I was running ss -lnp | grep sshd and received the following output (in addition to the LISTEN port(s) I was expecting. Not sure what this is tho:
u_dgr UNCONN 0 0 *78056 *12438 users:(("sshd",pid=22409, fd=4), ("sshd",pid=22337,fd=4)
Thanks in advance for helping me decipher this.
I tried to figure it out. Below are my notes:
u_dgr = u is for UDS (Unix Domain Socket). "Programs that run on the same server can also communicate with each other using Unix Domain Sockets (UDS). Unix Domain Sockets can be stream-based, or datagram-based. When using domain sockets, data is exchanged between programs directly in the operating system’s kernel via files on the host filesystem. To send or receive data using domain sockets, programs read and write to their shared socket file, bypassing network based sockets and protocols entirely" (src). dgr is for datagram. Datagram is opposed to str that stands for stream. dgr is like UDP and str is like TCP for IP protocols.
UNCONN = unconnected. Same as Closed. Datagram protocols are stateless, hence ss always shows such connections as UNCONN.
0 0 is for recv-q and send-q. Shows how many bytes in the queue. 0 means that there is no bytes in the queue.
*78056 *12438 says that programs that are mentioned in 'users:' use any address and port 78056 to send data to the remote port 12438 and any address. sshd program uses port 78056 to send logs to systemd. logs are sent to port 12438. If you do ss -lxnp | grep 12438 then you will see systemd listening on 12438.
In users:(("sshd",pid=22409, fd=4), ("sshd",pid=22337,fd=4) pid is for process ID. fd is for file descriptor. You can check it with ls -lh /proc/22409/fd/
