A server is application software that listens to requests over a network and returns the requested files, data, etc. Linux machines have servers installed for many different protocols: Eg. HTTP Server, SSH Server, FTP Server, etc.
The computers which request data from a server (client machines) using either a web browser for HTTP requests or an SSH or FTP Client and are obviously identified by an IP address.
In this article, we will learn how to find out what IP addresses are connected to your Linux server.
Check What IP’s are Connected to Linux Server
The netstat utility used to be a very commonly used command for checking network traffic, routing tables, etc., and in Linux this command is mostly obsolete now and is replaced by the utility ss (socket statistics), which is by default available in most Linux distributions.
To get the list of IP addresses connected to your Linux server, run the following command.
$ ss -tun state connected
't' implies TCP connections,
'u' implies UDP connections and the
'n' implies that the command should display IP addresses in a numerical format, without name resolution.
'n' is not specified, the command will display the protocol name instead of its port number (read: find and close ports in Linux).
$ ss -tu state connected
The column ‘Peer Address: Port are the fields that contain the IP addresses of connected computers to your Linux servers. Thus we have found that these addresses are connected to my server: 10.0.2.2 connected on the service Bootstrap Protocol, 127.0.0.1 (i.e., localhost) connected on SSH and FTP, and 126.96.36.199 connected on HTTP.
Another interesting column in the output is the last column: State, which obviously, means the state of the connection, whether it is timed out or established, etc. We have added something called a ‘state filter’ with the statement ‘state connected’. This will only show the ports which have IPs connected to them.
The state TIME_WAIT signifies that the server has initiated the closing of the connection; it is just kept around to gather and handle some packets of data that arrive late. Similarly, CLOSE_WAIT signifies that the client has initiated the closing, and the connection will be closed once all data packets are dealt with.
Similarly, ESTABLISHED signifies that the connection is currently established and the client computer can access the public files on the server.
Today we learned about the command ss and how to use it to see which IP Addresses are connected to your Linux server. Which command do you use to check traffic on your server? Do let us know in the comments below!