Displaying traffic using a specific port on a server.

Hi EE,

Running the command:

ss -t | grep 22


Result:

State      Recv-Q Send-Q                                         Local Address:Port                                             Peer Address:Port
ESTAB      0      0                                                  127.0.0.1:59392                                               127.0.0.1:38537
ESTAB      0      52                                              10.2.112.119:ssh                                                10.98.4.13:64686
ESTAB      0      0                                                  127.0.0.1:38537                                               127.0.0.1:59392
ESTAB      0      0                                                  127.0.0.1:59392                                               127.0.0.1:38535
ESTAB      0      0                                                  127.0.0.1:38535                                               127.0.0.1:59392

What is the correct syntax for only displaying connections that are using port 22 for comms?

Any assistance is welcome.

Thank you.
ZackGeneral IT Goto GuyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Prabhin MPEngineer-TechOPSCommented:
ss -t command will list out the connections which are established.
The ss command is a tool used to dump socket statistics and displays information in a similar fashion (although simpler and faster) to netstat.
 
-t means TCP
-u means UDP

ss -t | grep 22

shows  that you are searching  ssh established connections
0
ZackGeneral IT Goto GuyAuthor Commented:
Hi Prabhin,

Fair enough is there a way to get a historical log of established connections over a period of time using the command line.

Thank you.
0
Prabhin MPEngineer-TechOPSCommented:
For the historical log of established connection you may need to capture the packets using tcpdump, then upload the traced packet to Wireshark or any other tool and do the filtration.


netstat and ss will give you currently established connection. It not real-time.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ZackGeneral IT Goto GuyAuthor Commented:
Hi Prabhin,

Thank you for your help, much appreciated.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.