Skip to main content

ss

The ss (socket statistics) command is a utility for investigating sockets in Linux and Unix systems. It's a modern replacement for the older netstat command, offering more information and faster execution. ss is used to display various network statistics and is a powerful tool for diagnosing issues and monitoring network performance.

Purpose of ss

  1. Investigate Sockets: ss provides detailed information about sockets (TCP, UDP, Unix domain sockets, etc.), including their state, addresses, ports, and associated process IDs.

  2. Network Troubleshooting: It's valuable for troubleshooting network issues, as it helps identify open ports and establish connections.

  3. Performance Monitoring: ss can be used to monitor the performance of the network, like checking the number of connections to a server, the state of these connections, and so on.

  4. Faster Execution: It's faster than netstat as it retrieves information directly from kernel space.

Examples of How ss is Used

  1. List All Open Sockets:

    • Command: ss -a
    • This lists all open sockets, both listening and non-listening.

  2. List TCP Sockets:

    • Command: ss -t
    • Shows all open TCP sockets. Add -a to include listening sockets, or -r to resolve IP addresses to hostnames.

  3. List Listening Sockets:

    • Command: ss -l
    • Displays all sockets that are in a listening state, which is useful for checking which services are running and listening for connections.

  4. Show Established Connections:

    • Command: ss state established
    • Lists all established connections. Useful for seeing currently active connections.

  5. Display UDP Sockets:

    • Command: ss -u
    • Lists all UDP sockets. As with TCP sockets, -a includes listening sockets.

  6. Filter Sockets by Port:

    • Command: ss -at '( dport = :22 or sport = :22 )'
    • Shows all TCP sockets where either the destination or source port is 22 (SSH).

  7. Show Process Information:

    • Command: ss -tp
    • Lists TCP sockets along with the process ID (PID) and process name of the socket owner, which is extremely helpful for identifying which process is using which port.

  8. List Sockets for a Specific Network:

    • Command: ss dst 192.168.1.15
    • Displays sockets connected to a specific destination IP.

  9. Show Socket Memory Usage:

    • Command: ss -tm
    • Provides information on the memory usage of sockets, useful for diagnosing potential memory-related network issues.

  10. List IPv6 Sockets:

    • Command: ss -6
    • Lists sockets that are using IPv6.

Conclusion

The ss command is a versatile and powerful tool for network analysis and troubleshooting on Linux and Unix systems. Its ability to provide detailed and rapid insights into socket statistics makes it a go-to command for network administrators and IT professionals. It's especially useful in environments with a large number of network connections and for diagnosing complex network issues.