sockstat

Show information for IPv4 and IPv6 sockets for both listening and connected sockets

$ sockstat

$ sockstat -[4|6] -l -R [tcp|udp|raw|unix] -p [port1,port2...]

$ sockstat -cu

$ sockstat -P [pid|process]

$ sockstat -U [uid|user]

$ sockstat -G [gid|group]

sockstat [-46CcLnpSu] [-P protocols] [-T targets] [-X show] [ports ...]
sockstat -l

-4
    Show only IPv4 sockets.

-6
    Show only IPv6 sockets.

-C
    Show only connected sockets.

-c
    Show only control sockets.

-L
    Show only listen sockets.

-n
    Do not attempt to resolve numeric host addresses or port numbers to symbolic names.

-P protocols
    Show sockets of specific protocols, e.g., 'tcp', 'udp', 'raw', 'unix'. Multiple protocols can be comma-separated.

-S
    Show socket statistics, often related to buffer sizes and send/receive queues.

-s
    Show only 'streaming' sockets (e.g., TCP, SCTP, RAW sockets, but not UDP datagram sockets).

-T targets
    Show sockets owned by specific target types, e.g., 'users', 'groups', 'pids'. Multiple types can be comma-separated.

-u
    Show only UDP sockets.

-X show
    Show additional information. For example, 'u' can be used to display unlinked Unix domain sockets.

-l
    Show only listening sockets, often presenting the output in a specific summary format (similar to -L but sometimes with different default columns).

ports ...
    Show sockets using the specified port numbers. Multiple ports can be listed.

sockstat is a powerful utility primarily found on FreeBSD and other BSD-derived operating systems. Its main purpose is to display detailed information about open sockets, encompassing network connections (TCP, UDP, IP), Unix domain sockets, and raw sockets. For each socket, sockstat typically provides details such as the owning user and process ID (PID), the command associated with the PID, the file descriptor, protocol, send/receive queue sizes, local and foreign addresses, and the connection state (e.g., LISTEN, ESTABLISHED). This command is highly valuable for network troubleshooting, security auditing, and gaining insight into the network activity of processes running on a system.

Important Note: sockstat is not a standard command on most Linux distributions. Linux users seeking similar functionality should utilize commands like ss, netstat, or lsof.

The most significant caveat is that sockstat is a standard utility on FreeBSD and other BSD-based systems, but it is not typically found on standard Linux distributions. If you encounter sockstat on a Linux system, it's likely a custom port or a non-standard utility. For equivalent functionality on Linux, users should rely on commands such as ss, netstat, or lsof.

Accessing full information, especially about sockets owned by other users or raw sockets, often requires root privileges or appropriate capabilities.

When run without specific flags, sockstat typically displays columns such as:
USER: The user who owns the socket.
COMMAND: The command name of the process that owns the socket.
PID: The Process ID of the owner.
FD: The file descriptor number associated with the socket.
PROTO: The protocol of the socket (e.g., TCP, UDP, stream, dgram, raw).
LOCAL ADDRESS: The local address and port number.
FOREIGN ADDRESS: The foreign address and port number for connected sockets.
STATE: The state of the TCP connection (e.g., LISTEN, ESTABLISHED, CLOSE_WAIT). For other protocols, this column might show '---'.

To view all socket information, particularly for processes owned by other users or system-level sockets, sockstat generally requires root privileges or equivalent permissions. Running it as a non-root user might only show sockets owned by that specific user.

sockstat originated in the FreeBSD operating system as a dedicated utility to provide a detailed and granular view of open sockets. Its development stemmed from the need for a more comprehensive tool than existing utilities like netstat for inspecting socket-related activity, including process ownership and various socket types (Internet, Unix domain, raw). It has been a staple in FreeBSD for network diagnostics, security analysis, and system administration, evolving alongside the FreeBSD network stack.

ss(8), netstat(8), lsof(8)