For Linux users, there will come a time when you need to know about the network. Several tools help in this process, but one is more complicated than the other. The ss command is reliable for installing on multiple computers.
On the other hand, the command name tends to be arcane because it incorporates two letters, but it is simple. In Linux/Unix many of the command names are abbreviations. And the ss command is no exception, ss stands for Socket Statistics.
Socket Statistics is a substitute for the old netstat tool, the goal is easier to use and understand.
Uses of the ss command in Linux
The ss command has several functions for knowing the network, ranging from a list of all connections to summaries.
List all connections
First of all, find the use without parameters simply by typing.
ss Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_seq ESTAB 0 0 @00020 56293 * 56294 u_str ESTAB 0 0 * 215268 * 215267 u_seq ESTAB 0 0 * 41910 * 41909 u_str ESTAB 0 0 * 30298 * 29587 u_str ESTAB 0 0 * 24673 * 24672 u_str ESTAB 0 0 * 31779 * 31780 u_str ESTAB 0 0 * 28224 * 30348
List all ports
On the other hand, it retrieves the list of listening ports and does not listen using the -a option as shown below.
ss -a Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port nl UNCONN 0 0 rtnl:goa-daemon/1311 * nl UNCONN 0 0 rtnl:wpa_supplicant/562 * nl UNCONN 0 0 rtnl:230687355 * nl UNCONN 0 0 rtnl:evolution-addre/1477 * nl UNCONN 0 0 rtnl:822 * nl UNCONN 0 0 rtnl:spotify/2643 * nl UNCONN 0 0 rtnl:evolution-calen/1455 * nl UNCONN 0 0 rtnl:NetworkManager/555 * nl UNCONN 0 0 rtnl:kernel * nl UNCONN 0 0 rtnl:firefox-bin/1952 * nl UNCONN 0 0 rtnl:1665139323 * nl UNCONN 0 0 rtnl:avahi-daemon/543 * nl UNCONN 0 0 rtnl:spotify/2643 * nl UNCONN 0 0 rtnl:firefox-bin/1952 * nl UNCONN 0 0 rtnl:evolution-addre/1477 *
List only the sockets that are listening
With the -l parameter it shows us only the sockets that are listening.
ss -l Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port nl UNCONN 0 0 rtnl:goa-daemon/1311 * nl UNCONN 0 0 rtnl:wpa_supplicant/562 * nl UNCONN 0 0 rtnl:230687355 * nl UNCONN 0 0 rtnl:evolution-addre/1477 * nl UNCONN 0 0 rtnl:822 * nl UNCONN 0 0 rtnl:spotify/2643 * nl UNCONN 0 0 rtnl:evolution-calen/1455 * nl UNCONN 0 0 rtnl:NetworkManager/555 * nl UNCONN 0 0 rtnl:kernel * nl UNCONN 0 0 rtnl:firefox-bin/1952 * nl UNCONN 0 0 rtnl:1665139323 * nl UNCONN 0 0 rtnl:avahi-daemon/543 * nl UNCONN 0 0 rtnl:spotify/2643 * nl UNCONN 0 0 rtnl:firefox-bin/1952 * nl UNCONN 0 0 rtnl:evolution-addre/1477 * nl UNCONN 0 0 rtnl:evolution-calen/1455 *
Show TCP or UDP connections
The -t parameter displays the list of all TCP connections and with -u all UDP connections.
ss -t State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.1.14:35972 11.22.112.48:https ESTAB 0 0 192.168.1.14:54024 35.136.224.25:https ESTAB 0 0 192.168.1.14:59390 1.54.224.185:https ESTAB 580 0 192.168.1.14:43016 1.33.3.243:https
List all TCP or UDP connections
Similarly, we can combine the -l parameter, which as we have seen shows us the sockets, with the -t and –u parameters, to display the TCP or UDP connections.
ss -lt State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 10 0.0.0.0:57621 0.0.0.0:* LISTEN 0 32 192.168.122.1:domain 0.0.0.0:* LISTEN 0 5 127.0.0.1:ipp 0.0.0.0:* LISTEN 0 128 0.0.0.0:48699 0.0.0.0:* LISTEN 0 5 [::1]:ipp [::]:*
Display the process PID
Display the process PID using the -p option.
ss -p
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_seq ESTAB 0 0 @00020 56293 * 56294 users:(("app",pid=2643,fd=21))
u_str ESTAB 0 0 * 215268 * 215267 users:(("Web Content",pid=4146,fd=55))
Show a summary of the statistics
On the other hand, we can see a summary of the list of connections. It can be useful when the amount of data is so large to analyze. Using the -s parameter
ss -s Total: 879 TCP: 33 (estab 26, closed 1, orphaned 0, timewait 0) Transport Total IP IPv6 RAW 1 0 1 UDP 12 10 2 TCP 32 31 1 INET 45 41 4 FRAG 0 0 0
Displaying IPv4 or IPv6 connections
Display only IPv4 connections with parameter -4 or IPv6 connections with parameter -6.
ss -4 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp ESTAB 0 0 192.168.1.14:42582 11.11.11.11:https tcp ESTAB 0 0 192.168.1.14:59390 11.1.11.11:https tcp CLOSE-WAIT 637 0 192.168.1.14:43016 11.11.31.11:https
Or IpV6:
ss -6 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port icmp6 UNCONN 0 0 *:ipv6-icmp *:*
Show TCP connections without name resolution
The most common uses in netstat are with the -tn parameter, which displays TCP connections without attempting name resolution. With ss the parameters are the same, as most. This way we can see both the local and the remote address in the connection.
ss -tn State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.1.14:42582 11.11.11.11:443 ESTAB 0 0 192.168.1.14:59390 11.11.11.11:443 CLOSE-WAIT 637 0 192.168.1.14:43020 11.11.31.11:443
Filter connections by port number
In addition, the ss command allows you to filter the socket port number or address.
ss -at '( dport = :22 or sport = :22 )'
Conclusion
The ss commands are very useful, it simply displays the network information.
Similarly, the information it displays includes not only TCP and UDP sockets. the most used types, but also DCCP, RAW, and Unix domain sockets.
The ss command, displayed as a list of all connections, plus a summary. On the other hand, it shows the connection ports.
So, share this post and join our Telegram Channel.
