6

The ss command seems to distinguish between * and 0.0.0.0. While the listing of ssh with 0.0.0.0:22 and [::]:22 is clear, *:7946 and *:80 is not quite as much.

$ ss -ntl
State    Recv-Q   Send-Q     Local Address:Port     Peer Address:Port  
LISTEN   0        128              0.0.0.0:22            0.0.0.0:*     
LISTEN   0        128                    *:7946                *:*     
LISTEN   0        128                    *:80                  *:*     
LISTEN   0        128                 [::]:22               [::]:*

Why isn't it 0.0.0.0:7946 and 0.0.0.0:80? What's the difference here?

tcurdt
  • 413
  • 1
  • 4
  • 10

1 Answers1

8

The difference lies inside the address family:

0.0.0.0:22 : This is a listen socket which accepts connections on any interface, port 22 for IPv4 connections only.

[::]:22 : Same here, but for IPv6 connections.

LISTEN   0        128                    *:80                  *:*

And this is a listen sockets which accepts IPv4 as well as IPv6 connection requests.

Martin
  • 2,194
  • 7
  • 16
  • So 0.0.0.0:22 and [::]:22 are two sockets, one for each address family. *:80 is one socket that listens for both? Isn't that still two sockets on the network stack? – micke Mar 01 '21 at 19:18
  • no... as far as I know, the linux socket call accepts ```AF_UNSPEC``` as address family... besides, programms like ss and netstat lists the socket one by one; you would see the socket twice if it were two sockets on the network stack. – Martin Mar 01 '21 at 19:36
  • Awesome. I knew it must have been something simple. Was hard to search for because of the "*" :) Thanks! – tcurdt Mar 01 '21 at 20:05
  • I have to apologize, my comment about the ```AF_UNSPEC``` was incorrect - the correct way to open an socket which supports both address family is: https://stackoverflow.com/questions/1618240/how-to-support-both-ipv4-and-ipv6-connections – Martin Mar 01 '21 at 20:06
  • 1
    You can ask ss to be more verbose about it: `ss -ntl -e` will add amont other information `v6only:0`for sockets listening to both and `v6only:1` for pure ipv6 (you can use `socat`'s `ipv6only=1` option to test). – A.B Mar 01 '21 at 20:13