❌ netsstat - Parsing ss (iproute2) - Linux Networking
❌ Another human-readable utility of another utility (ss) to investigate sockets
[↗] - Presentation of this « human-readable utility »
What is netsstat ?
Answer: netsstat is just a ss (iproute2) parser written in Perl.
The tool netsstat is just a handy Perl script which allows you to get information about ingoing and outgoing sockets for controlling TCP / IP networking and traffic control on your favorite Linux, like many people did for years with netstat, from the old package net-tools.
But net-tools is over, and people like me, accustomed to using this command, were probably anxious when we have discovered the network utility ss (iproute2), written by Alexey Kuznetsov. This « other utility to investigate sockets » ss is a great network tool within iproute2 to get all information needed, and more, faster than ever. But it is, undoubtedly, not very friendly as netstat could be.
So, using Debian Stretch, running iproute2 and ss, and fed up with always waiting for nets[completionnn]nnnothing, I decided to write a small script to parse those results:
netsstat is a ASCII text executable written in Perl.
[user@linux|00:13:37]:~/$ file netsstat
netsstat: a /usr/bin/perl script, ASCII text executable, with very long lines
[user@linux|00:13:37]:~/$ head -n 16 netsstat
#!/usr/bin/perl
###########################################################################################
## netsstat
## Another human-readable utility of another utility (ss) to investigate sockets
##
## Drafted by JcP aka moog (moog+netsstat(*)sud-ouest.org)
## Website : https://agmen.org/netsstat
## License: WTFPL ( http://www.wtfpl.net/ )
## From: 2018-03-24 To: 2018-04-04
##
my $version="1.3";
###########################################################################################
use strict;
use warnings;
[↗] - Description of the options of netsstat in Linux
[user@linux|00:13:37]:~/$ netsstat -h
netsstat v1.3
Another human-readable utility of another utility (ss) to investigate sockets
Usage: netsstat [ OPTIONS ] [[ FILTER ]]
-h, --help Here you are !
-X, --exthelp Details of all columns.
-x, --detcol COLUMN Details of Specified column: FULL NAME|LETTER.
-t, --proto PROTO Filter by Standard Protocols: TCP|UDP.
-4, --ipv4 Filter by IP Version 4 Sockets.
-6, --ipv6 Filter by IP Version 6 Sockets.
-s, --src IP Filter by IP Source.
-S, --sport PORT Filter by Source Port or Service Name.
-d, --dst IP Filter by IP Destination.
-D, --dport PORT Filter by Destination Port or Service Name.
-C, --country CODE Filter by Country Code.
-f, --filter STATE Filter by TCP States: ALL|ESTAB|LISTEN|TIME-WAIT|CLOSE-WAIT|LAST-ACK|UNCONN.
-p, --pid PID Filter by PID.
-P, --prog NAME Filter by Program Name.
-U, --uid UID Filter by UID.
-I, --inode INODE Filter by Inode.
-E, --extend Show Extra Columns.
-g, --geoip Show Countries (geoip-bin required).
-R, --resolvsrc Show Source Hostnames or IP.
-r, --resolvdst Show Destination Hostnames or IP.
-c, --cols COLUMNS Organize Columns to Display.
-B, --bundle NAME Use This Bundle.
-W, --bundles List of Your netsstat's Bundles.
-w, --detbundle NAME Details of Your netsstat's Bundle.
-T, --title Remove Title bar of Columns.
-H, --hide Hide Displayed IP.
-A, --about About netsstat.
-L, --license License of netsstat.
-V, --update Check for update.
-v, --version Print Version Number and Exit.
Examples:
netsstat -t TCP -f "ESTAB|TIME-WAIT" -4 -g -D 443
netsstat -t TCP -P ssh -C fr -U 1000
netsstat -t UDP -s 0.0.0.0
NB: Source code and updates are available at https://agmen.org/netsstat
[↗] - Description of the availables columns to display
[user@linux|00:13:37]:~/$ netsstat -X
netsstat v1.3
Another human-readable utility of another utility (ss) to investigate sockets
Details of columns (-X) :
[COL] [TITLE] [ss REF] [SIZE] [DESCRIPTION]
A Proto protocol 5 The protocol (tcp, udp, udpl, raw) used by the socket
B Recv-Q recv-q 6 Established: The count of bytes not copied by the user program connected to this
socket. Listening: Since Kernel 2.6.18 this column contains the current syn backlog.
C Send-Q send-q 6 Established: The count of bytes not acknowledged by the remote host. Listening:
Since Kernel 2.6.18 this column contains the maximum size of the syn backlog.
D Local_Address src 22 Address of the local end of the socket. Unless the -R and -r options is specified,
the socket address is not resolved to its canonical host name (FQDN).
E SPort sport 5 Port number of the local end.
F Remote_Address dst 22 Address of the remote end of the socket. Analogous to Local Address.
G DPort dport 5 Port number of the remote end.
H CC - 2 ISO 3166 Country Code of remote end.
I State state 10 Standard TCP States.
J PID pid 5 Process id (PID).
K Program_Name process 15 Process name of the process that owns the socket.
L UID uid 5 User id (UID) of the owner of the socket.
M Inode inode_number 8 Socket's inode number in VFS.
N Recv-B rcv_buf 6 The total memory can be allocated for receiving packet.
O Send-B snd_buf 6 The total memory can be allocated for sending packet.
P Recv bytes_received 6 Bytes received.
Q Send bytes_acked 6 Bytes acked.
R Egress send 10 Egress bps.
S P-Rate pacing_rate 10 Pacing rate bps.
T Recv-ttl lastrcv 9 How long time since the last packet received.
U Send-ttl lastsnd 9 How long time since the last packet sent.
V Recv-M rmem_alloc 6 The memory allocated for receiving packet.
W Send-M wmem_alloc 6 The memory used for sending packet (which has been sent to layer 3).
X Wmem-Q wmem_queued 6 The memory allocated for sending packet (which has not been sent to layer 3).
Y Fwd-A fwd_alloc 6 the memory allocated by the socket as cache, but not used for receiving/sending
packet yet. If need memory to send/receive packet, the memory in this cache will
be used before allocate additional memory.
Z Opt-M opt_mem 6 The memory used for storing socket option, e.g., the key for TCP MD5 signature.
a Back-L back_log 6 The memory used for the sk backlog queue. On a process context, if the process is
receiving packet, and a new packet is received, it will be put into the sk backlog
queue, so it can be received by the process immediately.
b Timer-N timer_name 9 the name of the timer, there are five kind of timer names:
- on: means one of these timers: tcp retrans timer, tcp early retrans timer and
tail loss probe timer
- keepalive: tcp keep alive timer.
- timewait: timewait stage timer.
- persist: zero window probe timer.
- unknown: none of the above timers.
c ExpTime expire_time 9 How long time the timer will expire.
d Retrans retrans 7 How many times the retran occurs.
e Cookie cookie 9 An uuid of the socket.
f Ts ts 2 Show string "ts" if the timestamp option is set.
g Sack sack 4 Show string "sack" if the sack option is set.
h Ecn ecn 3 Show string "ecn" if the explicit congestion notification option is set.
i EcnSeen ecnseen 7 Show string "ecnseen" if the saw ecn flag is found in received packets.
j FastOpen fastopen 8 Show string "fastopen" if the fastopen option is set.
k Cong_Alg cong_alg 8 The congestion algorithm name, the default congestion algorithm is "cubic".
l Wscale wscale 6 If window scale option is used, this field shows the send scale factory and
receive scale factory.
m Rto rto 6 Tcp re-transmission timeout value, the unit is millisecond.
n Backoff backoff 8 Used for exponential backoff re-transmission, the actual re-transmission timeout
value is icsk_rto icsk_backoff.
o Rtt rtt 8 Rtt is the average round trip time.
p Rttvar rttvar 8 Rttvar is the mean deviation of rtt, their units are millisecond.
q Ato ato 4 Ack timeout, unit is millisecond, used for delay ack mode.
r Mss mss 5 Max segment size.
s Cwnd cwnd 5 Congestion window size.
t Ssthresh ssthresh 8 Tcp congestion window slow start threshold.
u Segs_Out segs_out 9 Segments sent out.
v Segs_In segs_in 7 Segments received.
w Rcv_Space rcv_space 9 A helper variable for TCP internal auto tuning socket receive buffer.
x File_Desc fd 9 Sockets file descriptors.
Summary of monitored columns : ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx
List of your bundles (presets) - Configurable in ~/.config/netsstat/netsstat.ini
[user@linux|00:13:37]:~/$ netsstat -W
netsstat v1.3
Another human-readable utility of another utility (ss) to investigate sockets
List of Your netsstat's Bundles.
Name: Columns: Details: Use:
example2 NOPQRSTUVWXZY netsstat -w example2 netsstat -B example2
example3 abcdefghijklm netsstat -w example3 netsstat -B example3
example4 nopqrstuvwx netsstat -w example4 netsstat -B example4
example1 ABCDEFGHIJKLM netsstat -w example1 netsstat -B example1
Your config file is here : /home/user/.config/netsstat/netsstat.ini
Details of your bundle (preset) - Configurable in ~/.config/netsstat/netsstat.ini
[user@linux|00:13:37]:~/$ netsstat -w example2
netsstat v1.3
Another human-readable utility of another utility (ss) to investigate sockets
Details of Your netsstat's Bundle.
Bundle [example2] with Columns [NOPQRSTUVWXZY]
[COL] [TITLE] [ss REF] [SIZE] [DESCRIPTION]
N Recv-B rcv_buf 6 The total memory can be allocated for receiving packet.
O Send-B snd_buf 6 The total memory can be allocated for sending packet.
P Recv bytes_received 6 Bytes received.
Q Send bytes_acked 6 Bytes acked.
R Egress send 10 Egress bps.
S P-Rate pacing_rate 10 Pacing rate bps.
T Recv-ttl lastrcv 9 How long time since the last packet received.
U Send-ttl lastsnd 9 How long time since the last packet sent.
V Recv-M rmem_alloc 6 The memory allocated for receiving packet.
W Send-M wmem_alloc 6 The memory used for sending packet (which has been sent to layer 3).
X Wmem-Q wmem_queued 6 The memory allocated for sending packet (which has not been sent to layer 3).
Z Opt-M opt_mem 6 The memory used for storing socket option, e.g., the key for TCP MD5 signature.
Y Fwd-A fwd_alloc 6 the memory allocated by the socket as cache, but not used for receiving/sending
packet yet. If need memory to send/receive packet, the memory in this cache will
be used before allocate additional memory.
Your config file is here : /home/user/.config/netsstat/netsstat.ini
Render of example2 in your bundles (presets) - Configurable in ~/.config/netsstat/netsstat.ini
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. You just DO WHAT THE FUCK YOU WANT TO.
The WTFPL is a very permissive license for software and other scientific or artistic works that offers a great degree of freedom. In fact, it is probably the best license out there. ✈ http://www.wtfpl.net/ provides information on how to make the most of the WTFPL
[↗] - Download the latest version of netsstat in Linux (v1.3)
ss was written by Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>.
This manual page was written by Michael Prokop <mika@grml.org> for the Debian project (but may be used by others).
Iproute2 is a collection of utilities for controlling TCP / IP networking and traffic control in Linux. It is currently maintained by Stephen Hemminger <stephen@networkplumber.org>.
The original author, Alexey Kuznetsov, is well known for the QoS implementation in the Linux kernel.
The netstat user interface was written by Fred Baumgarten <dc6iq@insu1.etec.uni-karlsruhe.de>.
The man page basically by Matt Welsh <mdw@tc.cornell.edu>.
It was updated by Alan Cox <Alan.Cox@linux.org>, updated again by Tuan Hoang <tqhoang@bigfoot.com>.
The man page and the command included in the net-tools package is totally rewritten by Bernd Eckenfels <ecki@linux.de>. UDPLite options were added by Brian Micek <bmicek@gmail.com>
A collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system.
This package includes arp(8), hostname(1), ifconfig(8), ipmaddr, iptunnel, mii-tool(8), nameif(8), netstat(8),
plipconfig(8), rarp(8), route(8) and slattach(8).
I'm french and I live in the south-west of France.
I like computers and ✈ old analog modular synthesizers... Not really interesting btw :)
I hope you'll get some fun with netsstat.
See you o/