https://www.poftut.com/linux-ss-command-tutorial-with-examples/

Follow

Linux processes communicates with socket between each other. There are tools to list, resolve, provide information about sockets. Ss is one of them. Netstat command can list and resolve the sockets too but it is slow because there is a lot of sockets. Ss gets information about socket from directly Linux kernel.

List All Connections

First of all existing connections, listening Unix and Network sockets can be listed with -l .

List All Connections

• Netid column specifies type of the socket like nl, u_dgr,tcp,udp
• State column specifies current status of socket like listening, established etc.
• Recv-Q column shows received packets
• Send-Q column shows send packets
• Local Address:Port columns shows local address and port or equivalent values
• Remote Address:Port columns shows remote address and port or equivalent values

Filter TCP Connections

Listing all connections will create a lot of output on the terminal especially in busy servers. Or we may need only TCP connections to list  and inspect. There is two way to list only TCP connections. One way is using TCP option -t directly. This will filter and list all ready established TCP connections.

Filter TCP Connections

OR

Filter TCP Connections

As we can see both command have printed same output because they do same operation just their syntax is different. -A options is used for simple and complex queries where we will look it below. We specify TCP protocol as query filter to only list TCP connections.

Filter UDP Sockets

Like filtering TCP connections UDP connections can be filtered like below. In the first example we will provide direct option -u to filter UDP sockets.

Filter UDP Connections

OR

Filter UDP Connections

As we can see previous examples we have provided extra option -a  because UDP is connectionless protocol and we want to list sockets which can be listed with this option.

List All Statuses of Sockets, Connections

ss command by default list only established and connected sockets/connections. Listening sockets will be eliminated. The -a option will make to list all of them without eliminating.

List All Sockets, Connections

Filter Unix Sockets

Unix sockets are used for communicate and exchange data between processes those resides in same Linux system. These socket mechanism is inherited from old Unix systems. All sockets in a Unix Linux system can be listed with the -x or --unix options.

Filter Unix Sockets

Filter IPv4 Connections

Linux network stack supports different protocols but as we know IPv4 is the most popular one which is mainly used for internet. While printing network protocols all of them are listed like IPv4, IPv6, Apple Talk etc. IPv4 protocols connections and sockets can be filtered with -4 or --ipv4 option like below.

Filter IPv4 Connections

Filter IPv6 Connections

As previously done IPv4 filtering for current connections and sockets. Same filtering can be done for IPv6 connections and sockets with -6 or --ipv6 options.

Filter IPv6 Connections

Filter Connections According Port Number

Connects and sockets can be filtered according to their port numbers. Filtering these type of information requires special syntax and great flexibility to use. We will provide port number syntax by specifying ssh port.

Filter Connections According Port Number

Using Port Numbers

In this example we have filtered according to both source and destination ports. While expressing ports we have used the protocol name but numbers are OK for port specification like below.

Using Port Numbers

Filter Connections According IP Address

We will filter connections according to IP address. Both destination and source hosts have IP address. These are called

• dst for destination or remote IP address
• src for source or local IP address

Filter Connections According IP Address

Filter TCP Connections According States

As we know TCP protocol is a stateful protocol. What is stateful? Stateful simply means the source host create a sessions for the network connection. TCP have following states those are popular

• listen is used for service listening a port or socket
• established used for all ready created connection
• syn-sent used for session creation is started for the TCP connection but not competed

In this example we will look for established state TCP ports.

Filter TCP Connections According States

Resolve Host Name

Resolving host name will convert and show IP addresses with their related hostnames. This will slow down the listing process but may be more useful and informative.

Resolve Hostname

Resolve Host Name

Resolving host name can be a slow down problem and easily disabled with -n parameter like below.

Resolve Hostname

Show Only Listening Sockets

By default only established sockets and ports are listed. To  list listening ports and socket -l option should be provided.

Show Only Listening Sockets

Show Process  Name and Process ID

While printing existing sockets and ports we may need related process names and IDs. This can be printed with -p parameter. In this example we will list the process name and id of the ssh port.

Show Process Name and Process ID

As we can see the process name is sshd and process id is 2337 with file descriptor 3 for one connection.

Print Summary Statistics

Statistics about the ports and sockets can be printed with -s parameter.

Print Summary Statistics

In this example statistics about the RAW, UDO, TCP, INET and FRAG types with related IP protocol version like IPv4 and IPv6

Display Timer Information

Timer options will provide information about the socket or connection. Timer information can be seen with -o parameter.

Display Timer Information

In this example we can see the total time of the ssh connections and current TCP keep alive status.