Table of Contents
The Socket Statistics (ss) command is a tool used to get statistics about your network connections. It is a modern replacement for the classic netstat command that display information similar to netstat. It helps system administrator with troubleshooting network issues.
In this article, we will show you how to use the ss command with examples.
Step 1 – How to Use ss Command
The ss command is a part of the iproute2 package and comes pre-installed in all major Linux distributions.
Run the ss command without any options:
ss
You should see a list of all open non-listening sockets with established connections:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_dgr ESTAB 0 0 @0002d 21279 * 21280 u_dgr ESTAB 0 0 @0002c 21277 * 21278 u_str ESTAB 0 0 * 24372 * 24371 u_str ESTAB 0 0 * 24121 * 24122 u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 22039 * 22625 u_str ESTAB 0 0 * 28687 * 28688 u_str ESTAB 0 0 * 20684 * 20685 u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 19468 * 18720 u_str ESTAB 0 0 * 19408 * 21950
A brief explanation of each column is shown below:
- Netid: Type of the socket like TCP, UDP, etc.
- State: State of the socket like established, unconnected, listening, etc.
- Recv-Q: Display the number of received packets.
- Send-Q: Display the number of sent packets.
- Local address:port: Display the address and port of the local machine.
- Peer address:port: Display the address and port of the remote machine.
Step 2 – List All Connections
To list all listening and non-listening connections, run:
ss -a
Output:
To list only listening connections, run:
ss -l
Output:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port nl UNCONN 0 0 rtnl:whoopsie/1343 * nl UNCONN 0 0 rtnl:chrome/3508 * nl UNCONN 0 0 rtnl:4195436 * nl UNCONN 0 0 rtnl:deja-dup-monito/4340 *
Step 3 – List All TCP Connections
To list all TCP connections, run:
ss -t
Output:
State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 172.20.10.3:60338 103.43.89.4:https SYN-SENT 0 1 172.20.10.3:34652 13.127.247.216:https SYN-SENT 0 1 172.20.10.3:34474 13.127.247.216:https ESTAB 0 0 172.20.10.3:34310 103.43.90.179:https ESTAB 0 0 172.20.10.3:34362 34.95.69.49:https
To list all listening TCP connections, run:
ss -lt
Output:
State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 50 127.0.0.1:mysql *:* LISTEN 0 50 *:netbios-ssn *:* LISTEN 0 128 *:sunrpc *:* LISTEN 0 128 *:http *:*
Step 4 – List UDP Connections
To list all UDP connections, run:
ss -u
Output:
State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 127.0.0.1:56315 127.0.0.1:56315 ESTAB 0 0 172.20.10.3:44691 142.250.67.130:https
To list all listening UDP connections, run:
ss -lu
Output:
State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:323 *:* UNCONN 0 0 *:ipsec-nat-t *:* UNCONN 0 0 *:isakmp *:* UNCONN 0 0 *:19002 *:* UNCONN 0 0 *:ipp *:*
Step 5 – Display IPv4 and IPv6 Connections
To display only IPv4 connections, run:
ss -4
Output:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_dgr ESTAB 0 0 @0002d 21279 * 21280 u_dgr ESTAB 0 0 @0002c 21277 * 21278 u_str ESTAB 0 0 * 24372 * 24371 u_str ESTAB 0 0 * 24121 * 24122
To display only IPv6 connections, run:
ss -6
Output:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_dgr ESTAB 0 0 @0002d 21279 * 21280 u_dgr ESTAB 0 0 @0002c 21277 * 21278 u_str ESTAB 0 0 * 24372 * 24371 u_str ESTAB 0 0 * 24121 * 24122
Step 6 – List Connections to a Specific IP Address
If you want to list all connections to a specific destination IP address, run the following command:
ss dst 172.20.10.3
Output:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_dgr ESTAB 0 0 @0002d 21279 * 21280 u_dgr ESTAB 0 0 @0002c 21277 * 21278 u_str ESTAB 0 0 * 24372 * 24371
To list all connections to a specific source address, run:
ss src 172.20.10.3
Output:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_dgr ESTAB 0 0 @0002d 21279 * 21280 u_dgr ESTAB 0 0 @0002c 21277 * 21278 u_str ESTAB 0 0 * 24372 * 24371 u_str ESTAB 0 0 * 24121 * 24122 u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 22039 * 22625
Step 7 – Display Process IDs of Connections
To display PIDs of all connections, run:
ss -p
Output:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_dgr ESTAB 0 0 @0002d 21279 * 21280 users:(("chrome",3508,10))
u_dgr ESTAB 0 0 @0002c 21277 * 21278 users:(("chrome",3508,9))
u_str ESTAB 0 0 * 24372 * 24371 users:(("chrome",4002,70))
u_str ESTAB 0 0 * 24121 * 24122 users:(("chrome",3714,42))
Step 8 – Filter Connections
You can use the ss command with advanced filtering to list all connections based on your requirements.
For example, to list all TCP connections that are in the listening state, run:
ss -t state listening
Output:
Recv-Q Send-Q Local Address:Port Peer Address:Port 0 50 127.0.0.1:mysql *:* 0 50 *:netbios-ssn *:* 0 128 *:sunrpc *:*
To list all connections with destination port 22, run:
ss dst :22
Conclusion
That’s it for now. The ss command tool is very useful to get socket and network statistics with advanced filtering options on your dedicated server from Atlantic.Net. For more information check the ss command man pages.
