How to use the command "sockstat" (with examples)
The “sockstat” command is used to list open Internet or UNIX domain sockets. It provides information about which users or processes are listening to specific ports. This can be helpful in troubleshooting network issues or monitoring socket activity on a system.
Use case 1: View which users/processes are listening to which ports
Code:
sockstat -l
Motivation: By using the “-l” option with the “sockstat” command, you can get a list of all the open sockets on a system and the corresponding processes or users that are listening to them. This can be useful in identifying any unauthorized processes or potential security threats.
Explanation: The “-l” option is used to view only the sockets that are actively listening. It filters out any connections that are established or in the process of being established. This allows you to focus on the sockets that are actively accepting incoming connections.
Example output:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root sshd 1234 4 tcp4 *:22 *:*
www httpd 5678 4 tcp4 *:80 *:*
In the example output above, the first row indicates that the “sshd” process is listening on port 22. The second row shows that the “httpd” process is listening on port 80.
Conclusion:
The “sockstat” command is a powerful tool for examining open sockets on a system. By using the “-l” option, you can easily view which users or processes are listening to specific ports. This can be valuable in diagnosing network issues or identifying unauthorized processes that may be listening on ports they shouldn’t be.
