Linux ss Command Tutorial With Examples
Linux processes communicates with socket between each other. There are tools to list, resolve, provide information about sockets. Ss is one of them. Netstat command can list and resolve the sockets too but it is slow because there is a lot of sockets. Ss gets information about socket from directly Linux kernel.
List All Connections
First of all existing connections, listening Unix and Network sockets can be listed with
$ ss -l
Netidcolumn specifies type of the socket like nl, u_dgr,tcp,udp
Statecolumn specifies current status of socket like listening, established etc.
Recv-Qcolumn shows received packets
Send-Qcolumn shows send packets
Local Address:Portcolumns shows local address and port or equivalent values
Remote Address:Portcolumns shows remote address and port or equivalent values
Filter TCP Connections
Listing all connections will create a lot of output on the terminal especially in busy servers. Or we may need only TCP connections to list and inspect. There is two way to list only TCP connections. One way is using TCP option
-t directly. This will filter and list all ready established TCP connections.
$ ss -t
$ ss -A tcp
As we can see both command have printed same output because they do same operation just their syntax is different.
-A options is used for simple and complex queries where we will look it below. We specify TCP protocol as query filter to only list TCP connections.
Filter UDP Sockets
Like filtering TCP connections UDP connections can be filtered like below. In the first example we will provide direct option
-u to filter UDP sockets.
$ ss -ua
$ ss -a -A udp
As we can see previous examples we have provided extra option
-a because UDP is connectionless protocol and we want to list sockets which can be listed with this option.
List All Statuses of Sockets, Connections
ss command by default list only established and connected sockets/connections. Listening sockets will be eliminated. The
-a option will make to list all of them without eliminating.
$ ss -a
Filter Unix Sockets
Unix sockets are used for communicate and exchange data between processes those resides in same Linux system. These socket mechanism is inherited from old Unix systems. All sockets in a Unix Linux system can be listed with the
$ ss -x
Filter IPv4 Connections
Linux network stack supports different protocols but as we know IPv4 is the most popular one which is mainly used for internet. While printing network protocols all of them are listed like IPv4, IPv6, Apple Talk etc. IPv4 protocols connections and sockets can be filtered with
--ipv4 option like below.
$ ss -4
Filter IPv6 Connections
As previously done IPv4 filtering for current connections and sockets. Same filtering can be done for IPv6 connections and sockets with
$ ss -6 -a
Filter Connections According Port Number
Connects and sockets can be filtered according to their port numbers. Filtering these type of information requires special syntax and great flexibility to use. We will provide port number syntax by specifying
$ ss '( dport = :ssh or sport = :ssh )'
Using Port Numbers
In this example we have filtered according to both source and destination ports. While expressing ports we have used the protocol name but numbers are OK for port specification like below.
$ ss '( dport = :22 or sport = :22 )'
Filter Connections According IP Address
We will filter connections according to IP address. Both destination and source hosts have IP address. These are called
dstfor destination or remote IP address
srcfor source or local IP address
$ ss dst 192.168.122.1
Filter TCP Connections According States
As we know TCP protocol is a stateful protocol. What is stateful? Stateful simply means the source host create a sessions for the network connection. TCP have following states those are popular
listenis used for service listening a port or socket
establishedused for all ready created connection
syn-sentused for session creation is started for the TCP connection but not competed
In this example we will look for established state TCP ports.
$ ss -t state established
Resolve Host Name
Resolving host name will convert and show IP addresses with their related hostnames. This will slow down the listing process but may be more useful and informative.
$ ss -t -r state established
Resolve Host Name
Resolving host name can be a slow down problem and easily disabled with
-n parameter like below.
$ ss -t -n
Show Only Listening Sockets
By default only established sockets and ports are listed. To list listening ports and socket
-l option should be provided.
$ ss -t -l
Show Process Name and Process ID
While printing existing sockets and ports we may need related process names and IDs. This can be printed with
-p parameter. In this example we will list the process name and id of the ssh port.
$ sudo ss -t -p
As we can see the process name is
sshd and process id is
2337 with file descriptor
3 for one connection.
Print Summary Statistics
Statistics about the ports and sockets can be printed with
$ sudo ss -s
In this example statistics about the RAW, UDO, TCP, INET and FRAG types with related IP protocol version like IPv4 and IPv6
Display Timer Information
Timer options will provide information about the socket or connection. Timer information can be seen with
$ sudo ss -t -o
In this example we can see the total time of the ssh connections and current TCP keep alive status.