ss

Socket Statistics. Shows information similar to netstat, ss can display more TCP and state information than other tools.

Syntax:

     ss [options] [FILTER]

Options

  -n, --numeric    Do now try to resolve service names.
  -r, --resolve    Try to resolve numeric address/ports.
  -a, --all        Display all sockets.
  -l, --listening  Display listening sockets.
  -o, --options    Show timer information.
  -e, --extended   Show detailed socket information
  -m, --memory     Show socket memory usage.
  -p, --processes  Show process using socket.
  -i, --info       Show internal TCP information.
  -s, --summary    Print summary statistics.This option does not parse socket lists
                   obtaining summary from various sources. It is useful when amount
                   of sockets is so huge that parsing /proc/net/tcp is painful.

  -A QUERY,
  --query=QUERY,
  --socket=QUERY   List of socket tables to dump, separated by commas.
                   The following identifiers are understood: all, inet, tcp, udp, raw,
                   unix, packet, netlink, unix_dgram, unix_stream, packet_raw, packet_dgram.

  -D FILE, --diag=FILE
                   Do not display anything, just dump raw information about
                   TCP sockets to FILE after applying filters. If FILE is - stdout is used.

  -f FAMILY, --family=FAMILY
                   Display sockets of type FAMILY.
                   Currently the following families are supported: unix, inet, inet6, link, netlink.

  -F FILE,
  --filter=FILE    Read filter information from FILE. Each line of FILE is
                   interpreted like single command line option. If FILE is - stdin is used.
                   FILTER := [ state TCP-STATE ] [ EXPRESSION ]

  -4, --ipv4       Display only IP version 4 sockets (alias for -f inet).
  -6, --ipv6       Display only IP version 6 sockets (alias for -f inet6).
  -0, --packet     Display PACKET sockets.
  -t, --tcp        Display only TCP sockets.
  -u, --udp        Display only UDP sockets.
  -d, --dccp       Display only DCCP sockets.
  -w, --raw        Display only RAW sockets.
  -x, --unix       Display only Unix domain sockets.

  -h, --help       Show summary of options.
  -V, --version    Output version information.

Look at the official docs (Debian package iproute-doc) for details regarding filters.

Examples

Display all TCP sockets. ss -u -a Display all UDP sockets:

ss -t -a

List all applications connecting to the internet:

ss -p

Display all established ssh connections:

ss -o state established '( dport = :ssh or sport = :ssh )'

Find all local processes connected to X server:

ss -x src /tmp/.X11-unix/*

List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7/24 and look at their timers:

ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24

“If your experiment needs statistics, you ought to have done a better experiment” ~ Ernest Rutherford

Related Linux commands

ip - Routing, devices and tunnels.
nc - Netcat, read and write data across networks.
netstat - Networking connections/stats.

 
Copyright © 1999-2024 SS64.com
Some rights reserved