4.5 Mettere il tuo computer in Rete

Introduction

In today’s world, computing devices of any kind exchange information through networks. At the very heart of the concept of computer networks are the physical connections between a device and its peer(s). These connections are called links, and they are the most basic connection between two different devices. Links can be established through various media, such as cobber cables, optical fibres, radio waves or lasers.

Each link is connected with an interface of a device. Each device can have multiple interfaces and thus be connected to multiple links. Through these links computers can form a network; a small community of devices that can directly connect to each other. There are numerous examples of such networks in the world. To be able to communicate beyond the scope of a link layer network, devices use routers. Think of link layer networks as islands connected by routers which connect the islands — just like bridges which information has to travel to reach a device which is part of a remote island.

This model leads to several different layers of networking:Link Layer

Handles the communication between directly connected devices.Network Layer

Handles routing outside of individual networks and the unique addressing of devices beyond a single link layer network.Application Layer

Enables individual programs to connect to each other.

When first invented, computer networks used the same methods of communication as telephones in that they were circuit switched. This means that a dedicated and direct link had to be formed between two nodes for them to be able to communicate. This method worked well, however, it required all the space on a given link for only two hosts to communicate.

Eventually computer networks moved over to something called packet switching. In this method the data is grouped up with a header, which contains information about where the information is coming from and where it’s going to. The actual content information is contained in this frame and sent over the link to the recipient indicated in the frame’s header. This allows for multiple devices to share a single link and communicate almost simultaneously.

The job of any packet is to carry information from the source to its destination through a link connecting both devices. These devices need a way to identify themselves to each other. This is the purpose of a link layer address. In an ethernet network, Media Access Control Addresses (MAC) are used to identify individual devices. A MAC address consists of 48 bits. They are not necessarily globally unique and cannot be used to address peers outside of the current link. Thus these addresses can not be used to route packets to another links. The recipient of a packet checks whether the destination address matches its own link layer and, if it does, processes the packet. Otherwise the packet is dropped. The exception to this rule is broadcast packets (a packet sent to everyone in a given local network) which are always accepted.

The command ip link show displays a list of all the available network interfaces and their link layer addresses as well as some other information about the maximum packet size:

$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:33:3b:25 brd ff:ff:ff:ff:ff:ff

The above output shows that the device has two interfaces, lo and ens33lo is the loopback device and has the MAC address 00:00:00:00:00:00 while ens33 is an ethernet interface and has the MAC address 00:0c:29:33:3b:25.

IPv4 Networking

To visit websites such as Google or Twitter, to check emails or to allow businesses to connect to each other, packets need to be able to roam from one link layer network to another. Often, these networks are connected just indirectly, with several intermediate link layer networks which packets have to cross to reach their actual destination.

The link layer addresses of a network interface cannot be used outside that specific link layer network. Since this address has no significance to devices in other link layer networks, a form of globally unique addresses are needed in order to implement routing. This addressing scheme, along with the overall concept of routing, is implemented by the Internet Protocol (IP).

Noteprotocol is a set of procedures of doing something so that all parties following the protocol are compatible to each other. A protocol can be seen as the definition of a standard. In computing, the Internet Protocol is a standard agreed upon by everyone so that different devices produced by different manufacturers can all communicate with each other.

IPv4 Addresses

IP addresses, like MAC addresses, are a way to indicate where a data packet comes from and where it is going to. IPv4 was the original protocol. IPv4 addresses are 32 bits wide giving a theoretical maximum number of 4,294,967,296 addresses. However, the number of those addresses useable by devices is much smaller as some ranges are reserved for special use cases such as broadcast addresses (which are used to reach all participants of a specific network), multicast addresses (similar to broadcast addresses, but a device must tune in like a radio) or those reserved for private use.

In their human readable format IPv4 addresses are denoted as four digits separated by a dot. Each digit can range from 0 to 255. For example, take the following IP address:

192.168.0.1

Technically, each of these digits represents eight individual bits. Thus this address could also be written like this:

11000000.10101000.00000000.00000001

In practice the decimal notation as seen above is used. However, the bitwise representation is still important to understand subnetting.

IPv4 Subnets

In order to support routing, IP addresses can be split into two parts: the network and host portions. The network portion identifies the network that the device is on and is used to route packets to that network. The host portion is used to specifically identify a given device on a network and to hand the packet over to its specific recipient once it has reached its link layer network.

IP addresses can be broken into subnet and host parts at any point. The so-called subnet mask defines where this split happens. Let’s reconsider the binary representation of the IP address from the former example:

11000000.10101000.00000000.00000001

Now for this IP address, the subnet mask sets each bit which belongs to the network part to 1 and each bit that belongs to the host part to 0:

11111111.11111111.11111111.00000000

In practice the network is written in the decimal notation:

255.255.255.0

This means that this network ranges from 192.168.0.0 to 192.168.0.255. Note that the first three numbers, which have all bits set in the net mask, stay unchanged in the IP addresses.

Finally, there is an alternative notation for the subnet mask, which is called Classless Inter-Domain Routing (CIDR). This notation just indicates how many bits are set in the subnet mask and adds this number to the IP address. In the example, 24 out of 32 bits are set to 1 in the subnet mask. This can be expressed in CIDR notation as 192.168.0.1/24

Private IPv4 Addreses

As mentioned before, certain sections of the IPv4 address space are reserved for special use cases. One of these use cases are private address assignments. The following subnets are reserved for private addressing:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

Addresses out of these subnets can be used by anyone. However, these subnets can not be routed on the public internet as they are potentially used by numerous networks at the same time.

Today, most networks use these internal addresses. They allow internal communication without the need of any external address assignment. Most internet connections today just come with a single external IPv4 address. Routers map all the internal addresses to that single external IP address when forwarding packets to the internet. This is called Network Address Translation (NAT). The special case of NAT where a router maps internal addresses to a single external IP address is sometimes call masquerading. This allows any device on the inside network to establish new connections with any global IP address on the internet.

NoteWith masquerading, the internal devices can not be referenced from the internet since they do not have a globally valid address. However, this is not a security feature. Even when using masquerading, a firewall is still needed.

IPv4 Address Configuration

There are two main ways to configure IPv4 addresses on a computer. Either by assigning addresses manually or by using the Dynamic Host Configuration Protocol (DHCP) for automatic configuration.

When using DHCP, a central server controls which addresses are handed out to which devices. The server can also supply devices with other information about the network such as the IP addresses of DNS servers, the IP address of the default router or, in the case of more complicated setups, to start an operating system from the network. DHCP is enabled by default on many systems, therefore you will likely already have an IP address when you are connected to a network.

IP addresses can also be manually added to an interface using the command ip addr add. Here, we add the address 192.168.0.5 to the interface ens33. The network uses the netmask 255.255.255.0 which equals /24 in CIDR notation:

$ sudo ip addr add 192.168.0.5/255.255.255.0 dev ens33

Now we can verify that the address was added using the ip addr show command:

$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
25: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:33:3b:25 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.5/24 192.168.0.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::010c:29ff:fe33:3b25/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

The above output shows both the lo interface and the ens33 interface with its address assigned with the command above.

To verify the reachability of a device, the ping command can be used. It sends a special type of message called an echo request in which the sender asks the recipient for a response. If the connection between the two devices can be successfully established, the recipient will send back an echo reply, thus verifying the connection:

$ ping -c 3 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=2.16 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=1.85 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=3.41 ms

--- 192.168.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 1.849/2.473/3.410/0.674 ms

The -c 3 parameter makes ping stop after sending three echo requests. Otherwise, ping continues to run forever and has to be stopped by pressing kbd:[Ctrl+C].

IPv4 Routing

Routing is the process in which a packet gets from the source network to the destination network. Each device maintains a routing table which contains information about which IP network can be directly reached through the device’s attachment to link layer networks and which IP network can be reached by passing packets on to a router. Finally, a default route defines a router which receives all packets which did not match any other route.

When establishing a connection, the device looks up the target’s IP address in its routing table. If an entry matches the address, the packet is either sent to the respective link layer network or passed on to the router indicated in the routing table.

Routers themselves maintain routing tables, too. When receiving a packet, a router also looks up the destination address in its own routing table and sends the packet on to the next router. This is repeated until the packet arrives at the router on the destination network. Each router involved in this journey is called a hop. This last router finds a direct connected link for the target address in its routing table and sends the packets to its target interface.

Most home networks only have one way out, the singular router that came from the internet service provider (ISP). In this case a device just forwards all packets that aren’t for the internal network directly to the home router which will then send it to the provider’s router for further forwarding. This is an example of the default route.

The command ip route show lists the current IPv4 routing table:

$ ip route show
127.0.0.0/8 via 127.0.0.1 dev lo0
192.168.0.0/24 dev ens33 scope link

To add a default route, all that’s needed is the internal address of the router that’s going to be the default gateway. If, for example, the router has the address 192.168.0.1, then the following command sets it up as a default route:

$ sudo ip route add default via 192.168.0.1

To verify, run ip route show again:

$ ip route show
default via 192.168.0.1 dev ens33
127.0.0.0/8 via 127.0.0.1 dev lo0
192.168.0.0/24 dev ens33 scope link

IPv6 Networking

IPv6 was designed to deal with the shortcomings of IPv4, mainly the lack of addresses as more and more devices were being brought online. However, IPv6 also includes other features such as new protocols for automatic network configuration. Instead of 32 bits per address IPv6 uses 128. This allows for approximately 2^128 addresses. However, like IPv4, the number of globally unique usable addresses is a lot smaller due to sections of the allocation being reserved for other uses. This large number of addresses means there are more than enough public addresses for every device currently connected to the internet and for many more to come, thus reducing the need for masquerading and its issues such as the delay during translation and the impossibility to directly connect to masqueraded devices.

IPv6 Addresses

Written down, the addresses use 8 groups of 4 hexadecimal digits each separated by a colon:

2001:0db8:0000:abcd:0000:0000:0000:7334
NoteHexadecimal digits range from 0 to f, so each digit can contain one of 16 different values.

To make it easier leading zeros from each group can be removed when written down however each group must contain at least one digit:

2001:db8:0:abcd:0:0:0:7334

Where multiple groups containing only zeros follow directly after each other they may be entirely replaced by ‘::’:

2001:db8:abcd::7334

However, this can only happen once in each address.

IPv6 Prefix

The first 64 bits of an IPv6 address are known as the routing prefix. The prefix is used by routers to determine which network a device belongs to and therefore which path the data needs to be sent on. Subnetting always happens within the prefix. ISPs usually hand out /48 or /58 prefixes to their customers, leaving them 16 or 8 bits for their internal subnetting.

There are three major prefix types in IPv6:Global Unique Address

Wherein the prefix is assigned from the blocks reserved for global addresses. These addresses ware valid in the entire internet.Unique Local Address

May not be routed in the internet. They may, however, be routed internally within an organization. These addresses are used within a network to ensure the devices still have an address even when there is no internet connection. They are the equivalent of the private address ranges from IPv4. The first 8 bits are always fc or fd, followed by 40 randomly generated bits.Link Local Address

Are only valid on a particular link. Every IPv6 capable network interface has one such address, starting with fe80. These addresses are used internally by IPv6 to request additional addresses using automatic configuration and to find other computers on the network using the Neighbor Discovery protocol.

IPv6 Interface Identifier

While the prefix determines in which network a device resides, the interface identifier is used to enumerate the devices within a network. The last 64 bits in an IPv6 address form the interface identifier, just like the last bits of an IPv4 address.

When an IPv6 address is assigned manually, the interface identifier is set as part of the address. When using automatic address configuration, the interface identifier is either chosen randomly or derived from the device’s link layer address. This makes a variation of the link layer address appear within the IPv6 address.

IPv6 Address Configuration

Like IPv4, IPv6 address can be either assigned manually or automatically. However, IPv6 has two different types of automated configuration, DHCPv6 and Stateless Address Autoconfiguration (SLAAC).

SLAAC is the easier of the two automated methods and built right into the IPv6 standard. The messages use the new Neighbor Discovery Protocol which allows devices to find each other and request information regarding a network. This information is sent by routers and can contain IPv6 prefixes which the devices may use by combining them with an interface identifier of their choice, as long as the resulting address it not yet in use. The devices do not provide feedback to the router about the actual addresses they have created.

DHCPv6, on the other hand, is the updated DHCP made to work with the changes of IPv6. It allows for finer control over the information handed out to clients, like allowing for the same address to be handed out to the same client every time, and sending out more options to the client than SLAAC. With DHCPv6, clients need to get the explicit consent of a DHCP server in order to use an address.

The method to manually assign an IPv6 address to an interface is the same as with IPv4:

$ sudo ip addr add 2001:db8:0:abcd:0:0:0:7334/64 dev ens33

To verify the assignment has worked the same ip addr show command is used:

$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
25: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:33:3b:25 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.5/24 192.168.0.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::010c:29ff:fe33:3b25/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
    inet6 2001:db8:0:abcd::7334/64 scope global
       valid_lft forever preferred_lft forever

Here we also see the link-local address fe80::010c:29ff:fe33:3b25/64.

Like IPv4, the ping command can also be used to confirm the reachability of devices through IPv6:

$ ping 2001:db8:0:abcd::1
PING 2001:db8:0:abcd::1(2001:db8:0:abcd::1) 56 data bytes
64 bytes from 2001:db8:0:abcd::1: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 2001:db8:0:abcd::1: icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from 2001:db8:0:abcd::1: icmp_seq=3 ttl=64 time=0.072 ms

--- 2001:db8:0:abcd::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 43ms
rtt min/avg/max/mdev = 0.030/0.047/0.072/0.018 ms
NoteOn some Linux systems, ping does not support IPv6. These systems provide a dedicated ping6 command instead.

To verify the link-local address again use ping again. But since all interfaces use the fe80::/64 prefix, the correct interface has to be specified along with the address:

$ ping6 -c 1 fe80::010c:29ff:fe33:3b25%ens33
PING fe80::010c:29ff:fe33:3b25(fe80::010c:29ff:fe33:3b25) 56 data bytes
64 bytes from fe80::010c:29ff:fe33:3b25%ens33: icmp_seq=1 ttl=64 time=0.049 ms

--- fe80::010c:29ff:fe33:3b25 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.049/0.049/0.049/0.000 ms

DNS

IP addresses are difficult to remember and don’t exactly have a high coolness factor if you’re trying to market a service or product. This is where the Domain Name System comes into play. In its simplest form DNS is a distributed phone book that maps friendly rememberable domain names such as example.com to IP addresses. When, for example, a user navigates to a website, they enter the DNS hostname as part of the URL. The web browser then sends the DNS name to whichever DNS resolver has been configured. That DNS resolver will in turn find out the address that correlates to the domain. The resolver then replies with that address and the web browser tries to reach the web server at that IP address.

The resolvers that Linux uses to look up DNS data are configured in the /etc/resolv.conf configuration file:

$ cat /etc/resolv.conf
search lpi
nameserver 192.168.0.1

When the resolver performs a name lookup, it first checks the /etc/hosts file to see if it contains an address for the requested name. If it does, it returns that address and does not contact the DNS. This allows network administrators to provide name resolution without having to go through the effort of configuration a complete DNS server. Each line in that file contains one IP address followed by one or more names:

127.0.0.1          localhost.localdomain   localhost
::1                localhost.localdomain   localhost
192.168.0.10       server
2001:db8:0:abcd::f server

To perform a lookup in the DNS, use the command host:

$ host learning.lpi.org
learning.lpi.org has address 208.94.166.198

More detailed information can be retrieved using the command dig:

$ dig learning.lpi.org
; <<>> DiG 9.14.3 <<>> learning.lpi.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21525
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2ac55879b1adef30a93013705d3306d2128571347df8eadf (bad)
;; QUESTION SECTION:
;learning.lpi.org.		IN	A

;; ANSWER SECTION:
learning.lpi.org.	550	IN	A	208.94.166.198

;; Query time: 3 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sat Jul 20 14:20:21 EST 2019
;; MSG SIZE  rcvd: 89

Here we also see the name of the DNS record types, in this case A for IPv4.

Sockets

socket is a communication endpoint for two programs talking to each other. If the socket is connected over a network, the programs can run on different devices, such as a web browser running on a user’s laptop and a web server running in a company’s data center.

There are three main types of sockets:Unix Sockets

Which connect processes running on the same device.UDP (User Datagram Protocol) Sockets

Which connect applications using a protocol which is fast but not resilient.TCP (Transmission Control Protocol) Sockets

Which are more reliable than UDP sockets and, for example, confirm the receipt of data.

Unix sockets can only connect applications running on the same device. TCP and UDP sockets however can connect over a network. TCP allows for a stream of data that always arrives in the exact order it was sent. UDP is more fire and forget; the packet is sent but its delivery at the other end is not guaranteed. UDP does however lack the overhead of TCP, making it perfect for low latency applications such as online video games.

TCP and UDP both use ports to address multiple sockets on the same IP address. While the source port for a connection is usually random, target ports are standardized for a specific service. HTTP is, for example, usually hosted at port 80, HTTPS is run on port 443. SSH, a protocol to securely log into a remote Linux system, listens on port 22.

The ss command allows an administrator to investigate all of the sockets on a Linux computer. It shows everything from the source address, destination address and type. One of its best features is the use of filters so a user can monitor the sockets in whatever connection state they would like. ss can be run with a set of options as well as a filter expression to limit the information shown.

When executed without any options, the command shows a list of all established sockets. Using the -p option includes information on the process using each socket. The –s option shows a summary of sockets. There are many more options available for this tool but the last set of major ones are -4 and -6 for narrowing down the IP protocol to either IPv4 or IPv6 respectively, -t and -u allow the administrator to select TCP or UDP sockets and -l to show only socket which listen for new connections.

The following command, for example, lists all TCP sockets currently in use:

$ ss -t
State       Recv-Q  Send-Q    Local Address:Port      Peer Address:Port
ESTAB       0       0           192.168.0.5:49412      192.168.0.1:https
ESTAB       0       0           192.168.0.5:37616      192.168.0.1:https
ESTAB       0       0           192.168.0.5:40114      192.168.0.1:https
ESTAB       0       0           192.168.0.5:54948      192.168.0.1:imap
...

Guided Exercise

  1. A network engineer is asked to assign two IP addresses to the ens33 interface of a host, one IPv4 address (192.168.10.10/24) and one IPv6 address (2001:0:0:abcd:0:8a2e:0370:7334/64). What commands must they enter to achieve this?
  2. Which addresses from the list below are private?192.168.10.1120.56.78.35176.16.57.4710.100.49.162200.120.42.6
  3. What entry would you add into the hosts file to assign 192.168.0.15 to example.com?
  4. What effect would the following command have?sudo ip -6 route add default via 2001:db8:0:abcd::1

Explorational Exercises

  1. Name the DNS record type used to serve the following requests:
    • Textual data
    • Reverse IP address lookup
    • A domain that has no address of its own and relies on another domain for this information
    • Mail Server
  2. Linux has a feature called bridging, what does it do and how is it useful?
  3. What option needs to be supplied to the ss command in order to view all established UDP sockets?
  4. Which command shows a summary of all sockets running on a Linux device?
  5. The following output is generated by the command from the previous exercise. How many TCP and UDP sockets are active?Total: 978 (kernel 0) TCP: 4 (estab 0, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0 Transport Total IP IPv6 * 0 – – RAW 1 0 1 UDP 7 5 2 TCP 4 3 1 INET 12 8 4 FRAG 0 0 0

Summary

This topic covers networking your Linux computer. First we learned about the various levels of networking:

  • The link layer which connects devices directly.
  • The networking layer which provides routing between networks and a global address space.
  • The application layer where applications connect to each other.

We have seen how IPv4 and IPv6 are used to address individual computers, and how TCP and UDP enumerate sockets used by applications to connect to each other. We also learned how DNS is used to resolve names to IP addresses.

Commands used in the exercises:dig

Query DNS information and provide verbose information about the DNS queries and responses.host

Query DNS information and provide condensed output.ip

Configure networking on Linux, including network interfaces, addresses and routing.ping

Test the connectivity to a remote device.ss

Show information regarding sockets.

Answers to Guided Exercises

  1. A network engineer is asked to assign two IP addresses to the ens33 interface of a host, one IPv4 address (192.168.10.10/24) and one IPv6 address (2001:0:0:abcd:0:8a2e:0370:7334/64). What commands must they enter to achieve this?sudo ip addr add 192.168.10.10/24 dev ens33 sudo ip addr add 2001:0:0:abcd:0:8a2e:0370:7334/64 dev ens33
  2. Which addresses from the list below are private?192.168.10.1X120.56.78.35176.16.57.47X10.100.49.162X200.120.42.6
  3. What entry would you add into the hosts file to assign 192.168.0.15 to example.com?example.com 192.168.0.15
  4. What effect would the following command have?sudo ip -6 route add default via 2001:db8:0:abcd::1It would add a default route into the table that sends all IPv6 traffic to the router with an internal address of 2001:db8:0:abcd::1.

Answers to Explorational Exercises

  1. Name the DNS record type used to serve the following requests:
    • Textual dataTXT
    • Reverse IP address lookupPTR
    • A domain that has no address of its own and relies on another domain for this informationCNAME
    • Mail ServerMX
  2. Linux has a feature called bridging, what does it do and how is it useful?A bridge connects multiple networking interfaces. All interfaces connected to a bridge can communicate as if they were connected to the same link layer network: All devices use IP addresses from the same subnet and do not require a router in order to connect to each other.
  3. What option needs to be supplied to the ss command in order to view all established UDP sockets?The -u option shows all established UDP sockets.
  4. Which command shows a summary of all sockets running on a Linux device?The ss -s command shows a summary of all sockets
  5. The following output is generated by the command from the previous exercise. How many TCP and UDP sockets are active?Total: 978 (kernel 0) TCP: 4 (estab 0, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0 Transport Total IP IPv6 * 0 – – RAW 1 0 1 UDP 7 5 2 TCP 4 3 1 INET 12 8 4 FRAG 0 0 011 TCP and UDP sockets are active.