ss command
Linux

How To Use ss Command in Linux

3 min read 29 septembre 2021

ss is a command used to show network statistics on a Linux, This tool is similar to the netstat command but with more details.

In this guide, we will see how this command can be used to display multiple network socket information in Linux with 10 examples.

Show all connections :

ss command without options displays all the connections regardless of their state :

[root@srv ~]# ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 39987 * 39988
u_str ESTAB 0 0 * 39942 * 39943
u_str ESTAB 0 0 * 39984 * 39985
u_str ESTAB 0 0 * 39985 * 39984
u_str ESTAB 0 0 * 39958 * 39957
u_str ESTAB 0 0 * 39990 * 39991
u_str ESTAB 0 0 * 39991 * 39990
u_str ESTAB 0 0 * 39988 * 39987
u_str ESTAB 0 0 * 39957 * 39958
u_str ESTAB 0 0 * 36290 * 36293
u_str ESTAB 0 0 /run/systemd/journal/stdout 22240 * 22239
u_str ESTAB 0 0 * 39933 * 39932
u_str ESTAB 0 0 * 39978 * 39979
u_str ESTAB 0 0 * 39979 * 39978
u_str ESTAB 0 0 * 39960 * 39961
u_str ESTAB 0 0 * 39976 * 39975
u_str ESTAB 0 0 * 39949 * 39948
u_str ESTAB 0 0 * 39982 * 39981
u_str ESTAB 0 0 * 22239 * 22240
u_str ESTAB 0 0 * 39948 * 39949
u_str ESTAB 0 0 * 39981 * 39982

Display listening Sockets with ss command:

To display only listening sockets, use the -l option :

[root@srv ~]# ss -l
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 rtnl:kernel *
nl UNCONN 0 0 rtnl:NetworkManager/6709 *
nl UNCONN 0 0 rtnl:NetworkManager/6709 *
nl UNCONN 4352 0 tcpdiag:ss/8647 *
nl UNCONN 768 0 tcpdiag:kernel *
nl UNCONN 0 0 xfrm:kernel *
nl UNCONN 0 0 selinux:kernel *
nl UNCONN 0 0 selinux:systemd/1 *
nl UNCONN 0 0 selinux:dbus-daemon/6600 *
nl UNCONN 0 0 selinux:dbus-daemon/6600 *
nl UNCONN 0 0 selinux:systemd/1 *
nl UNCONN 0 0 audit:kernel *
nl UNCONN 0 0 audit:systemd/1 *

Show all TCP connections :

To display only TCP connections use the -t option :

[root@srv ~]# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.162.140:ssh 192.168.162.1:50870
ESTAB 0 48 192.168.162.140:ssh 192.168.162.1:50853

Show all UDP connections :

To display only UDP connections use the -u option :

[root@srv ~]# ss -ua
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:bootpc *:*

View all listening UDP connections :

To display Listening UDP Connections use the -lu option :

[root@srv ~]# ss -lu
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:bootpc *:*

Display the PIDs of sockets :

To do this use the –p option :

[root@srv ~]# ss -p
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 39987 * 39988 users:(("master",pid=7286,fd=81))
u_str ESTAB 0 0 * 39942 * 39943 users:(("master",pid=7286,fd=36))
u_str ESTAB 0 0 * 39984 * 39985 users:(("master",pid=7286,fd=78))
u_str ESTAB 0 0 * 39985 * 39984 users:(("master",pid=7286,fd=79))
u_str ESTAB 0 0 * 39958 * 39957 users:(("master",pid=7286,fd=52))
u_str ESTAB 0 0 * 39990 * 39991 users:(("master",pid=7286,fd=84))
u_str ESTAB 0 0 * 39991 * 39990 users:(("master",pid=7286,fd=85))
u_str ESTAB 0 0 * 39988 * 39987 users:(("master",pid=7286,fd=82))
u_str ESTAB 0 0 * 39957 * 39958

You can use the grep command to filter out matches :

[root@srv ~]# ss -p | grep 7286
u_str ESTAB 0 0 * 39987 * 39988 users:(("master",pid=7286,fd=81))
u_str ESTAB 0 0 * 39942 * 39943 users:(("master",pid=7286,fd=36))
u_str ESTAB 0 0 * 39984 * 39985 users:(("master",pid=7286,fd=78))
u_str ESTAB 0 0 * 39985 * 39984 users:(("master",pid=7286,fd=79))
u_str ESTAB 0 0 * 39958 * 39957 users:(("master",pid=7286,fd=52))
u_str ESTAB 0 0 * 39990 * 39991 users:(("master",pid=7286,fd=84))
u_str ESTAB 0 0 * 39991 * 39990 users:(("master",pid=7286,fd=85))
u_str ESTAB 0 0 * 39988 * 39987 users:(("master",pid=7286,fd=82))
u_str ESTAB 0 0 * 39957 * 39958 users:(("master",pid=7286,fd=51))

Statistics with ss command :

If you want to display a summary of the sockets statistics use the -s option :

[root@srv ~]# ss -s
Total: 575 (kernel 969)
TCP: 10 (estab 2, closed 1, orphaned 0, synrecv 0, timewait 0/0), ports 0
Transport Total IP IPv6
969 - -
RAW 1 0 1
UDP 1 1 0
TCP 9 4 5
INET 11 5 6
FRAG 0 0 0

Show IPv4 sockets with ss:

[root@srv ~]# ss -4
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 0 192.168.162.140:ssh 192.168.162.1:50870
tcp ESTAB 0 48 192.168.162.140:ssh 192.168.162.1:50853

Show IPv6 sockets :

[root@srv ~]# ss -6

Filter Connections by Port Number :

[root@srv ~]# ss -at '( dport = :22 or sport = :22 )'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:ssh *:*
ESTAB 0 0 192.168.162.140:ssh 192.168.162.1:50870
ESTAB 0 48 192.168.162.140:ssh 192.168.162.1:64462
ESTAB 0 0 192.168.162.140:ssh 192.168.162.1:64465
ESTAB 0 0 192.168.162.140:ssh 192.168.162.1:50853
LISTEN 0 128 :::ssh :::*
[root@srv ~]#
Post Views: 547

You might also like

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *