The TSocket Statistics (ss) command is similar to netstat, and it is used to display useful network socket information.
The ss command syntax comes with specifying optional flags and filters:
1 | ss [options] [ FILTER ] |
Let’s see some examples with this Linux command:
1. List Established Connections
The default run with the ss command displays a list of open non-listening sockets that have established connections (for example TCP, UDP or UNIX sockets)
1 | [root@localhost mythcat]# ss |
2. Show Listening Sockets
Than listing all sockets, we can use the -l option to specifically list the sockets that are currently listening for a connection.
1 | [root@localhost mythcat]# ss -lt |
3. Show Processes
We can print out the process or PID number that owns a socket with the -p option.
1 | [root@localhost mythcat]# ss -p |
4. Don’t Resolve Service Names
The -n option will not take place and we will instead see the port number rather than the service name.
1 | [root@localhost mythcat]# ss -n |
5. Resolve Numeric Address/Ports
This and resolve both the IP address and port number with the -r option.
1 | [root@localhost mythcat]# ss -r |
6. IPv4 Sockets
We can use the -4 option to only display information corresponding to IPv4 sockets.
1 | [root@localhost mythcat]# ss -l4 |
7. IPv6 Sockets
We can use the -6 option to only display information related to IPv6 sockets.
1 | [root@localhost mythcat]# ss -l6 |
8. TCP Only
The -t option can be used to display only TCP sockets and using the -l option print out listening sockets we can see everything listening on TCP.
1 | [root@localhost mythcat]# ss -lt |
9. UDP Only
The -u option can be used to display only UDP sockets. As UDP is a connection-less protocol, simply running with only the -u option will display no output. We can instead combine this with the -a or -l option to see all listening UDP sockets, as shown below.
1 | [root@localhost mythcat]# ss -ul |
10. Unix Sockets
The -x option can be used to display Unix domain sockets only.
1 | [root@localhost mythcat]# ss -x |
11. Show Socket Memory Usage
The -m option can be used to display the amount of memory that each socket is using.
1 | [root@localhost mythcat]# ss -ltm |
12. Show Internal TCP Information
We can request additional internal TCP information with the -i info option.
1 | [root@localhost mythcat]# ss -lti |
13. Show Summary
We can see a quick overview of the statistics with the -s option.
1 | [root@localhost mythcat]# ss -s |
14. Filter Based On State
That specify states including established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, closed-wait, last-ack, listen and closing.
1 2 3 | [root@localhost mythcat]# ss -t state established [root@localhost mythcat]# ss -t state time-wait |
15. Show SELinux Context
The -Z and -z options can be used to show the SELinux security context of a socket. In the example below we also use the -t and -l options to only list listening TCP sockets, with the -Z option we can also see the SELinux contexts.
1 | [root@localhost mythcat]# ss -tlZ |
Filtering to list all ports that are less than (lt), greater than (gt), equal to (eq), not equal to (ne), less than or equal to (le), or greater than or equal to (ge).