17 C
Texas

How to use the ss command

For Linux users, there will come a time when you need to know about the network. Several tools help in this process, but one is more complicated than the other. The ss command is reliable for installing on multiple computers.

On the other hand, the command name tends to be arcane because it incorporates two letters, but it is simple. In Linux/Unix many of the command names are abbreviations. And the ss command is no exception, ss stands for Socket Statistics.

Socket Statistics is a substitute for the old netstat tool, the goal is easier to use and understand.

Uses of the ss command in Linux

The ss command has several functions for knowing the network, ranging from a list of all connections to summaries.

List all connections

- Advertisement -

First of all, find the use without parameters simply by typing.

ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_seq ESTAB 0 0 @00020 56293 * 56294
u_str ESTAB 0 0 * 215268 * 215267
u_seq ESTAB 0 0 * 41910 * 41909
u_str ESTAB 0 0 * 30298 * 29587
u_str ESTAB 0 0 * 24673 * 24672
u_str ESTAB 0 0 * 31779 * 31780
u_str ESTAB 0 0 * 28224 * 30348

List all ports

On the other hand, it retrieves the list of listening ports and does not listen using the -a option as shown below.

ss -a
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 rtnl:goa-daemon/1311 *
nl UNCONN 0 0 rtnl:wpa_supplicant/562 *
nl UNCONN 0 0 rtnl:230687355 *
nl UNCONN 0 0 rtnl:evolution-addre/1477 *
nl UNCONN 0 0 rtnl:822 *
nl UNCONN 0 0 rtnl:spotify/2643 *
nl UNCONN 0 0 rtnl:evolution-calen/1455 *
nl UNCONN 0 0 rtnl:NetworkManager/555 *
nl UNCONN 0 0 rtnl:kernel *
nl UNCONN 0 0 rtnl:firefox-bin/1952 *
nl UNCONN 0 0 rtnl:1665139323 *
nl UNCONN 0 0 rtnl:avahi-daemon/543 *
nl UNCONN 0 0 rtnl:spotify/2643 *
nl UNCONN 0 0 rtnl:firefox-bin/1952 *
nl UNCONN 0 0 rtnl:evolution-addre/1477 *

List only the sockets that are listening

With the -l parameter it shows us only the sockets that are listening.

ss -l
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 rtnl:goa-daemon/1311 *
nl UNCONN 0 0 rtnl:wpa_supplicant/562 *
nl UNCONN 0 0 rtnl:230687355 *
nl UNCONN 0 0 rtnl:evolution-addre/1477 *
nl UNCONN 0 0 rtnl:822 *
nl UNCONN 0 0 rtnl:spotify/2643 *
nl UNCONN 0 0 rtnl:evolution-calen/1455 *
nl UNCONN 0 0 rtnl:NetworkManager/555 *
nl UNCONN 0 0 rtnl:kernel *
nl UNCONN 0 0 rtnl:firefox-bin/1952 *
nl UNCONN 0 0 rtnl:1665139323 *
nl UNCONN 0 0 rtnl:avahi-daemon/543 *
nl UNCONN 0 0 rtnl:spotify/2643 *
nl UNCONN 0 0 rtnl:firefox-bin/1952 *
nl UNCONN 0 0 rtnl:evolution-addre/1477 *
nl UNCONN 0 0 rtnl:evolution-calen/1455 *

Show TCP or UDP connections

The -t parameter displays the list of all TCP connections and with -u all UDP connections.

ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.14:35972 11.22.112.48:https
ESTAB 0 0 192.168.1.14:54024 35.136.224.25:https
ESTAB 0 0 192.168.1.14:59390 1.54.224.185:https
ESTAB 580 0 192.168.1.14:43016 1.33.3.243:https

List all TCP or UDP connections

Similarly, we can combine the -l parameter, which as we have seen shows us the sockets, with the -t and –u parameters, to display the TCP or UDP connections.

ss -lt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 10 0.0.0.0:57621 0.0.0.0:*
LISTEN 0 32 192.168.122.1:domain 0.0.0.0:*
LISTEN 0 5 127.0.0.1:ipp 0.0.0.0:*
LISTEN 0 128 0.0.0.0:48699 0.0.0.0:*
LISTEN 0 5 [::1]:ipp [::]:*

Display the process PID

Display the process PID using the -p option.

ss -p
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_seq ESTAB 0 0 @00020 56293 * 56294 users:(("app",pid=2643,fd=21))
u_str ESTAB 0 0 * 215268 * 215267 users:(("Web Content",pid=4146,fd=55))

Show a summary of the statistics

On the other hand, we can see a summary of the list of connections. It can be useful when the amount of data is so large to analyze. Using the -s parameter

ss -s
Total: 879
TCP: 33 (estab 26, closed 1, orphaned 0, timewait 0)
Transport Total IP IPv6
RAW 1 0 1
UDP 12 10 2
TCP 32 31 1
INET 45 41 4
FRAG 0 0 0

Displaying IPv4 or IPv6 connections

Display only IPv4 connections with parameter -4 or IPv6 connections with parameter -6.

ss -4
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 0 192.168.1.14:42582 11.11.11.11:https
tcp ESTAB 0 0 192.168.1.14:59390 11.1.11.11:https
tcp CLOSE-WAIT 637 0 192.168.1.14:43016 11.11.31.11:https

Or IpV6:

ss -6
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
icmp6 UNCONN 0 0 *:ipv6-icmp *:*

Show TCP connections without name resolution

The most common uses in netstat are with the -tn parameter, which displays TCP connections without attempting name resolution. With ss the parameters are the same, as most. This way we can see both the local and the remote address in the connection.

ss -tn
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.14:42582 11.11.11.11:443
ESTAB 0 0 192.168.1.14:59390 11.11.11.11:443
CLOSE-WAIT 637 0 192.168.1.14:43020 11.11.31.11:443

Filter connections by port number

In addition, the ss command allows you to filter the socket port number or address.

ss -at '( dport = :22 or sport = :22 )'

Conclusion

The ss commands are very useful, it simply displays the network information.

Similarly, the information it displays includes not only TCP and UDP sockets. the most used types, but also DCCP, RAW, and Unix domain sockets.

The ss command, displayed as a list of all connections, plus a summary. On the other hand, it shows the connection ports.

So, share this post and join our Telegram Channel.

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

LEAVE A REPLY

Please enter your comment!
Please enter your name here



Latest article