The SS command in Linux is a tool that provides information about network/socket connections much more efficiently than the netstat command. It is gradually replacing the “netstat” tool on some newer systems.
Practical Examples of Using the SS Command on Linux & Ubuntu
Netstat reads file information in the /proc directory to collect display data, which can be challenging if the system has numerous incoming connections. In contrast, the ‘ss’ command retrieves data directly from the kernel space, making it faster.
1. List established connections
By default, if we run ss command on linux | ubuntu without additional options, it will display a list of open non-listening sockets that have established connections, for example TCP sockets, UDP or UNIX.
ss | head -n 5
In the example above arriveddev.com saw more than 500 lines displayed by running the ss command, so you can add the option say ss to easily read and see.
2. Display Listening Sockets
Instead of listing all sockets, we can use the -l option to specifically list the listening sockets that are connected.
ss -lt
3. Display Processes SS Command in Linux
SS Command on Linux & Ubuntu displays the Processes or PID number that owns a socket with the -p option.
ss -pl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 :::http :::*
...
4. Do not resolve Service Names
By default the ss linux command will only resolve the port number as we saw before, for example in the line below we can see 192.168.1.14:ssh where ssh is listed as the local port.
ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 64 192.168.1.14:ssh 192.168.1.191:57091
However if the -n option is specified, this solution will not take place and we will instead see the port number instead of the service name.
ss -n
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 0 192.168.1.14:22 192.168.1.191:57091
5. Resolve Address/Ports Number
It is possible to do the opposite of this and resolve both the IP address and port number with the -r option. With this, we now see the hostname of the 192.168.1.14 server listed when using ss commands on linux & ubuntu.
ss -r
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 64 arriveddev.com:ssh 192.168.1.191:57091
6. IPv4 Sockets
Use the option ‘-4’ to display only information corresponding to IPv4 sockets. In the example of the ‘ss’ command on Linux below, we also use the ‘-l’ option to list all IPv4 listening sockets.
ss -l4
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 192.168.122.1:domain *:*
...
7. IPv6 Sockets
IPv6 is similar to IPv4 Sockets, we can use -6 option to display only information related to IPv6 sockets. In the example of the ss command on linux | ubuntu below, we also use the -l option to list all IPv6 listening.
ss -l6
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 :::ipv6-icmp :::*
udp UNCONN 0 0 :::22834 :::*
udp UNCONN 0 0 ::1:323 :::*
tcp LISTEN 0 128 :::sunrpc :::*
8. TCP Only
Option -t can be used to display TCP sockets only. When combined with -l to show only listening sockets, we can see everything TCP listening is doing.
ss -lt
9. UDP Only
Option -u can be used to display only UDP sockets. Since UDP is a connectionless protocol, running with the -u option will display no output. Instead, this can be combined with the -a or -l option to see all listening UDP sockets.
ss -ul
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:mdns *:*
UNCONN 0 0 *:kpasswd *:*
UNCONN 0 0 *:839 *:*
UNCONN 0 0 *:36812 *:*
UNCONN 0 0 192.168.122.1:domain *:*
UNCONN 0 0 192.168.1.14:domain *:*
10. Unix Sockets
SS command on Linux/Ubuntu with -x option
can only be used to display unix sockets.
ss -x
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 @/tmp/.X11-unix/X0 27818 * 27817
u_str ESTAB 0 0 @/tmp/.X11-unix/X0 26656 * 26655
u_str ESTAB 0 0 * 28344 * 26607
u_str ESTAB 0 0 * 24704 * 24705
11. Lệnh ss Linux & Ubuntu: Display All Information
The option ‘-a’ displays all sockets, both listening and non-listening. In the case of TCP, non-listening sockets are those for which connections have been established. This option is useful to combine with others, for example, to show all UDP sockets, we can add ‘-a’ to ‘-u’, as with only the ‘-u’ option, not much information will be displayed.
ss -u
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 192.168.1.14:56658 129.250.35.251:ntp
ss -ua
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:mdns *:*
UNCONN 0 0 127.0.0.1:323 *:*
ESTAB 0 0 192.168.1.14:56658 129.250.35.251:ntp
UNCONN 0 0 *:21014 *:*
UNCONN 0 0 *:60009 *:*
UNCONN 0 0 192.168.122.1:domain *:*
UNCONN 0 0 *%virbr0:bootps *:*
UNCONN 0 0 *:bootpc *:*
UNCONN 0 0 ::1:323 :::*
UNCONN 0 0 :::43209 :::*
12. Display Socket Memory in use
The -m option can be used to display the amount of memory each socket is using.
ss -ltm
13. Display Internal TCP Information
SS command on Linux/Ubuntu can request additional internal TCP information with the -i
option.
ss -lti
Below each listening socket we can see additional information. Note that the -i
option does not work with UDP, if you instead specify -u instead of -t
, this additional information will not appear.
14. Show summary
We can get a quick overview of statistics with the -s option.
ss -s
Total: 1253 (kernel 1721)
TCP: 13 (estab 1, closed 2, orphaned 0, synrecv 0, timewait 0/0), ports 0
Transport Total IP IPv6
* 1721 - -
RAW 1 0 1
UDP 9 7 2
TCP 11 6 5
INET 21 13 8
FRAG 0 0 0
The -s option allows seeing things like the total number of connections established, as well as the number of each socket type and whether IPv4 or IPv6 is being used.
15. Filter based on status
We can specify the state of a socket to show only sockets in this state.
– For example, we can specify states including setup, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, close, closed-wait, last- ack, listen and close.
The example below shows all established TCP connections. To create this, I connected to the server using SSH and just loaded a website from Apache. We can then see that connections to Apache quickly go into timeout.
ss -t state established
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 64 192.168.1.14:ssh 192.168.1.191:57091
0 0 ::ffff:192.168.1.14:http ::ffff:192.168.1.191:57373
0 0 ::ffff:192.168.1.14:http ::ffff:192.168.1.191:57372
ss -t state time-wait
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 ::ffff:192.168.1.14:http ::ffff:192.168.1.191:57373
0 0 ::ffff:192.168.1.14:http ::ffff:192.168.1.191:57372
ss command on linux | Ubuntu with option -t (illustrative example)
16. Filter based on port number
SS command on Linux | Ubuntu with filter can also be made to list all ports that are less than (lt), greater than (gt), equal to (eq), not equal to (ne), less than or equal to (le), or greater than or by citadel (ge).
ss -ltn sport le 500
17. Display SELinux Context
The -Z and -z options display the SELinux security context of a socket. In the example below, the -t and -l options list only listening TCP sockets, with the -Z option, it is also possible to see SELinux contexts.
ss -tlZ
18. Display Version
Option -v displays version information specific to the ss command, in this case we see the version of the iproute package that provides ss.
ss -v
ss utility, iproute2-ss200127
19. Print Help Documentation
SS command on Linux | Ubuntu with the -h option displays additional help related to the ss command, which is good to use as a quick reference if you need a short description of some of the most commonly used options.
ss -h
20. Display extended information
Option -e to display expanded details
ss -lte
21. Display Timer Information
Option -o can be used to display timer information. This information shows us things like the retransmission timer value, the number of retransmissions that have occurred, and the number of keep-alive probes that have been sent.
ss -to
Through this article you will have a good idea of how to use the SS command on Linux | Ubuntu to quickly check various information related to sockets. You can run the command ss -h for more information on how to use options.