15 Useful ‘Sockstat Command Examples’ to Find Open Ports in FreeBSD

Sockstat is a versatile command line utility used for displaying network and system opened sockets in FreeBSD. Mainly, sockstat command is installed by default in FreeBSD and it’s commonly used for displaying the name of the processes who opened a certain network port on a FreeBSD system.

However, sockstat can also list open sockets based on protocol version (both IP versions), on the state of the connection and on what ports a daemon or a program binds and listens on.

Read Also: 20 Useful ‘netstat’ Command Examples to Check Network Connections

It can also display inter-process communication sockets, typically known as Unix domain sockets or IPC. Sockstat command combined with grep filter or piped through awk utility proves to be a powerful tool for the local networking stack.

It can shrink the results for an opened connection based on the user who owns the socket, the file descriptor of a network socket or the PID of the process who opened the socket.

In this guide we’ll list some common utilization examples, but also very powerful, of sockstat command line networking utility in FreeBSD.

Requirements

  1. FreeBSD 11.1 Installation Guide

1. List All Opened Ports in FreeBSD

Simply executed without any options or switches, sockstat command will display all opened sockets in a FreeBSD system, as illustrated in the below screenshot.

# sockstat
Display Network Ports in FreeBSD
Display Network Ports in FreeBSD

The values displayed in the sockstat output are described as:

  • USER : The owner (user account) of the socket.
  • COMMAND : The command which with opened the socket.
  • PID : The process ID of the command which owns the socket.
  • FD : The file descriptor number of the socket.
  • PROTO : The transport protocol (usually TCP/UDP) associated with the opened socket or socket type in case of unix domain sockets (datagram, stream or seqpac) for UNIX sockets.
  • LOCAL ADDRESS : It represents the local IP address for IP based sockets. In case of Unix sockets it represents endpoint filename attached to the socket. The “??” notation implies that the socket endpoint could not be recognized or established.
  • FOREIGN ADDRESS : The remote IP address where the socket is connected to.

2. List Listening or Opened Ports in FreeBSD

Executed with the -l flag, sockstat command will display all listening sockets opened in the networking stack and all opened unix domain sockets or named pipes involved in some kind of local data processing in the system.

# sockstat -l
List Opened Network Ports
List Opened Network Ports

3. List IPv4 Opened Ports in FreeBSD

To display all opened sockets for IPv4 protocol only, issue the command with the -4 flag, as suggested in the below example.

# sockstat -4
List IPv4 Opened Ports in FreeBSD
List IPv4 Opened Ports in FreeBSD

4. List IPv6 Opened Ports in FreeBSD

Similar to IPv4 version, you can also display the opened network sockets for IPv6 only, by issuing the command as shown below.

# sockstat -6
List IPv6 Opened Ports
List IPv6 Opened Ports

5. List TCP or UDP Opened Ports in FreeBSD

In order to display network sockets based only on a specified network protocol, such as TCP or UDP, use the -P flag, followed by the argument name of the protocol.

The protocol names can be found by inspecting the content of the /etc/protocols file. Currently, the ICMP protocol is not supported by the sockstat tool.

Show only TCP sockets
# sockstat -P tcp
List TCP Opened Ports
List TCP Opened Ports
Show only UDP sockets
# sockstat -P udp
List UDP Opened Ports
List UDP Opened Ports

Chain both protocols.

# sockstat –P tcp,udp

6. List TCP and UDP Specific Port Numbers

If you want to display all TCP or UDP IP opened sockets, based on the local or remote port number, use the below command flags and syntax, as illustrated in the below screenshot.

# sockstat -P tcp -p 443             [Show TCP HTTPS Port]
# sockstat -P udp -p 53              [Show UDP DNS Port] 
# sockstat -P tcp -p 443,53,80,21    [Show Both TCP and UDP]
List Specific TCP Port
List Specific TCP Port

7. List Opened and Connected Ports in FreeBSD

In order to display all opened and connected sockets, use the -c flag. As shown in the below samples, you can list all HTTPS connected sockets or all TCP connected sockets by issuing the commands.

# sockstat -P tcp -p 443 -c
# sockstat -P tcp -c
List Opened and Connected Ports
List Opened and Connected Ports

8. List Network Listening Ports in FreeBSD

To list all opened TCP sockets in listening state append the -l and -s flags, as shown in the below example. Being a connectionless protocol, UDP maintains no information about the state of the connection.

UDP opened sockets cannot be displayed by using their state, because the udp protocol uses datagrams to send/receive data and has no build-in mechanism to determine the state of the connection.

# sockstat -46 -l -s
List Network Listening Ports
List Network Listening Ports

9. List Unix Sockets and Named Pipes

Unix domain sockets, as well as other forms of local inter-process communication, such as named pipes, can be displayed by sockstat command by using the -u flag, as shown in the below image.

# sockstat -u
List Unix Sockets
List Unix Sockets

10. List Ports Opened by Application in FreeBSD

Sockstat command output can be filtered through grep utility in order to display a list of ports opened by a specific application or command.

Suppose you want to list all sockets associated with Nginx web server, you can issue the following command to achieve the task.

# sockstat -46 | grep nginx
List Application Listening Sockets
List Application Listening Sockets

To display only the connected sockets associated with Nginx web server, issue the following command.

# sockstat -46 -c| grep nginx

11. List HTTPS Connected Protocols

You can list all connected sockets associated with HTTPS protocol alongside the state of each connection by running the below command.

# sockstat -46 -s -P TCP -p 443 -c
List HTTPS Connected Protocols
List HTTPS Connected Protocols

12. List HTTP Remote Sockets

To list all remote sockets associated with the HTTP protocol, you can run one of the following command combinations.

# sockstat -46 -c | egrep '80|443' | awk '{print $7}' | uniq -c | sort -nr
# sockstat -46 -c -p 80,443 | grep -v ADDRESS|awk '{print $7}' | uniq -c | sort -nr
List Remote HTTP Protocols
List Remote HTTP Protocols

13. Find Highest HTTP Requests By IP Addresses

In case you want to find how many HTTP connections are requested by each remote IP address, issue the below command. This command can be very useful in case you want to determine if your web server is under some kind of DDOS attack. In case of suspicions, you should investigate the IP addresses with the highest request rate.

# sockstat -46 -c | egrep '80|443' | awk '{print $7}' | cut -d: -f1 | uniq -c | sort –nr

14. List DNS Opened Sockets

If you have configured a caching and forward DNS server at your premises to serve internal clients via TCP transport protocol and you want to display a list of all sockets
opened by the resolver, along with the state of each socket connection, execute the following command.

# sockstat -46 -P tcp –p 53 -s
List DNS Opened Sockets
List DNS Opened Sockets

15. Query TCP DNS on Local Domain

If there’s no DNS traffic on the network, you can manually trigger a DNS query on the TCP socket from the local machine’s console by running the following dig command. Afterwards, issue the above command to list all resolver sockets.

# dig +tcp  www.domain.com  @127.0.0.1
Query TCP DNS on Local
Query TCP DNS on Local

That’s all! Along with netstat and lsof command line utilities, sockstat command line is a powerful utility used for acquiring network information and troubleshoot multiple aspects of FreeBSD networking stack and networking related processes and services.

The FreeBSD sockstat command counterpart in Linux is represented by the netstat or the newly ss command. Believe it or not, based on sockstat utility, you can find a similar application developed for Android OS, named SockStat – Simple Netstat GUI.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Matei Cezar
I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.