Skip to main content
Version: v4.21

sockets

Shows a snapshot of open sockets.

Synopsis

sockets

Description

The sockets operator shows a snapshot of all currently open sockets.

Schemas

Tenzir emits socket information with the following schema.

tenzir.socket

Contains detailed information about the socket.

FieldTypeDescription
piduint64The process identifier.
processstringThe name of the process involved.
protocoluint64The protocol used for the communication.
local_addripThe local IP address involved in the connection.
local_portportThe local port number involved in the connection.
remote_addripThe remote IP address involved in the connection.
remote_portportThe remote port number involved in the connection.
statestringThe current state of the connection.

Examples

Show process ID, local, and remote IP address of all sockets:

sockets
| select pid, local_addr, remote_addr