ss command in Linux with examples

This article is a follow-up to the previous 90 Linux Commands frequently used by Linux Sysadmins post. Every week, as time allows, I will publish articles on the 90 commands geared toward Linux sysadmins and Linux power users.

 

What is the ss command?

The ss command is a powerful utility used to display detailed information about network sockets and connections on a Linux system. It is a modern replacement for the older netstat command and offers more advanced features and flexibility. In this blog post, we will explore the ss command in detail and provide some examples of how to use it.

The ss command stands for “socket statistics” and is a utility that provides detailed information about network sockets and connections. It is typically used to diagnose and troubleshoot network issues, such as identifying open ports, viewing established connections, and monitoring network traffic.

ss command in Linux

Unlike the older netstat command, which is limited to displaying only basic information about network sockets, the ss command provides a wide range of options and filtering capabilities that allow you to customize the output to your needs.

 

ss command examples

Here are some examples of how to use the ss command:

To show all listening TCP connections, use the following:
ss -tln – This command will show all listening TCP connections on the system, along with the corresponding port number and the process ID that is listening on that port.

To show all established TCP connections, use the following:
ss -tan – This command will show all established TCP connections on the system, including the local and remote IP addresses, the corresponding port numbers, and the state of the connection.

To show all UDP sockets, use the following:
ss -uln – This command will show all open UDP sockets on the system, along with the corresponding port number and the process ID that is using that socket.

To show all UNIX sockets, use the following:
ss -x – This command will show all UNIX sockets on the system, including the type of socket, the inode number, and the process ID that is using that socket.

To show all TCP sockets in the state of TIME-WAIT, use the following:
ss -tan state time-wait – This command will show all TCP sockets in the state of TIME-WAIT, which is a state that a connection enters after it has been closed. This can be useful for diagnosing connection-related issues.

To show all processes that are using internet sockets, use the following:
ss -ap – This command will show all processes that are using internet sockets on the system, along with the corresponding socket information and the process ID.

 

Related commands:

  1. netstat – This is the older utility that ss replaces. It displays basic information about network sockets and connections.
  2. lsof – This command lists open files, including network sockets.
  3. tcpdump – This command captures network traffic and displays it in real-time, making it useful for network troubleshooting.
  4. nmap – This command is a network scanner that can be used to identify open ports, services, and operating systems on a remote system.
  5. ip – This is a command-line utility for managing network interfaces and routing tables on a Linux system. It can be used to configure network settings, such as IP addresses and routing rules.

 

Useful reading:

  1. Linux commands: Drop these old utilities for modern alternatives.
  2. Linuxfoundation – iproute2.
  3. https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.iproute2.html

 

Conclusion

The ss command is a powerful utility that provides detailed information about network sockets and connections on a Linux system. It is a modern replacement for the older netstat command and offers more advanced features and flexibility. By mastering the ss command, you can diagnose and troubleshoot network issues more effectively and keep your system running smoothly.

 

Tags: , ,

Discussion

  1. EXCELLENT! How about 90 ss examples! These examples are awesome. Thanks!

  2. Thanks for the feedback. More to come. That’s encouraging to hear. :handshake:

  3. @unixrab Here are some additional ss command examples that are not already listed in the article:

    1. Show all TCP sockets in the SYN-RECV state:
    ss -tan state syn-recv
    

    This command will display all TCP sockets that are in the SYN-RECV state. This state is typically associated with incoming connections that are in the process of being established.

    1. Display detailed information about a specific port:
    ss -tln sport = :80
    

    This command will show detailed information about the TCP sockets that are listening on port 80. You can replace :80 with the specific port you want to investigate.

    1. List all TCP sockets using a specific address family (IPv4 or IPv6):
    ss -t4
    

    This command will list all TCP sockets using both IPv4 and IPv6 address families. You can use -t4 for IPv4 only or -t6 for IPv6 only.

    1. Display all listening and non-listening UDP sockets:
    ss -u -a
    

    This command will show both listening and non-listening UDP sockets on the system. It provides a comprehensive view of UDP sockets.



Top ↑