Learn to use ss — utility to investigate sockets

Paras Nath Chaudhary · October 27, 2019

In this post, I will be discussing about a utility you will often use. The utility is ‘ss’. According to the man page of ss: ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state informations than other tools. Here, we will go through some of the basic usages of ‘ss’ command, which are as follows:

$ ss  

Bare ‘ss’ command lists the TCP established connections. It shows ton of information. Now let’s list all listening sockets using -l option

$ ss -l

We have now filtered the listing connections only. We can filter TCP and UDP protocols using -t and -u options respectively. For example, to list all the listening sockets using TCP we use:

$ ss -tl    

In the above command you see the service names like domain, ipp and http, if you want to see the port numbers in use, you can use -n option. The example below will show a list of all listening TCP connections with numeric value for the services:

$ ss -tln  

For the service domain we can see port 53, for ipp port is 631 and for http th port is 80. Another usage, would be to list all the TCP connections and the processes that are using the connection. To show process names along with the TCP connections we use -p tag.

$ ss -tp  

The example above shows, all the tcp connections are from a process with name ‘brave’. You can also list socket connections to a specific machine as :

$ ss dst ip_address_of_destination    

In the example above, you can see the connections to ss command also allows us to filter connections with various states like closing, closed, listening, established, last-ack etc. An example usage would be as follows to list all connections with state ‘close-wait’:
If you want to find more details on the options you can use with ‘ss’ command then check the man page or run

$ man ss  

or you can also run

$ ss -h

Twitter, Facebook