Overview

• What you’ll learn: The socket abstraction, the Berkeley socket API, TCP vs UDP sockets, client-server communication patterns, and hands-on examples with Python and netcat.
• Prerequisites: Lesson 12 – IP Addressing, Subnetting, and CIDR
• Estimated reading time: 22 minutes

Introduction

Every networked application — from web servers and database clients to chat programs and IoT sensors — relies on sockets to send and receive data across a network. A socket is an endpoint for communication, identified by an IP address and a port number. It is the fundamental abstraction that bridges the gap between application code and the underlying TCP/IP protocol stack.

The socket API was originally developed as part of BSD Unix in the early 1980s and has since become the standard network programming interface across all major operating systems. Understanding sockets is essential for anyone who wants to build, debug, or troubleshoot networked applications on Linux.

In this lesson, you will learn how sockets work at a conceptual level, explore the key system calls in the socket lifecycle, and write practical examples using both Python and command-line tools like netcat.

What is a Socket?

A socket is a software endpoint that establishes bidirectional communication between a server process and one or more client processes. Think of it as a telephone — one side dials (the client connects) and the other side picks up (the server accepts). Every socket is uniquely identified by the combination of a protocol (TCP or UDP), a local IP address, and a local port number.

On Linux, sockets are represented as file descriptors, which means you can use standard file operations like read() and write() to send and receive data. This is consistent with the Unix philosophy of “everything is a file.”

# View all open sockets on the system
$ ss -tunap
Netid  State   Recv-Q  Send-Q  Local Address:Port   Peer Address:Port  Process
tcp    LISTEN  0       128     0.0.0.0:22            0.0.0.0:*          users:(("sshd",pid=1234,fd=3))
tcp    LISTEN  0       511     0.0.0.0:80            0.0.0.0:*          users:(("nginx",pid=5678,fd=6))
udp    UNCONN  0       0       127.0.0.53:53         0.0.0.0:*          users:(("systemd-resolve",pid=890,fd=13))

# Count open sockets by state
$ ss -s
Total: 187
TCP:   12 (estab 3, closed 2, orphaned 0, timewait 1)
Transport  Total   IP    IPv6
RAW        1       0     1
UDP        4       3     1
TCP        10      7     3
INET       15      10    5
FRAG       0       0     0

The Socket Lifecycle

The socket API follows a well-defined sequence of system calls. For a TCP connection, the server and client follow different but complementary paths:

Server side: socket() → bind() → listen() → accept() → recv()/send() → close()

Client side: socket() → connect() → send()/recv() → close()

# TCP Server in Python
import socket

server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  # 1. Create socket
server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
server.bind(('0.0.0.0', 9000))    # 2. Bind to address and port
server.listen(5)                    # 3. Start listening (backlog=5)
print("Server listening on port 9000...")

conn, addr = server.accept()       # 4. Accept incoming connection
print(f"Connection from {addr}")
data = conn.recv(1024)              # 5. Receive data
print(f"Received: {data.decode()}")
conn.send(b"Hello from server!n") # 6. Send response
conn.close()                        # 7. Close connection
server.close()

# TCP Client in Python
import socket

client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  # 1. Create socket
client.connect(('127.0.0.1', 9000))  # 2. Connect to server
client.send(b"Hello from client!n") # 3. Send data
response = client.recv(1024)          # 4. Receive response
print(f"Server says: {response.decode()}")
client.close()                        # 5. Close connection

TCP vs UDP Sockets

TCP sockets (SOCK_STREAM) provide reliable, ordered, connection-oriented communication. UDP sockets (SOCK_DGRAM) provide fast, connectionless, best-effort delivery. The choice depends on your application requirements.

# UDP Server in Python
import socket

udp_server = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp_server.bind(('0.0.0.0', 9001))
print("UDP server listening on port 9001...")

data, addr = udp_server.recvfrom(1024)  # No accept() needed
print(f"Received from {addr}: {data.decode()}")
udp_server.sendto(b"UDP reply!n", addr)
udp_server.close()

# UDP Client in Python
import socket

udp_client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp_client.sendto(b"Hello UDP!n", ('127.0.0.1', 9001))
data, addr = udp_client.recvfrom(1024)
print(f"Reply: {data.decode()}")
udp_client.close()

Hands-On with Netcat

Netcat (nc) is the “Swiss army knife” of networking. It can create TCP and UDP connections from the command line, making it invaluable for testing and debugging socket-based services.

# Start a TCP listener on port 9000
$ nc -l -p 9000

# In another terminal, connect to it
$ nc 127.0.0.1 9000
Hello from netcat client!   # Type and press Enter — appears on the listener

# UDP mode: use the -u flag
$ nc -u -l -p 9001          # UDP listener
$ nc -u 127.0.0.1 9001      # UDP client

# Send a file over TCP
$ nc -l -p 9000 > received_file.txt          # Receiver
$ nc 127.0.0.1 9000 < /etc/hostname          # Sender

# Port scanning with netcat
$ nc -zv 192.168.1.1 20-80
Connection to 192.168.1.1 22 port [tcp/ssh] succeeded!
Connection to 192.168.1.1 80 port [tcp/http] succeeded!

Socket Options and Tuning

Socket options allow you to fine-tune socket behavior. Common options include SO_REUSEADDR (allow address reuse), SO_KEEPALIVE (detect dead connections), and TCP_NODELAY (disable Nagle’s algorithm for low-latency applications).

# View socket buffer sizes
$ sysctl net.core.rmem_default
net.core.rmem_default = 212992

$ sysctl net.core.wmem_default
net.core.wmem_default = 212992

# View TCP keepalive settings
$ sysctl net.ipv4.tcp_keepalive_time
net.ipv4.tcp_keepalive_time = 7200

$ sysctl net.ipv4.tcp_keepalive_intvl
net.ipv4.tcp_keepalive_intvl = 75

$ sysctl net.ipv4.tcp_keepalive_probes
net.ipv4.tcp_keepalive_probes = 9

# Increase socket buffer size (temporary)
$ sudo sysctl -w net.core.rmem_max=16777216
$ sudo sysctl -w net.core.wmem_max=16777216

Key Takeaways

• A socket is a communication endpoint identified by a protocol, IP address, and port number — it is the fundamental building block of all networked applications.
• TCP sockets (SOCK_STREAM) provide reliable, ordered delivery; UDP sockets (SOCK_DGRAM) provide fast, connectionless communication.
• The server socket lifecycle follows: socket() → bind() → listen() → accept() → recv()/send() → close().
• Netcat (nc) is an essential command-line tool for testing TCP and UDP connections, transferring files, and port scanning.
• Socket options like SO_REUSEADDR, SO_KEEPALIVE, and TCP_NODELAY allow fine-tuning of socket behavior for specific application needs.

What’s Next

In Lesson 14, you will learn Routing and Switching Basics — how packets are forwarded between networks, how routing tables work, and how Linux can function as a router.