Logo

Uses Of The ss Command in Linux

Try this guide with our instant dedicated server for as low as 40 Euros

Getting precise statistics about network traffic is a critical aspect of network management. Fortunately, Linux offers several commands to manage network operations.

The ss command, short for socket statistics, is a powerful utility used in Linux to examine sockets and display detailed information about network connections. Along with the ip command, ss is crucial for collecting network data and resolving network problems.

It also serves as a modern replacement for the older netstat command, providing more features and better performance. 

In this tutorial, we will discuss the ss command and its use cases. We will start with an introduction to the ss command and then go into use cases.

Table Of Contents

  1. What is ss Command?
  2. The Key Features of the ss Command
  3. ss Command Vs netstat command
  4. Use Cases of Linux ss Command
    1. Use Case #1: Basic Usage
    2. Use Case #2: List All Connections
    3. Use Case #3: List Listening Sockets
    4. Use Case #4: List TCP Connections
    5. Use Case #5: List UDP Connections
    6. Use Case #6: List Unix Sockets
    7. Use Case #7: List Connections to a Specific IP Address
    8. Use Case #8: List Raw Sockets
    9. Use Case #9: List Summary Statistics
    10. Use Case #10: Check Process IDs
    11. Use Case #11: List IPv4 and IPv6 Socket Connections
    12. Use Case #12: Filter Connections
    13. Use Case #13: Check Man Pages or List All Commands
  5. Conclusion
  6. FAQs

What is ss Command?

The ss command is used to dump socket statistics and displays information in the format similar to netstat. However, this output is simpler and faster than the traditional utilities.

It inspects network connections, monitors traffic flow, and filters connections based on specific criteria like ports, protocols, or program names. 

The Basic Syntax

The basic syntax of the ss command is straightforward and flexible, allowing for a wide range of options to display and filter network socket information. 

# ss [options] [ FILTER ]

Here,

[ FILTER ]: Customizes the output

[options]: Specifies connection states

Options

The following table illustrates some of the common options used with the ss command.

ss commands option

The Key Features of the ss Command

Let us now discuss some of the key features of ss command.

View Network Connections

The ss command displays active connections for various protocols such as TCP, UDP, DCCP, and RAW. It also provides detailed information about each connection, including IP addresses, ports, and the state of the connection.

Filter and Sort Connections

ss command allows users to filter connections based on criteria such as address, port and state. It also offers options for sorting the displayed connections to find specific information easily.

Performance and Efficiency

ss command is significantly faster and more efficient than netstat, especially on systems with a large number of connections. It directly interfaces with the kernel to retrieve socket information, providing up-to-date and accurate data.

Versatile Output Options

ss command supports various output formats, including human-readable and machine-parsable formats, making it suitable for scripting and automation.

Let us compare the ss command with netstat command to understand the ss command better. 

ss Command Vs netstat command

netstat and ss are both command-line tools used for network monitoring on Linux systems, but they differ in functionality and output. 

netstat has been around longer and provides network-related information, including network connections, routing tables, and interface statistics. However, its output can be verbose and not as optimized for modern systems.

On the other hand, ss (Socket Statistics) is a newer and more efficient alternative to netstat. It focuses on displaying socket statistics, including information about active connections and listening sockets. 

The ss command is generally faster and provides more detailed and relevant information than netstat, making it a preferred choice for many users and system administrators.

Now that you have a basic understanding of the ss command, let us discuss some of its use cases . 

Use Cases of Linux ss Command 

Some of the use cases of ss command are:

Use Case #1: Basic Usage

The basic usage of the ss command is: 

# ss

This command displays a list of open and connected sockets, not waiting for new connections by default. This is very useful when you need a quick overview of active network communication.

ss command basic usage

The command displays the following information. 

  • Netid – Type of socket. Common types include TCP, UDP, u_str (Unix stream), and u_seq (Unix sequence). 
  • State – Status of the socket. Often seen as ESTAB (established), UNCONN (unconnected), or LISTEN (listening). 
  • Recv-Q – Number of packets received and waiting in the queue. 
  • Send-Q – Number of packets sent and waiting in the queue.
  • Local address – Address and port of the local machine.
  • Peer address – Address and port of the remote machine.

By analyzing the combination of columns, users can gain valuable insights.

Integrating options with the basic ss command can unlock the command’s true power. It provides more specific and detailed information. 

# ss <options>

Alternatively, you can combine multiple options for a more tailored output. 

# ss <option 1> <option 2> <option 3>

NOTE: If your internet is sluggish, Linux offers plenty of command-line tools to check network speed.

Use Case #2: List All Connections

To display all network connections, whether they’re actively listening for new ones or not, execute the following command:

# ss -a

Alternatively, you can also execute:

# ss --all

ss command for list all connections

These commands display all sockets on the system including the established connections and listening sockets. 

Established connections are connections that are actively transferring data and listening sockets are those that are waiting for incoming connections on specific ports.

Use Case #3: List Listening Sockets

To display sockets that are currently listening for new connections, run:

# ss -l

You can also execute:

# ss --listen

ss command for list listening sockets

These commands display sockets in the LISTEN state. These sockets are actively waiting for incoming connections on specific ports. 

This is crucial for understanding what services are running on your system and which ports are accessible.

Use Case #4: List TCP Connections

In order to diagnose network issues, monitor application behavior, and understand how the Linux system interacts with the network, it is necessary to list TCP connections. 

To list all TCP connections, established and listening, run one of these commands:

# ss -t

OR

# ss -tcp

ss command for list tcp connections

If you want to list all TCP connections, regardless of state (established, listening, etc.), combine  -a and -t parameters with the ss command in the following syntax:

# ss -at

ss command for a and t parameters

If you need to list only TCP connections that are currently listening for incoming connections, execute the -l and -t options with the ss command.

# ss -lt

ss lt

Use Case #5: List UDP Connections

Monitoring UDP traffic is important for applications that handle packet loss or require real-time performance.

You can execute the following command to list all UDP connections (including established and listening):

# ss -u

Alternatively, you can also use the –udp flag to list this information:

# ss --udp

ss command for list udp connection

Note that the output will not produce any results if there are no listening ports.

List All UDP Connections

To list all UDP connections, regardless of state, combine the -a and -u options with the ss command. 

# ss -au

ss au

To list only UDP connections that are currently listening for incoming connections, combine the ss command with the -l and -u arguments:

# ss -lu

ss lu

Use Case #6: List Unix Sockets

Unix domain sockets are typically identified by a path in the filesystem (e.g., /var/run/myservice.sock) instead of IP addresses and ports. It is important to understand Unix domain sockets to troubleshoot communication between processes on the Linux system. 

To display all sockets from the Unix family, simply use:

# ss -f unix

OR

# ss -x

ss -x

Use Case #7: List Connections to a Specific IP Address

Execute the following command to display connections targeting a specific IP address:

# ss dst <address>

For instance:

# ss dst 157.148.120.98

The ss dst displays the IP addresses your system is communicating with. It helps troubleshoot network issues or monitor application behavior.

ss dst

To list all connections to a specific source address, run:

# ss src <addresss>

For instance:

# ss src 184.107.122.45

ss src

NOTE: To view all incoming connections to your system, find your IP address and use it with the ss src command.

Use Case #8: List Raw Sockets

Raw sockets are a low-level network communication mechanism that bypasses the usual protocol layers (TCP, UDP) offered by the operating system.

To display information about raw sockets, execute the following command: 

# ss -w

Alternatively, you can also execute:

# ss --raw

Use Case #9: List Summary Statistics

At times, users need to identify trends in network usage, such as sudden spikes in connections or changes in protocol distribution. 

To display summary statistics for connections, execute:

# ss -s

ss -s

The output displays information such as the total number of connections, TCP and UDP connections, number of listening sockets, and the number of packets waiting to be sent or received.

Use Case #10: Check Process IDs

Process ID or PID is the numerical identifier of the process responsible for opening the network connection. It is used to troubleshoot network issues or understand which applications are communicating over the network.

To display the Process IDs (PID), simply use:

# ss -p

ss -p

Use Case #11: List IPv4 and IPv6 Socket Connections

When dealing with network problems potentially related to a specific protocol version, filtering by IPv4 or IPv6 can help isolate the source.

To narrow down the results, filter IPv4 or IPv6 connections using:

# ss -3

OR

# ss -6

For instance, you can see all the UDP connections using IPv6 by executing:

# ss -au4

Here,

a: Indicates all connections

U: Indicates UDP connections

4: Indicates IPv4

The command displays all UDP connections using IPv4.

ss -au4

Use Case #12: Filter Connections

With the ss command, you can refine your search and look for particular ports or TCP statuses.

Filter by Port Number

To filter connections using a specific destination port number or port name, execute the following command:

# ss <options> dst :<port number or name>

For instance,

# ss dst :5228

Alternatively, you can also specify a port name instead.

# ss dst :ssh

You can combine multiple queries to refine your search further for more advanced filtering options. 

For instance, to filter all connections with a source port called mysql or a destination port 5228, execute:

# ss -a dst :5228 or src :mysql

ss -a dst

This command displays all connections where the destination port is either 5228 or the source port name is mysql.

Filter Using TCP States

To narrow down TCP connections by using predefined states for TCP, run this command:

# ss state <name of state>

For instance, all connections with a source port mysql or a destination port 5228 could be found by executing:

# ss -t state listening

ss -t state listening

Use Case #13: Check Man Pages or List All Commands

Man pages are the go-to resource for understanding Linux commands in depth. They provide information such as detailed descriptions of options and advanced features.

You can check the manual page in the terminal to get a detailed overview using the ss command.

To view the manual page, run:

# man ss

To view a concise overview of the most common options supported by ss, run:

# ss -h

Conclusion

Mastering the ss command in Linux can greatly enhance your ability to monitor and manage network connections efficiently. With its concise yet powerful syntax, ss offers a comprehensive set of options for examining socket statistics, making it indispensable for troubleshooting network issues, analyzing network performance, and ensuring optimal system operation.

By exploring the various examples and options provided in this guide, you can gain a deeper understanding of how to harness the full potential of the ss command in your Linux environment. 

Whether you need to list active connections, filter results based on specific criteria, or delve into advanced network analysis, ss provides the tools you need to navigate the intricacies of networking easily.

By incorporating ss into your toolkit and familiarizing yourself with its capabilities, you can streamline your network monitoring workflows and empower yourself to manage your Linux system’s network connectivity effectively. So, dive in, experiment with the ss command, and unlock new possibilities for network administration in Linux.

FAQs

Q. What is the ss tool in Linux?

The ss tool in Linux is used to display detailed information about network sockets, making it valuable for network administrators.

Q. How do I list all TCP socket connections using the ss command?

To list all TCP socket connections, use the command: ss -t.

Q. How can I display all UDP sockets with the ss command?

You can display all UDP sockets with the command: ss -u.

Q. What does the -a option do in the ss command?

The -a option displays all sockets, including listening and non-listening (established) sockets: ss -a.

Q. How can I filter incoming connections using the ss command?

To filter and display only listening (incoming) connections, use the -l option: ss -l.

Q. What is the purpose of the -s option in the ss command?

The -s option provides a summary of socket statistics: ss -s.

Q. How do I display detailed information about a specific protocol, like TCP, using the ss command?

Use the -p option to display detailed information about the processes using the sockets: ss -p.

Q. Can I list all sockets of a specific type, such as UNIX sockets with the ss command?

Yes, use the -x option to list all UNIX domain sockets: ss -x.

Q. How do I view socket information for a specific IP version using the ss command?

To filter sockets by IP version, use -4 for IPv4 or -6 for IPv6: ss -4 or ss -6.

Q. How can I display all SSH connections using the ss command?

To display all SSH connections, filter by port 22 (the default SSH port): ss -t state established ‘( dport = :22 or sport = :22 )’.

Try this guide with our instant dedicated server for as low as 40 Euros