The Socket Statistics (ss) command is a tool used to get statistics about your network connections. It is a modern replacement for the classic netstat command that display information similar to netstat. It helps system administrator with troubleshooting network issues.

In this article, we will show you how to use the ss command with examples.

Step 1 – How to Use ss Command

The ss command is a part of the iproute2 package and comes pre-installed in all major Linux distributions.

Run the ss command without any options:

ss

You should see a list of all open non-listening sockets with established connections:

Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
u_dgr  ESTAB      0      0               @0002d 21279                 * 21280  
u_dgr  ESTAB      0      0               @0002c 21277                 * 21278  
u_str  ESTAB      0      0                    * 24372                 * 24371  
u_str  ESTAB      0      0                    * 24121                 * 24122  
u_str  ESTAB      0      0      /var/run/dbus/system_bus_socket 22039                 * 22625  
u_str  ESTAB      0      0                    * 28687                 * 28688  
u_str  ESTAB      0      0                    * 20684                 * 20685  
u_str  ESTAB      0      0      /var/run/dbus/system_bus_socket 19468                 * 18720  
u_str  ESTAB      0      0                    * 19408                 * 21950  

A brief explanation of each column is shown below:

  • Netid: Type of the socket like TCP, UDP, etc.
  • State: State of the socket like established, unconnected, listening, etc.
  • Recv-Q: Display the number of received packets.
  • Send-Q: Display the number of sent packets.
  • Local address:port: Display the address and port of the local machine.
  • Peer address:port: Display the address and port of the remote machine.

Step 2 – List All Connections

To list all listening and non-listening connections, run:

ss -a

Output:

To list only listening connections, run:

ss -l

Output:

Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
nl     UNCONN     0      0                 rtnl:whoopsie/1343                *       
nl     UNCONN     0      0                 rtnl:chrome/3508                *       
nl     UNCONN     0      0                 rtnl:4195436                *       
nl     UNCONN     0      0                 rtnl:deja-dup-monito/4340                *       

Step 3 – List All TCP Connections

To list all TCP connections, run:

ss -t

Output:

State       Recv-Q Send-Q                                     Local Address:Port                                         Peer Address:Port   
ESTAB       0      0                                            172.20.10.3:60338                                         103.43.89.4:https   
SYN-SENT    0      1                                            172.20.10.3:34652                                      13.127.247.216:https   
SYN-SENT    0      1                                            172.20.10.3:34474                                      13.127.247.216:https   
ESTAB       0      0                                            172.20.10.3:34310                                       103.43.90.179:https   
ESTAB       0      0                                            172.20.10.3:34362                                         34.95.69.49:https   

To list all listening TCP connections, run:

ss -lt

Output:

State       Recv-Q Send-Q                                     Local Address:Port                                         Peer Address:Port   
LISTEN      0      50                                             127.0.0.1:mysql                                                   *:*       
LISTEN      0      50                                                     *:netbios-ssn                                                 *:*       
LISTEN      0      128                                                    *:sunrpc                                                  *:*       
LISTEN      0      128                                                    *:http                                                    *:*       

Step 4 – List UDP Connections

To list all UDP connections, run:

ss -u

Output:

State       Recv-Q Send-Q                                     Local Address:Port                                         Peer Address:Port   
ESTAB       0      0                                              127.0.0.1:56315                                           127.0.0.1:56315   
ESTAB       0      0                                            172.20.10.3:44691                                      142.250.67.130:https   

To list all listening UDP connections, run:

ss -lu

Output:

State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
UNCONN     0      0                       *:323                      *:*       
UNCONN     0      0                       *:ipsec-nat-t                  *:*       
UNCONN     0      0                       *:isakmp                   *:*       
UNCONN     0      0                       *:19002                    *:*       
UNCONN     0      0                       *:ipp                      *:*       

Step 5 – Display IPv4 and IPv6 Connections

To display only IPv4 connections, run:

ss -4

Output:

Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
u_dgr  ESTAB      0      0               @0002d 21279                 * 21280  
u_dgr  ESTAB      0      0               @0002c 21277                 * 21278  
u_str  ESTAB      0      0                    * 24372                 * 24371  
u_str  ESTAB      0      0                    * 24121                 * 24122  

To display only IPv6 connections, run:

ss -6

Output:

Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
u_dgr  ESTAB      0      0               @0002d 21279                 * 21280  
u_dgr  ESTAB      0      0               @0002c 21277                 * 21278  
u_str  ESTAB      0      0                    * 24372                 * 24371  
u_str  ESTAB      0      0                    * 24121                 * 24122  

Step 6 – List Connections to a Specific IP Address

If you want to list all connections to a specific destination IP address, run the following command:

ss dst 172.20.10.3

Output:

Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
u_dgr  ESTAB      0      0               @0002d 21279                 * 21280  
u_dgr  ESTAB      0      0               @0002c 21277                 * 21278  
u_str  ESTAB      0      0                    * 24372                 * 24371  

To list all connections to a specific source address, run:

ss src 172.20.10.3

Output:

Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
u_dgr  ESTAB      0      0               @0002d 21279                 * 21280  
u_dgr  ESTAB      0      0               @0002c 21277                 * 21278  
u_str  ESTAB      0      0                    * 24372                 * 24371  
u_str  ESTAB      0      0                    * 24121                 * 24122  
u_str  ESTAB      0      0      /var/run/dbus/system_bus_socket 22039                 * 22625  

Step 7 – Display Process IDs of Connections

To display PIDs of all connections, run:

ss -p

Output:

Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
u_dgr  ESTAB      0      0               @0002d 21279                 * 21280   users:(("chrome",3508,10))
u_dgr  ESTAB      0      0               @0002c 21277                 * 21278   users:(("chrome",3508,9))
u_str  ESTAB      0      0                    * 24372                 * 24371   users:(("chrome",4002,70))
u_str  ESTAB      0      0                    * 24121                 * 24122   users:(("chrome",3714,42))

Step 8 – Filter Connections

You can use the ss command with advanced filtering to list all connections based on your requirements.

For example, to list all TCP connections that are in the listening state, run:

ss -t state listening

Output:

Recv-Q Send-Q                                          Local Address:Port                                              Peer Address:Port   
0      50                                                  127.0.0.1:mysql                                                        *:*       
0      50                                                          *:netbios-ssn                                                      *:*       
0      128                                                         *:sunrpc                                                       *:*       

To list all connections with destination port 22, run:

ss dst :22

Conclusion

That’s it for now. The ss command tool is very useful to get socket and network statistics with advanced filtering options on your dedicated server from Atlantic.Net. For more information check the ss command man pages.