Advanced Networking
Delve deeper into Linux networking with tools and configurations that go
beyond basic connectivity. This page covers connection and traffic monitoring,
SSH daemon (sshd) configuration, /etc/hosts, and analyzing network
activity for running processes.
1. Connection & Traffic Monitoring
Beyond basic checks for open ports, advanced admins often watch real-time traffic or identify specific processes holding network sockets.
1a. ss / netstat
ss (socket statistics) is the modern successor to netstat.
While netstat is still available on many systems,
ss tends to be faster with more detailed output.
| Command / Flag | Description |
|---|---|
ss -tuln |
Lists all listening TCP & UDP ports in numeric form (no DNS resolution). |
ss -s |
Summarizes socket usage stats (TCP, UDP counts, etc.). |
ss -p |
Displays process info for each socket. Needs root privileges or capabilities. |
netstat -plant |
Equivalent in netstat, showing processes, listening ports, numeric addresses, TCP flags. |
ss / netstat Usage
These commands help you see which services are listening and which processes own those sockets. This is often step one in investigating suspicious connections or conflicts on specific ports.
2. SSH Configuration
The Secure Shell (SSH) daemon allows encrypted remote access to your system.
On Ubuntu, the main configuration file is /etc/ssh/sshd_config.
Understanding key directives makes it easier to adjust security and behavior.
/etc/ssh/sshd_config
This file governs how the SSH daemon operates. Common directives include:
| Directive | Description |
|---|---|
Port 22 |
Specifies which port the daemon listens on (default 22). Changing can reduce bot scans. |
PermitRootLogin no |
Disallows direct root logins via SSH. Encouraged for better security. |
PasswordAuthentication yes/no |
Enables or disables password-based authentication. Many prefer no to enforce key-based auth. |
AllowUsers user1 user2 |
Restricts SSH logins to a specific list of users. |
PubkeyAuthentication yes |
Enables key-based authentication if you’ve set up authorized keys. |
sshd_config Directives
After editing, run sudo systemctl restart ssh (or service ssh restart)
for changes to take effect. You can also check syntax with
sudo sshd -t before restarting.
3. /etc/hosts
The /etc/hosts file lets you manually map hostnames to IP addresses,
bypassing DNS. This can be useful for local testing, custom domain aliases, or
when DNS is unreliable.
| Entry Example | Purpose |
|---|---|
127.0.0.1 localhost |
Default loopback mapping on most systems. |
192.168.0.5 mytestbox.local |
Local alias for mytestbox.local pointing to 192.168.0.5. |
::1 ip6-localhost |
IPv6 loopback address mapped to ip6-localhost. |
/etc/hosts Entries
System services and applications check /etc/hosts first when resolving hostnames
(based on /etc/nsswitch.conf ordering). Editing it can override DNS or
quickly test new hostnames without public DNS changes.
4. Network Activity & Running Processes
When investigating unusual traffic or verifying which processes bind to certain ports, you need to view network connections and processes together.
Combining ss/lsof with Process Data
Tools like ss -p, lsof -i, or netstat -plant
let you see the PID and process name associated with each socket or port.
Example:
sudo lsof -i -P -n
sudo ss -tulpn
The -n (numeric) and -P (don’t resolve port) flags
make output more direct, skipping reverse DNS or port name lookups.
This is often faster and clearer when diagnosing issues.
If you need to specifically correlate processes from another angle (e.g.,
verifying traffic logs), you can also use commands like
journalctl -u [service] or systemd-cgtop to see
resource usage per systemd service.
5. Conclusion
Advanced networking tasks in Linux often require deeper insight into how
processes communicate, how SSH is secured, and how local overrides (like
/etc/hosts) can impact resolution. By combining real-time
monitoring (ss, lsof), stable configuration
practices (sshd_config), and local resolution tweaks
(/etc/hosts), you can diagnose and manage complex networking
setups on Ubuntu or other Linux distributions.