send              bytes_acked       6       Bytes acked.
   R    Egress            send              10      Egress bps.
   S    P-Rate            pacing_rate       10      Pacing rate bps.
   T    Recv-ttl          lastrcv           9       How long time since the last packet received.
   U    Send-ttl          lastsnd           9       How long time since the last packet sent.
   V    Recv-M            rmem_alloc        6       The memory allocated for receiving packet.
   W    Send-M            wmem_alloc        6       The memory used for sending packet (which has been sent to layer 3).
   X    Wmem-Q            wmem_queued       6       The memory allocated for sending packet (which has not been sent to layer 3).
   Y    Fwd-A             fwd_alloc         6       the memory allocated by the socket as cache, but not used for receiving/sending
                                                    packet yet. If need memory to send/receive packet, the memory in this cache will
                                                    be used before allocate additional memory.
   Z    Opt-M             opt_mem           6       The memory used for storing socket option, e.g., the key for TCP MD5 signature.
   a    Back-L            back_log          6       The memory used for the sk backlog queue. On a process context, if the process is
                                                    receiving packet, and a new packet is received, it will be put into the sk backlog
                                                    queue, so it can be received by the process immediately.
   b    Timer-N           timer_name        9       the name of the timer, there are five kind of timer names:
                                                    - on: means one of these timers: tcp retrans timer, tcp early retrans timer and
                                                      tail loss probe timer
                                                    - keepalive: tcp keep alive timer.
                                                    - timewait: timewait stage timer.
                                                    - persist: zero window probe timer.
                                                    - unknown: none of the above timers.
   c    ExpTime           expire_time       9       How long time the timer will expire.
   d    Retrans           retrans           7       How many times the retran occurs.
   e    Cookie            cookie            9       An uuid of the socket.
   f    Ts                ts                2       Show string "ts" if the timestamp option is set.
   g    Sack              sack              4       Show string "sack" if the sack option is set.
   h    Ecn               ecn               3       Show string "ecn" if the explicit congestion notification option is set.
   i    EcnSeen           ecnseen           7       Show string "ecnseen" if the saw ecn flag is found in received packets.
   j    FastOpen          fastopen          8       Show string "fastopen" if the fastopen option is set.
   k    Cong_Alg          cong_alg          8       The congestion algorithm name, the default congestion algorithm is "cubic".
   l    Wscale            wscale            6       If window scale option is used, this field shows the send scale factory and
                                                    receive scale factory.
   m    Rto               rto               6       Tcp re-transmission timeout value, the unit is millisecond.
   n    Backoff           backoff           8       Used for exponential backoff re-transmission, the actual re-transmission timeout
                                                    value is icsk_rto    icsk_backoff.
   o    Rtt               rtt               8       Rtt is the average round trip time.
   p    Rttvar            rttvar            8       Rttvar is the mean deviation of rtt, their units are millisecond.
   q    Ato               ato               4       Ack timeout, unit is millisecond, used for delay ack mode.
   r    Mss               mss               5       Max segment size.
   s    Cwnd              cwnd              5       Congestion window size.
   t    Ssthresh          ssthresh          8       Tcp congestion window slow start threshold.
   u    Segs_Out          segs_out          9       Segments sent out.
   v    Segs_In           segs_in           7       Segments received.
   w    Rcv_Space         rcv_space         9       A helper variable for TCP internal auto tuning socket receive buffer.
   x    File_Desc         fd                9       Sockets file descriptors.


 Summary of monitored columns : ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx
        

[↗] - What are the Bundles ?

List of your bundles (presets) - Configurable in ~/.config/netsstat/netsstat.ini

[user@linux|00:13:37]:~/$ netsstat -W

 netsstat v1.1
 Another human-readable utility of another utility (ss) to investigate sockets

 List of Your netsstat's Bundles.

 Name:                 Columns:                 Details:                          Use:
 example2              NOPQRSTUVWXZY            netsstat -w example2              netsstat -B example2
 example3              abcdefghijklm            netsstat -w example3              netsstat -B example3
 example4              nopqrstuvwx              netsstat -w example4              netsstat -B example4
 example1              ABCDEFGHIJKLM            netsstat -w example1              netsstat -B example1

 Your config file is here : /home/user/.config/netsstat/netsstat.ini

        

Details of your bundle (preset) - Configurable in ~/.config/netsstat/netsstat.ini

[user@linux|00:13:37]:~/$ netsstat -w example2

 netsstat v1.1
 Another human-readable utility of another utility (ss) to investigate sockets

 Details of Your netsstat's Bundle.

 Bundle [example2] with Columns [NOPQRSTUVWXZY]

 [COL]  [TITLE]           [ss REF]        [SIZE]      [DESCRIPTION]
   N    Recv-B            rcv_buf           6         The total memory can be allocated for receiving packet.
   O    Send-B            snd_buf           6         The total memory can be allocated for sending packet.
   P    Recv              bytes_received    6         Bytes received.
   Q    Send              bytes_acked       6         Bytes acked.
   R    Egress            send              10        Egress bps.
   S    P-Rate            pacing_rate       10        Pacing rate bps.
   T    Recv-ttl          lastrcv           9         How long time since the last packet received.
   U    Send-ttl          lastsnd           9         How long time since the last packet sent.
   V    Recv-M            rmem_alloc        6         The memory allocated for receiving packet.
   W    Send-M            wmem_alloc        6         The memory used for sending packet (which has been sent to layer 3).
   X    Wmem-Q            wmem_queued       6         The memory allocated for sending packet (which has not been sent to layer 3).
   Z    Opt-M             opt_mem           6         The memory used for storing socket option, e.g., the key for TCP MD5 signature.
   Y    Fwd-A             fwd_alloc         6         the memory allocated by the socket as cache, but not used for receiving/sending
                                                      packet yet. If need memory to send/receive packet, the memory in this cache will
                                                      be used before allocate additional memory.

 Your config file is here : /home/user/.config/netsstat/netsstat.ini

        

Render of example2 in your bundles (presets) - Configurable in ~/.config/netsstat/netsstat.ini

[user@linux|00:13:37]:~/$ netsstat -B example2

(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)

Recv-B Send-B   Recv   Send     Egress     P-Rate  Recv-ttl  Send-ttlRecv-M Send-M Wmem-Q  Opt-M  Fwd-A
 208Kb  208Kb      -      -          -          -         -         -    0b     0b     0b     0b    4Kb
 208Kb  208Kb      -      -          -          -         -         -    0b     0b     0b     0b     0b
 208Kb  208Kb      -      -          -          -         -         -    0b     0b     0b    96b     0b
 208Kb  208Kb      -      -          -          -         -         -    0b     0b     0b     0b    4Kb
 208Kb  208Kb      -      -          -          -         -         -    0b     0b     0b     0b     0b
 208Kb  208Kb      -      -          -          -         -         -    0b     0b     0b   144b    4Kb
 208Kb  208Kb      -      -          -          -         -         -    0b     0b     0b     0b     0b
 208Kb  208Kb      -      -          -          -         -         -    0b     0b     0b     0b    4Kb
  85Kb   16Kb      -      -          -          -         -         -    0b     0b     0b     0b     0b
  85Kb   16Kb      -      -          -          -         -         -    0b     0b     0b     0b     0b
  85Kb   16Kb      -      -          -          -         -         -    0b     0b     0b     0b     0b
 366Kb   85Kb   10Kb    1Kb    2.8Mbps    5.7Mbps  00:00:17  00:00:17    0b     0b     0b     0b     0b
     -      -      -      -          -          -         -         -     -      -      -      -      -
 364Kb   45Kb  777Kb  571Kb    2.9Mbps    5.8Mbps  00:00:08  00:00:08    0b     0b     0b     0b     0b
   2Mb   85Kb    2Mb   84Kb    3.0Mbps    5.9Mbps  00:00:21  00:00:21    0b     0b     0b     0b     0b
 364Kb   45Kb    3Kb    3Kb    2.9Mbps    5.9Mbps  00:04:23  00:04:23    0b     0b     0b     0b     0b
 364Kb   85Kb   36Kb   38Kb  400.0Kbps  800.1Kbps  00:00:29  00:00:29    0b     0b     0b     0b     0b
 870Kb   85Kb  956Kb    4Kb    1.7Mbps    3.3Mbps  21:22:45  21:22:45  768b     0b     0b     0b    3Kb
 364Kb   85Kb   27Kb   20Kb    2.5Mbps    3.0Mbps  00:00:02  00:00:02    0b     0b     0b     0b     0b
 957Kb   85Kb    2Mb    1Mb    2.9Mbps    5.8Mbps  00:00:58  00:00:58    0b     0b     0b     0b     0b
 364Kb   45Kb    5Kb    3Kb    2.4Mbps    4.7Mbps  00:00:51  00:00:51    0b     0b     0b     0b     0b
 762Kb   85Kb  446Kb   94Kb    3.4Mbps    6.7Mbps  00:01:01  00:01:01    0b     0b     0b     0b     0b
 364Kb   85Kb   560b   966b    2.5Mbps    4.9Mbps  00:00:23  00:00:23    0b     0b     0b     0b     0b
 366Kb   85Kb  889Kb  528Kb    3.0Mbps    5.9Mbps  00:00:54  00:00:54    0b     0b     0b     0b     0b
 364Kb   45Kb    2Kb    2Kb    2.7Mbps    5.5Mbps  00:04:32  00:04:32    0b     0b     0b     0b     0b
 364Kb   85Kb  715Kb   33Kb  714.2Kbps    1.4Mbps  00:00:13  00:00:28    0b     0b     0b     0b    4Kb
 364Kb   45Kb   355b   876b    3.0Mbps    5.9Mbps  00:00:51  00:00:51    0b     0b     0b     0b     0b
 364Kb   45Kb  743Kb  571Kb    3.3Mbps    6.7Mbps  00:00:54  00:00:54    0b     0b     0b     0b     0b
 364Kb   85Kb    6Kb    2Kb    2.5Mbps    5.0Mbps  00:00:17  00:00:17    0b     0b     0b     0b     0b
 559Kb   45Kb   90Kb    7Kb    2.5Mbps    4.9Mbps  00:00:28  00:00:28    0b     0b     0b     0b     0b
     -      -      -      -          -          -         -         -     -      -      -      -      -
 364Kb   85Kb   51Kb   37Kb  868.0Kbps    1.7Mbps  00:00:12  00:00:12    0b     0b     0b     0b     0b
 364Kb   85Kb   74Kb    7Kb    3.3Mbps    6.5Mbps  00:01:17  00:01:17    0b     0b     0b     0b     0b
     -      -      -      -          -          -         -         -     -      -      -      -      -
 364Kb   85Kb   71Kb   23Kb  394.5Kbps  788.9Kbps  00:00:40  00:00:40    0b     0b     0b     0b     0b
   2Mb   85Kb    1Mb  506Kb  591.1Kbps    1.2Mbps  00:01:25  00:01:25    0b     0b     0b     0b     0b
  85Kb   16Kb      -      -          -          -         -         -    0b     0b     0b     0b     0b
  85Kb   16Kb      -      -          -          -         -         -    0b     0b     0b     0b     0b
 364Kb   85Kb   49Kb   56Kb    1.5Mbps    1.8Mbps  00:00:54  00:00:54    0b     0b     0b     0b     0b
        

[↗] - Opts combinations examples

[user@linux|00:13:37]:~/$ sudo netsstat -P ssh -H
[sudo] password for user :

Proto Recv-Q Send-Q  Local_Address          SPort  Remote_Address         DPort  CC  State         PID  Program_Name       UID    Inode
tcp        0    128  *                      22     *                      *      -   LISTEN       1289  sshd                 -    29135
tcp        0      0  192.XXX.XXX.XXX        42226  163.XXX.XXX.XXX        22     -   ESTAB        6489  ssh               1000    81065
tcp        0      0  192.XXX.XXX.XXX        51210  51.XXX.XXX.XXX         22     -   ESTAB        6512  ssh               1000    78717
tcp6       0    128  ::                     22     ::                     *      -   LISTEN       1289  sshd                 -    29137

[user@linux|00:13:37]:~/$ netsstat -D 443 -H -t tcp -4

(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)

Proto Recv-Q Send-Q  Local_Address          SPort  Remote_Address         DPort  CC  State         PID  Program_Name       UID    Inode
tcp        0      0  192.XXX.XXX.XXX        56182  13.XXX.XXX.XXX         443    -   ESTAB        2758  chromium-browse   1000    99916
tcp        0      0  192.XXX.XXX.XXX        44532  68.XXX.XXX.XXX         443    -   ESTAB        2758  chromium-browse   1000    99917
tcp        0      0  192.XXX.XXX.XXX        35184  40.XXX.XXX.XXX         443    -   ESTAB        2758  chromium-browse   1000    30451

[user@linux|00:13:37]:~/$ netsstat -p 3724 -U 1000 -H

(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)

Proto Recv-Q Send-Q  Local_Address          SPort  Remote_Address         DPort  CC  State         PID  Program_Name       UID    Inode
tcp        0      0  192.XXX.XXX.XXX        39376  83.XXX.XXX.XXX         993    -   ESTAB        3724  thunderbird       1000    43580
tcp        0      0  192.XXX.XXX.XXX        58198  74.XXX.XXX.XXX         993    -   ESTAB        3724  thunderbird       1000    43277
tcp        0      0  192.XXX.XXX.XXX        58196  74.XXX.XXX.XXX         993    -   ESTAB        3724  thunderbird       1000    43276
tcp        0      0  192.XXX.XXX.XXX        39374  83.XXX.XXX.XXX         993    -   ESTAB        3724  thunderbird       1000    44382
tcp        0      0  192.XXX.XXX.XXX        39326  83.XXX.XXX.XXX         993    -   ESTAB        3724  thunderbird       1000    43279
tcp        0      0  192.XXX.XXX.XXX        39378  83.XXX.XXX.XXX         993    -   ESTAB        3724  thunderbird       1000    43586
tcp        0      0  192.XXX.XXX.XXX        39328  83.XXX.XXX.XXX         993    -   ESTAB        3724  thunderbird       1000    43280

[user@linux|00:13:37]:~/$ netsstat -D 443 -P firefox -U 1000 -p 3608 -H

(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)

Proto Recv-Q Send-Q  Local_Address          SPort  Remote_Address         DPort  CC  State         PID  Program_Name       UID    Inode
tcp        0      0  192.XXX.XXX.XXX        38868  52.XXX.XXX.XXX         443    -   ESTAB        3608  firefox           1000   159960
tcp        0      0  192.XXX.XXX.XXX        41864  104.XXX.XXX.XXX        443    -   ESTAB        3608  firefox           1000   151531
tcp        0      0  192.XXX.XXX.XXX        36236  216.XXX.XXX.XXX        443    -   ESTAB        3608  firefox           1000   160142
tcp        0      0  192.XXX.XXX.XXX        43762  163.XXX.XXX.XXX        443    -   ESTAB        3608  firefox           1000   159395
tcp        0      0  192.XXX.XXX.XXX        57878  172.XXX.XXX.XXX        443    -   ESTAB        3608  firefox           1000   156915
tcp        0      0  192.XXX.XXX.XXX        57110  104.XXX.XXX.XXX        443    -   ESTAB        3608  firefox           1000   156917
tcp        0      0  192.XXX.XXX.XXX        37784  94.XXX.XXX.XXX         443    -   ESTAB        3608  firefox           1000   160144
tcp        0      0  192.XXX.XXX.XXX        44650  104.XXX.XXX.XXX        443    -   ESTAB        3608  firefox           1000   160141

[user@linux|00:13:37]:~/$ netsstat -D 443 -4 -t tcp -f ESTAB -T -c F -H
 172.XXX.XXX.XXX
 216.XXX.XXX.XXX
 216.XXX.XXX.XXX
 107.XXX.XXX.XXX
 216.XXX.XXX.XXX
 172.XXX.XXX.XXX
 54.XXX.XXX.XXX
 40.XXX.XXX.XXX
 216.XXX.XXX.XXX
 216.XXX.XXX.XXX
 216.XXX.XXX.XXX
 54.XXX.XXX.XXX
 216.XXX.XXX.XXX
 68.XXX.XXX.XXX
 66.XXX.XXX.XXX
 216.XXX.XXX.XXX
 216.XXX.XXX.XXX
[user@linux|00:13:37]:~/$
        

[↗] - Configuration file per user - netsstat.ini

[user@linux|00:13:37]:~/$ cat ~/.config/netsstat/netsstat.ini

###########################################################################################
##  netsstat - Another human-readable utility of another utility (ss) to investigate sockets
##  Drafted by JcP aka moog (moog+netsstat(*)sud-ouest.org)
##  License: WTFPL ( http://www.wtfpl.net/ )
##
##  CONFIGURATION FILE


################################################################
#
[columns_viewd]

##  columns_cfg
#
#   Specify columns displayed by default
#   ex: columns_cfg = ABCDEFGHIJKLM
#   Default : empty
#   Values  : empty|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx
#
columns_cfg =


##  columnsext_cfg
#
#   Specify by default extra columns displayed with option -E
#   ex: columnsext_cfg = NOPQRSTU
#   Default : empty
#   Values  : empty|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx
#
columnsext_cfg =


##  extended_cfg
#
#   Enable or Disable Extra Columns displayed by default (without -E)
#   extended_cfg = O  ->  Hide Extra Columns by default (Show with -E)
#   extended_cfg = 1  ->  Show Extra Columns by default (Hide with -E)
#   Default : 0
#   Values  : 0|1
#
extended_cfg = 0




################################################################
#
[hostnames]

##  resolvsrc_cfg
#
#   Resolve Source IP to Hostname (like -R) by default.
#   ex: resolvsrc_cfg = 1
#   Default : 0
#   Values  : 0|1
#
resolvsrc_cfg = 0


##  resolvdst_cfg
#
#   Resolve Destination IP to Hostname (like -r) by default.
#   ex: resolvdst_cfg = 1
#   Default : 0
#   Values  : 0|1
#
resolvdst_cfg = 0




################################################################
#
[protocols]

##  protocol_cfg
#
#   Show TCP, UDP or both by default (like -t tcp)
#   ex: protocol_cfg = tcp
#   Default : empty
#   Values  : tcp|udp|empty
#
protocol_cfg =


##  ipvtag_cfg
#
#   Filter IPv4, IPv6 or both by default (like -4 or -6)
#   ex: ipvtag_cfg = 4
#   Default : empty
#   Values  : 4|6|empty
#
ipvtag_cfg =




################################################################
#
[misc]

##  geoip_cfg
#
#   Show Country Code of destinations by default (like -g)
#   /!\ geoip-bin is required
#   ex: geoip_cfg = 1
#   Default : 0
#   Values  : 0|1
#
geoip_cfg = 0


##  color_cfg
#
#   Bring some color in your ... shell :)
#   ex: color_cfg = 1
#   Default : 0
#   Values  : 0|1
#
color_cfg = 0




################################################################
#
[bundles]

##  Your Bundles
#
#   Define here your columns presets (see -B -W and -w options)
#   use : netsstat -B example1
#
#   ex: example1 = ABCDEFGHIJKLM
#   ex: example2 = NOPQRSTUVWXZY
#   ex: example3 = abcdefghijklm
#   ex: example4 = nopqrstuvwx
#
example1 = ABCDEFGHIJKLM
example2 = NOPQRSTUVWXZY
example3 = abcdefghijklm
example4 = nopqrstuvwx




################################################################
#
[columns_sizes]

##  Define here the size of each column
#
#   If you need information about any columns letters or name, use the
#   command:  netsstat -x LETTER or COLUMNS NAME
#   ex: netsstat -x D
#   ex: netsstat -x Remote_Address
#

## Column Proto
A = 5
## Column Recv-Q
B = 6
## Column Send-Q
C = 6
## Column Local_Address
D = 22
## Column SPort
E = 5
## Column Remote_Address
F = 22
## Column DPort
G = 5
## Column CC
H = 2
## Column State
I = 10
## Column PID
J = 5
## Column Program_Name
K = 15
## Column UID
L = 5
## Column Inode
M = 8
## Column Recv-B
N = 6
## Column Send-B
O = 6
## Column Recv
P = 6
## Column Send
Q = 6
## Column Egress
R = 10
## Column P-Rate
S = 10
## Column Recv-ttl
T = 9
## Column Send-ttl
U = 9
## Column Recv-M
V = 6
## Column Send-M
W = 6
## Column Wmem-Q
X = 6
## Column Fwd-A
Y = 6
## Column Opt-M
Z = 6
## Column Back-L
a = 6
## Column Timer-N
b = 9
## Column ExpTime
c = 9
## Column Retrans
d = 7
## Column Cookie
e = 9
## Column Ts
f = 2
## Column Sack
g = 4
## Column Ecn
h = 3
## Column EcnSeen
i = 7
## Column FastOpen
j = 8
## Column Cong_Alg
k = 8
## Column Wscale
l = 6
## Column Rto
m = 6
## Column Backoff
n = 8
## Column Rtt
o = 8
## Column Rttvar
p = 8
## Column Ato
q = 4
## Column Mss
r = 5
## Column Cwnd
s = 5
## Column Ssthresh
t = 8
## Column Segs_Out
u = 9
## Column Segs_In
v = 7
## Column Rcv_Space
w = 9
## Column File_Desc
x = 9



## EOF
        

[↗] - License of netsstat

DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE


DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004

Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>

Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.

DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

0. You just DO WHAT THE FUCK YOU WANT TO.

        

The WTFPL is a very permissive license for software and other scientific or artistic works that offers a great degree of freedom. In fact, it is probably the best license out there. ✈ http://www.wtfpl.net/ provides information on how to make the most of the WTFPL


[↗] - Download the latest version of netsstat in Linux (v1.1)

netsstat_v1.1.gz -

  • Perl script: ASCII text executable - File size: 12605B

  • md5sum: cad6eb1a796a2c256c64e9764be91301


[↗] - Changelog & Previous versions of netsstat in Linux

From v1.0 to v1.1

  • : [Added] - Resolve IPv6 hostnames

  • : [Fixed] - Problem with path verification of ss (iproute2)

  • : netsstat_v1.0.gz - File size: 12398B - md5sum: c12ea9c093f65620817562150d73c31f


[↗] - Frequently Asked Questions around netsstat

▣ Error: Can't exec "/bin/ss"

  • 1) Find where ss (iproute2) is installed:
    [user@linux|00:13:37]:~/$ which ss
    /path/to/ss
    

    2) Edit netsstat file:
    [user@linux|00:13:37]:~/$ nano netsstat

    3) Change the path of ss (iproute2) line 53 and save your file:
    my $ss = "/path/to/ss";         # Where is ss executable file

▣ Error: can't locate Getopt/Long.pm

  • Using debian/ubuntu packages:
    [user@linux|00:13:37]:~/$ sudo apt-get install libgetopt-complete-perl
  • Using cpan:
    [user@linux|00:13:37]:~/$ perl -MCPAN -e 'install "Getopt::Long"'

▣ Error: Can't locate Config/IniFiles.pm

  • Using debian/ubuntu packages:
    [user@linux|00:13:37]:~/$ sudo apt-get install libconfig-inifiles-perl
  • Using cpan:
    [user@linux|00:13:37]:~/$ perl -MCPAN -e 'install "Config::IniFiles"'

▣ Error: Can't locate LWP/Simple.pm

  • Using debian/ubuntu packages:
    [user@linux|00:13:37]:~/$ sudo apt-get install libwww-perl
  • Using cpan:
    [user@linux|00:13:37]:~/$ perl -MCPAN -e'install "LWP::Simple"'

▣ Installing geoip-bin

  • 1) Using debian/ubuntu packages:

    [user@linux|00:13:37]:~/$ sudo apt-get install geoip-bin
  • 2) Update geoip-bin database (bash script):

    • a) Create file /opt/update_geoip.sh :
      [user@linux|00:13:37]:~/$ sudo nano /opt/update_geoip.sh
    • b) Copy to file /opt/update_geoip.sh :
      #!/bin/bash
      
      wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz -O /tmp/GeoLiteCity.dat.gz
      gunzip /tmp/GeoLiteCity.dat.gz
      mv -v /tmp/GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat
      
      wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz -O /tmp/GeoIP.dat.gz
      gunzip /tmp/GeoIP.dat.gz
      mv /tmp/GeoIP.dat /usr/share/GeoIP/GeoIP.dat
    • c) Save file /opt/update_geoip.sh and execute :
      [user@linux|00:13:37]:~/$ sudo chmod +x /opt/update_geoip.sh
      [user@linux|00:13:37]:~/$ sudo /opt/update_geoip.sh

[↗] - Bug Track & Contact & IRC


[↗] - Todo List

  • Add IPv6 hostname resolve

  • Add PACKET, RAW, DCCP & UNIX sockets

  • Add Statistics (Usage summary)


[↗] - References

▣ ss - another utility to investigate sockets - [✈ man page of ss]

ss was written by Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>.
This manual page was written by Michael Prokop <mika@grml.org> for the Debian project (but may be used by others).


▣ iproute2 - [✈ git of iproute2]

Iproute2 is a collection of utilities for controlling TCP / IP networking and traffic control in Linux. It is currently maintained by Stephen Hemminger <stephen@networkplumber.org>.
The original author, Alexey Kuznetsov, is well known for the QoS implementation in the Linux kernel.


▣ netstat - [✈ man page of netstat]

Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

The netstat user interface was written by Fred Baumgarten <dc6iq@insu1.etec.uni-karlsruhe.de>.
The man page basically by Matt Welsh <mdw@tc.cornell.edu>.
It was updated by Alan Cox <Alan.Cox@linux.org>, updated again by Tuan Hoang <tqhoang@bigfoot.com>.
The man page and the command included in the net-tools package is totally rewritten by Bernd Eckenfels <ecki@linux.de>. UDPLite options were added by Brian Micek <bmicek@gmail.com>


▣ net-tools - [✈ Linux Foundation Wiki of net-tools]

A collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system.
This package includes arp(8), hostname(1), ifconfig(8), ipmaddr, iptunnel, mii-tool(8), nameif(8), netstat(8),
plipconfig(8), rarp(8), route(8) and slattach(8).


[↗] - About the author

I'm JcP aka moog

I'm french and I live in the south-west of France.
I like computers and ✈ old analog modular synthesizers... Not really interesting btw :)
I hope you'll get some fun with netsstat.
See you o/