The ss command is the successor to the netstat command on Linux systems. The command is used by system administrators to see information about network connections. It allows you to check things like the status, origin, and destination of connections. In addition, ss displays route tables, interface statistics, masquerade connections, and multicast memberships.
In this guide, you’ll learn how to use the ss command through examples and explanations. We’ll show you its most common uses and everything you need to know in order to use it effectively.
In this tutorial you will learn:
- How to use
sscommand
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Any Linux disto |
| Software | N/A |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Frequently used options
| Option | Description |
|---|---|
| -t | Show TCP connections only. |
| -a | Show both listening and non listening connections. |
| -s | Show summary of connection statistics. |
| -n | Show numerical addresses instead of trying to determine symbolic host, port or user names. |
| -p | Show which processes are using a socket. |
| -e | Show extended information about a socket. |
Usage Examples
It’s best to login to the root account or execute
ss commands with sudo, as many of its functions require administrator privileges to access.Let’s start with the most basic ss command, which would simply be:
# ss Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 17421 * 17420 u_str ESTAB 0 0 * 79695844 * 0 u_str ESTAB 0 0 * 16718 * 16719 u_str ESTAB 0 0 * 79695893 * 0 u_str ESTAB 0 0 * 14139 * 14637 u_str ESTAB 0 0 /run/systemd/journal/stdout 14637 * 14139 u_str ESTAB 0 0 /run/systemd/journal/stdout 15486 * 15483 u_str ESTAB 0 0 * 18974 * 18975 u_str ESTAB 0 0 * 16303 * 16302 u_str ESTAB 0 0 * 15483 * 15486
This output shows us information about all current connections on the system. If there are clients connected to the computer (such as web browsers connected to a web server), you’ll also see those connections listed here. Let’s have a look at what each of these columns represent:
| Column | Description |
|---|---|
| Netid | The type of socket. It’s common to see a lot of u_str in this column, which is stream socket. Other types include IPv6 or ICMP sockets. |
| State | The state of the connection. Only useful for TCP connections since UDP is a stateless protocol. |
| Recv-Q | The number of bytes not copied by the user program connected to this socket. |
| Send-Q | The number of bytes not acknowledged by the remote host. |
| Local Address:Port | The local socket and port number used for a connection. |
| Peer Address:Port | The remote socket and port number used for a connection. |
To list currently established TCP sockets, use the -t option. If you also want to list listening (non-established) TCP sockets, use -t -a. Replace -t with -u for UDP sockets.
# ss -t State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.0.0.1:44798 10.0.0.1:mysql ESTAB 0 0 10.0.0.1:mysql 192.168.71.65:54556 ESTAB 0 0 10.0.0.1:mysql 192.168.71.65:54564 ESTAB 0 0 10.0.0.1:44800 10.0.0.1:mysql ESTAB 0 0 10.0.0.1:mysql 192.168.71.65:54558 ESTAB 0 0 10.0.0.1:mysql 10.0.0.1:44802 ESTAB 0 0 10.0.0.1:ssh 10.0.0.23:39374
Show which processes are using the socket with the -p option.
# ss -t -p
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
ESTAB 0 0 10.0.2.15:39658 52.84.129.32:https users:(("MainThread",pid=3434,fd=132))
ESTAB 0 0 10.0.2.15:57130 13.249.94.65:https users:(("MainThread",pid=3434,fd=149))
ESTAB 0 0 10.0.2.15:34382 23.46.30.149:http users:(("MainThread",pid=3434,fd=128))
Show a summary of statistics about all types of connections with -s.
# ss -s Total: 153 (kernel 376) TCP: 14 (estab 7, closed 1, orphaned 0, synrecv 0, timewait 1/0), ports 0 Transport Total IP IPv6 * 376 - - RAW 1 0 1 UDP 4 4 0 TCP 13 11 2 INET 18 15 3 FRAG 0 0 0
Conclusion
ss is an all-in-one network information command for Linux. In this guide, we learned how to use the ss command through examples and frequently used options. Be sure to check out the man pages if you’d like to read about more options for the command.
