The ss command is a tool included with the iproute2 package in Linux. It is designed to provide detailed socket statistics about network connections and protocols. It is considered to be a better alternative to the netstat command, as it provides more detailed information and is more efficient in terms of resource usage.
Overview
To use the ss command, simply open a terminal and type ss followed by any applicable options. By default, running the ss command without any options will display a list of all open network connections on the system.
$ ss
The output of this command will show the following columns:
State: the current state of the connection (e.g. established, listening, closed)Recv-Q: the number of bytes waiting to be receivedSend-Q: the number of bytes waiting to be sentLocal Address: the IP address and port number of the local endpointPeer Address: the IP address and port number of the remote endpointProcess ID/Program name: the process ID and name of the program that created the connection
The ss command can also be used to filter the output based on specific criteria. For example, to display only TCP connections, use the -t option:
$ ss -t
To display only listening sockets, use the -l option:
$ ss -l
To display only IPv4 connections, use the -4 option:
$ ss -4
To display only IPv6 connections, use the -6 option:
$ ss -6
To display all established connections, use the -o option:
$ ss -o state established
To display all connections that are in the TIME-WAIT state, use the -o option with the tw argument:
$ ss -o state time-wait
Options
The following table lists all available options for the ss command:
| Option | Description |
|---|---|
-a |
Display all sockets (default) |
-t |
Display TCP sockets |
-u |
Display UDP sockets |
-d |
Display DCCP sockets |
-w |
Display RAW sockets |
-x |
Display Unix domain sockets |
-f FAMILY |
Display sockets of type FAMILY (e.g. inet, inet6, unix) |
-4 |
Display only IPv4 sockets |
-6 |
Display only IPv6 sockets |
-0 |
Display only listening sockets |
-1 |
Display only established sockets |
-2 |
Display only SYN_SENT sockets |
-3 |
Display only SYN_RECV sockets |
-4 |
Display only FIN_WAIT1 sockets |
-5 |
Display only FIN_WAIT2 sockets |
-6 |
Display only TIME_WAIT sockets |
-7 |
Display only CLOSE sockets |
-8 |
Display only CLOSE_WAIT sockets |
-9 |
Display only LAST_ACK sockets |
-A |
Display all sockets (similar to -a) |
-l |
Display only listening sockets |
-n |
Do not resolve hostnames |
-o |
Show timer information |
-p |
Show process using socket |
-s |
Print statistics |
-Z |
Print context information |
Troubleshooting Tips
If you are having trouble using the ss command, here are a few tips to help you troubleshoot common issues:
- Make sure that you are running the command as a privileged user (i.e. with
sudoor as the root user). Some options may not be available if you are not running the command as a privileged user. - If you are not seeing any output from the
sscommand, try using the-noption to disable hostname resolution. This can sometimes speed up the command and prevent it from hanging. - If you are experiencing slow performance or high resource usage when running the
sscommand, try using the-Zoption to print context information. This can help you identify any issues with the system’s security context that may be affecting the command.
Notes
- The
sscommand is a powerful tool for troubleshooting network connections and protocols in Linux. It provides more detailed information than thenetstatcommand and is more efficient in terms of resource usage. - When using the
sscommand, it is important to understand the various options and how they can be used to filter and customize the output. - Always use caution when working with network connections and protocols, as incorrect use of these tools can lead to serious security issues.