Linux Terminal

Monitor Linux Sockets and Ports with Ease: A Comprehensive Guide to somo

Managing network sockets and ports on Linux is a central task for system administrators, developers, and operations engineers. Traditional tools—like netstat and ss—get the job done, but their output can be dense, filtering requires tedious piping, and there’s no built‑in way to interactively kill processes. Enter somo: a human‑friendly alternative that presents connections in a clean table view, offers one‑click filtering, and even lets you terminate processes right from the CLI. In this guide, you’ll learn everything from installation to advanced use cases, all in clear, actionable steps.

Table of Contents

  1. Why Upgrade Your Port Monitoring Workflow?
  2. Introducing somo: Key Features at a Glance
  3. Installation Methods

    • Debian .deb Package
    • Cargo (Rust) Installation
    • Nix (with Flakes) Build
  4. Getting Started: Running somo for the First Time
  5. Understanding somo’s Table View
  6. Filtering Connections: Zero‑Pipeline Efficiency

    • Protocol Filtering
    • Local & Remote Port Filtering
    • Remote IP & Program Name Filtering
    • Excluding IPv6 Entries
  7. Interactive Process Termination
  8. Real‑World Examples & Best Practices
  9. Automating somo in Scripts and Monitoring Systems
  10. Troubleshooting & Tips
  11. Frequently Asked Questions (FAQ)
  12. Conclusion: Simplify Your Linux Networking Tasks

1. Why Upgrade Your Port Monitoring Workflow?

For decades, netstat -tulpn has been the go‑to command for inspecting active sockets and ports:

$ sudo netstat -tulpn
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1027/sshd
udp        0      0 127.0.0.53:53           0.0.0.0:*                           645/systemd-resolved
...

While this output provides raw data, it suffers from three main drawbacks:

  • Cluttered Layout – All fields occupy a single line, making it hard to scan for the most important information at a glance.
  • Cumbersome Filtering – To isolate TCP vs. UDP, specific ports, or program names, you often chain grep, awk, or sed, leading to long, error‑prone commands.
  • Lack of Interactivity – Identifying a rogue process and killing it requires a separate step: note the PID, run kill, verify the result—breaking your workflow.

In high‑pressure scenarios—troubleshooting a production outage or investigating suspicious connections—these inefficiencies add up. somo streamlines the process with a focus on clarity, speed, and interactivity.

2. Introducing somo: Key Features at a Glance

Built in Rust for performance and reliability, somo transforms socket and port monitoring into an intuitive experience:

  • Clean Table View
    Outputs a well‑aligned, color‑friendly table where columns auto‑adjust to content length. No more squinting to read long addresses or program names.

  • One‑Command Filters
    Native flags for common filters—protocol (--proto), ports (--port, --remote-port), IPs (--ip), programs (--program), PIDs (--pid), state (--open, --listen), and more—eliminate the need for external tools.

  • Interactive Kill Mode
    Activate the --kill flag to browse the table, select a row via arrow keys or index, and terminate the associated process immediately—right from the same interface.

  • Minimal Keystrokes
    Shrink netstat -tulpn to somo -l without sacrificing functionality. Every character saved is efficiency gained.

Table View Example

3. Installation Methods

Depending on your environment and preference, somo can be installed via a native package, Rust’s Cargo, or Nix.

3.1 Debian .deb Package

Best for Debian, Ubuntu, Mint, and other Debian‑based distributions:

  1. Go to the somo Releases page.

  2. Download the latest somo_<version>_amd64.deb.

  3. Install with dpkg and resolve dependencies:

    sudo dpkg -i somo_<version>_amd64.deb
sudo apt-get install -f   # Fix any missing dependencies

  4. Confirm installation:

    somo --version

Tip: .deb installation places the binary in your system $PATH, ready for immediate use.

3.2 Cargo (Rust) Installation

Ideal for Rust enthusiasts or those wanting the bleeding‑edge version:

cargo install somo
  • Default Path: ~/.cargo/bin/somo.
  • Permission Note: Without root privileges, you’ll only see your user’s processes and ports.

To enable full access:

sudo ln -s ~/.cargo/bin/somo /usr/local/bin/somo
sudo somo   # Runs with root privileges

3.3 Nix (with Flakes)

Perfect for reproducible builds on NixOS or Nix-enabled systems:

nix build 'github:theopfr/somo?dir=nix'
sudo ./result/bin/somo
  • Flakes ensure a declarative, reproducible build.
  • You must have Nix installed with Flakes enabled.

4. Getting Started: Running somo for the First Time

Once installed, launch somo in listen mode to view all listening sockets:

sudo somo -l
  • -l, --listen: Show only LISTEN sockets.
  • By default, somo lists both TCP and UDP, all local addresses, ports, and associated processes.

Sample Output:

Proto Local Address Remote Address State PID Program
TCP 0.0.0.0:22 LISTEN 1027 sshd
UDP 127.0.0.1:53 645 systemd‑resolved

Compared to netstat, somo hides non‑essential columns and highlights key fields for faster comprehension.

5. Understanding somo’s Table View

The table interface is at the heart of somo’s appeal:

  • Auto‑Resizing Columns
    Columns grow or shrink to fit the longest entry, ensuring no text is truncated.
  • Visual Clarity
    Alternating row backgrounds and soft color accents guide the eye.
  • Consistent Field Order
    Always: Protocol, Local Address, Remote Address, State, PID, Program—so you instinctively know where to look.

Whether you’re scanning dozens of entries or just a handful, the structured layout allows you to spot anomalies—unexpected ports or foreign addresses—instantly.

6. Filtering Connections: Zero‑Pipeline Efficiency

With somo, you combine multiple flags to refine your view. No more grep + awk + sed chains.

Flag Description Example Value
--proto Filter by protocol (TCP or UDP) tcp or udp
--port, -p Filter by local port number 5433
--remote-port Filter by remote port number 443
--ip Filter by remote IP address 0.0.0.0
--program Filter by program name (partial match) chrome
--pid Filter by PID 10000
--open, -o Show only ESTABLISHED connections
--listen, -l Show only LISTEN sockets
--exclude-ipv6 Exclude IPv6 entries

6.1 Protocol Filtering

sudo somo --proto tcp -l

Only display TCP listening sockets.

6.2 Local & Remote Port Filtering

  • Local Port (-p / --port):

    sudo somo -p 5433

    Shows both listening and established connections on local port 5433.

  • Remote Port (--remote-port):

    sudo somo --remote-port 443

    Finds all connections communicating with remote HTTPS (port 443).

6.3 Remote IP & Program Name Filtering

  • Remote IP (--ip):

    sudo somo --ip 0.0.0.0

    Lists sockets connected to or listening on the specified IP.

  • Program Name (--program):

    sudo somo --program chrome

    Partial or full match for the process name, ideal for locating browser or database traffic.

6.4 Established vs. Listening

  • Established (--open / -o):

    sudo somo --open

    Focus on active, two‑way connections—perfect for monitoring live sessions.

  • Listening (--listen / -l):

    sudo somo --listen

    View only server‑side sockets awaiting incoming connections.

6.5 Excluding IPv6

When IPv4 is your sole concern:

sudo somo -l --exclude-ipv6

Combine flags for multi‑dimensional filtering:

sudo somo --program nginx --proto tcp --listen --exclude-ipv6

7. Interactive Process Termination

After identifying a suspicious connection, somo lets you kill the process without leaving the interface:

somo --kill
  • -k, --kill: Enable interactive kill mode.
  • A selection index appears at the end of each row.
  • Use arrow keys or type the index, then press Enter to terminate.

Interactive Kill Interface

Advanced Example:

somo --program postgres --kill

Interactively select and kill only Postgres‑related processes—ideal for emergency database resets.

8. Real‑World Examples & Best Practices

8.1 Quickly Verify Database Listeners

When a database client reports “connection refused,” confirm the server is listening on port 5432:

sudo somo --port 5432 --listen

If you see no output, the database is not listening—time to check your service logs.

8.2 Identify High‑Connection Processes

To find processes with the most active TCP connections:

sudo somo --open --proto tcp --program

Scan for anomaly patterns—multiple connections from one PID may indicate heavy usage or a runaway service.

8.3 Isolate UDP Services

UDP services like DNS or syslog can generate noise. Filter exclusively for UDP listeners:

sudo somo --proto udp --listen

Quickly spot DNS (port 53) or SNMP (port 161) daemons.

8.4 Batch Automation & Alerts

Pipe somo’s plain‑text output to scripts or monitoring agents:

sudo somo -p 80 --open --no-table | grep ESTABLISHED | wc -l

Combine with cronjobs or Prometheus exporters to trigger alerts when connection counts exceed thresholds.

Pro Tip: Use --no-table (plain text mode) for easier parsing in CI/CD pipelines or chatops bots.

9. Automating somo in Scripts and Monitoring Systems

Integrate somo into your observability stack:

  1. Prometheus Node Exporter

    • Create a custom exporter that runs somo --open --proto tcp --no-table.
    • Parse the output into metrics like somo_active_connections_total.

  2. Grafana Dashboards

    • Visualize socket counts per program or port.
    • Set alert rules for unusual spikes or drops.

  3. ChatOps Notifications

    • Use shell scripts or an infrastructure automation tool (Ansible, Salt) to run somo checks and post summaries to Slack or Microsoft Teams.

10. Troubleshooting & Tips

  • Permission Denied
    If you see only your own processes, rerun with sudo or ensure the binary is in a root‑accessible path.

  • Missing Dependencies
    On Debian, a failed .deb install can be fixed with sudo apt-get install -f.

  • Slow Startup
    Very large socket tables may slow initial render. Filter upfront:

    sudo somo --listen --proto tcp

  • Unfamiliar Columns
    Hover over column headers or consult somo --help for field definitions.

  • Update Checks
    Regularly check the GitHub Releases page for bugfixes and performance improvements.

11. Frequently Asked Questions (FAQ)

Q1: Why does somo require sudo?
To read all sockets on the system, root privileges are necessary. Without sudo, you only see your user’s connections.

Q2: How does somo differ from netstat and ss?
While all three query the kernel’s socket tables, somo emphasizes:

  • Clean, auto‑formatted tables
  • Built‑in filters (no external pipes)
  • Interactive process termination

Q3: Can I run somo non‑interactively for scripts?
Yes. Use the --no-table flag to output plain text or CSV that’s easy to parse:

sudo somo --port 80 --open --no-table

Q4: Are additional filters planned?
Current filters cover protocol, ports, IP, PID, program name, state, and IPv6 exclusion. For custom needs, the source code is open on GitHub for contributions.

12. Conclusion: Simplify Your Linux Networking Tasks

From system administrators monitoring production servers to developers troubleshooting local services, somo offers a faster, more intuitive approach to socket and port monitoring on Linux. With its visually pleasing table view, powerful built‑in filters, and interactive kill mode, you’ll spend less time wrestling with command‑line pipelines and more time solving real problems.

Give somo a try today:

sudo somo -l

Replace your lengthy netstat -tulpn commands with the concise somo -l and experience the difference. For more details, documentation, and the latest releases, visit the somo GitHub repository.

Try somo Now!

“`