Using ss command on Linux

The ss command is the successor to the netstat command on Linux systems. The command is used by system administrators to see information about network connections. It allows you to check things like the status, origin, and destination of connections. In addition, ss displays route tables, interface statistics, masquerade connections, and multicast memberships.

In this guide, you’ll learn how to use the ss command through examples and explanations. We’ll show you its most common uses and everything you need to know in order to use it effectively.

In this tutorial you will learn:

  • How to use ss command

ss command on Linux

ss command on Linux

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Any Linux disto
Software N/A
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Frequently used options

Option Description
-t Show TCP connections only.
-a Show both listening and non listening connections.
-s Show summary of connection statistics.
-n Show numerical addresses instead of trying to determine symbolic host, port or user names.
-p Show which processes are using a socket.
-e Show extended information about a socket.

Usage Examples

NOTE
It’s best to login to the root account or execute ss commands with sudo, as many of its functions require administrator privileges to access.

Let’s start with the most basic ss command, which would simply be:

# ss
Netid          State            Recv-Q           Send-Q                                        Local Address:Port                             Peer Address:Port
u_str          ESTAB            0                0                           /var/run/dbus/system_bus_socket 17421                                       * 17420
u_str          ESTAB            0                0                                                         * 79695844                                    * 0
u_str          ESTAB            0                0                                                         * 16718                                       * 16719
u_str          ESTAB            0                0                                                         * 79695893                                    * 0
u_str          ESTAB            0                0                                                         * 14139                                       * 14637
u_str          ESTAB            0                0                               /run/systemd/journal/stdout 14637                                       * 14139
u_str          ESTAB            0                0                               /run/systemd/journal/stdout 15486                                       * 15483
u_str          ESTAB            0                0                                                         * 18974                                       * 18975
u_str          ESTAB            0                0                                                         * 16303                                       * 16302
u_str          ESTAB            0                0                                                         * 15483                                       * 15486

This output shows us information about all current connections on the system. If there are clients connected to the computer (such as web browsers connected to a web server), you’ll also see those connections listed here. Let’s have a look at what each of these columns represent:



Column Description
Netid The type of socket. It’s common to see a lot of u_str in this column, which is stream socket. Other types include IPv6 or ICMP sockets.
State The state of the connection. Only useful for TCP connections since UDP is a stateless protocol.
Recv-Q The number of bytes not copied by the user program connected to this socket.
Send-Q The number of bytes not acknowledged by the remote host.
Local Address:Port The local socket and port number used for a connection.
Peer Address:Port The remote socket and port number used for a connection.

To list currently established TCP sockets, use the -t option. If you also want to list listening (non-established) TCP sockets, use -t -a. Replace -t with -u for UDP sockets.

# ss -t
State            Recv-Q             Send-Q                           Local Address:Port                             Peer Address:Port
ESTAB            0                  0                                10.0.0.1:44798                           10.0.0.1:mysql
ESTAB            0                  0                                10.0.0.1:mysql                           192.168.71.65:54556
ESTAB            0                  0                                10.0.0.1:mysql                           192.168.71.65:54564
ESTAB            0                  0                                10.0.0.1:44800                           10.0.0.1:mysql
ESTAB            0                  0                                10.0.0.1:mysql                           192.168.71.65:54558
ESTAB            0                  0                                10.0.0.1:mysql                           10.0.0.1:44802
ESTAB            0                  0                                10.0.0.1:ssh                              10.0.0.23:39374

Show which processes are using the socket with the -p option.

# ss -t -p
State    Recv-Q    Send-Q        Local Address:Port            Peer Address:Port     Process                                    
ESTAB    0         0                 10.0.2.15:39658           52.84.129.32:https     users:(("MainThread",pid=3434,fd=132))    
ESTAB    0         0                 10.0.2.15:57130           13.249.94.65:https     users:(("MainThread",pid=3434,fd=149))    
ESTAB    0         0                 10.0.2.15:34382           23.46.30.149:http      users:(("MainThread",pid=3434,fd=128))

Show a summary of statistics about all types of connections with -s.



# ss -s
Total: 153 (kernel 376)
TCP:   14 (estab 7, closed 1, orphaned 0, synrecv 0, timewait 1/0), ports 0

Transport Total     IP        IPv6
*         376       -         -
RAW       1         0         1
UDP       4         4         0
TCP       13        11        2
INET      18        15        3
FRAG      0         0         0

Conclusion

ss is an all-in-one network information command for Linux. In this guide, we learned how to use the ss command through examples and frequently used options. Be sure to check out the man pages if you’d like to read about more options for the command.



Comments and Discussions
Linux Forum