I'm operating a couple of server daemons that use udp to communicate with large number of clients. How do I find and list out all the active udp "connections" that are talking to the servers in order to estimate the num of active clients that are connected to the server daemons? I couldn't think of an easy way to do this besides sniffing the packets with tshark or tcpdump and look at the source ip of udp packets going to the server daemons and yes, I know UDP is connectionless and stateless protocol.
SnapOverflow
UDP is a stateless protocol - so, no states.
To see what's listening for UDP:
The equivalent command on modern linux:
You could log every UDP connection using iptables:
Perhaps you might want to limit it to some ports. Check documentation here or, preferably,
man iptables.As others have mentioned UDP is connection-less so state isn't tracked in the standard locations you might look.
One method you could use is simply setup some simple netfilter rules that use the
--stateoption. This will force netfilter to track state related to UDP. Once you setup rules then you can use a tool like conntrack to look at the netfilter state table. Here for example is what one of my system looks like. You can see there are a couple systems that are frequently communicating to udp/1194 (OpenVPN).Your netfilter rules could be as simple as this.
On Linux, assuming that the iproute2 is installed, you can run the ss command to pull udp sockets like so:
Or all udp sockets, with the associated process:
Here are additional examples you can use with ss, including get connections per process.
http://www.cyberciti.biz/files/ss.html
inspired by this answer, i've found that the following
sssyntax works for me:… because "listening" UDP sockets are like "closed" TCP sockets.