Tag Archives: Linux

The TSocket Statistics (ss) command is similar to netstat, and it is used to display useful network socket information.
The ss command syntax come with specify optional flags and filters:

Let’s see some examples with this linux command:

1. List Established Connections
The default run with the ss command display a list of open non-listening sockets that have established connections (for example: TCP, UDP or UNIX sockets)

2. Show Listening Sockets
Than listing all sockets, we can use the -l option to specifically list the sockets that are currently listening for a connection.

3. Show Processes
We can print out the process or PID number that owns a socket with the -p option.

4. Don’t Resolve Service Names
The -n option will not take place and we will instead see the port number rather than the service name.

5. Resolve Numeric Address/Ports
This and resolve both the IP address and port number with the -r option.

6. IPv4 Sockets
We can use the -4 option to only display information corresponding to IPv4 sockets.

7. IPv6 Sockets
We can use the -6 option to only display information related to IPv6 sockets.

8. TCP Only
The -t option can be used to display only TCP sockets and using the -l option print out listening sockets we can see everything listening on TCP.

9. UDP Only
The -u option can be used to display only UDP sockets. As UDP is a connection-less protocol, simply running with only the -u option will display no output. We can instead combine this with the -a or -l option to see all listening UDP sockets, as shown below.

10. Unix Sockets
The -x option can be used to display unix domain sockets only.

11. Show Socket Memory Usage
The -m option can be used to display the amount of memory that each socket is using.

12. Show Internal TCP Information
We can request additional internal TCP information with the -i info option.

13. Show Summary
We can see a quick overview of the statistics with the -s option.

14. Filter Based On State
That specify states including established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, closed-wait, last-ack, listen and closing.

15. Show SELinux Context
The -Z and -z options can be used to show the SELinux security context of a socket. In the example below we also use the -t and -l options to only list listening TCP sockets, with the -Z option we can also see the SELinux contexts.

Filtering to list all ports that are less than (lt), greater than (gt), equal to (eq), not equal to (ne), less than or equal to (le), or greater than or equal to (ge).