Linux ss Tool to Identify Sockets / Network Connections with Examples

October 1, 2014 | By
| 2 Replies More

ss is part of the iproute2 (utilities for controlling TCP/IP networking and traffic) package. iproute2 is intended to replace an entire suite of standard Unix networking tools (often called "net-tools") that were previously used for the tasks of configuring network interfaces, routing tables, and managing the ARP table. The ss utility is used to dump socket statistics, it allows showing information similar to netstat and its able display more TCP and state information. It should also be faster as it gets its information directly from kernel space. The options used with the ss commands are very similar to netstat making it an easy replacement.

Usage and common options

ss is very similar to netstat, by default it will show you a list of open non-listening TCP sockets that have established connection and you can shape the output with the following options:

-n - Do now try to resolve service names.
-r - Try to resolve numeric address/ports.
-a - Display all sockets.
-l - Display listening sockets.
-p - Show process using socket.
-s - Print summary statistics.
-t - Display only TCP sockets.
-u - Display only UDP sockets.
-d - Display only DCCP sockets.
-w - Display only RAW sockets.
-x - Display only Unix domain sockets.
-f FAMILY - Display sockets of type FAMILY. Currently the following families are supported: unix, inet, inet6, link, netlink.
-A QUERY - List of socket tables to dump, separated by commas. The following identifiers are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream, packet_raw, packet_dgram.

1) Display tcp ports and process

Display all open TCP ports and the process that uses them

# ss -tnap

ss tnap

2) Display IPV4 and IPV6 Connection

You can use -4 flag to display the IPv4 connections and the -6 flag to display IPv6 connections, for example:

# ss -tnap6

ss tnap6

3) Display UDP port

In the same manner, to show all open UDP ports you just have to replace t with n.

# ss -unap

ss unap

4) Print tcp statistics

To print various useful statistics you can use the -s flag

# ss -s

ss stats

5) Display connection statistics using its states

To check all connections in a different state you can use the -o flag, for example to display all the "established" connection

# ss -tn -o state established -p

ss est

Filed Under : LINUX COMMANDS, LINUX HOWTO, MONITORING

Free Linux Ebook to Download

Comments (2)

Trackback URL | Comments RSS Feed

  1. seqizz says:

    There is a typo at 3rd. Please check.

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.