ss command in linux

Linux is celebrated for its versatility and robust command-line utilities. One such utility is the ‘ss’ command, which stands for “Socket Statistics.” It is a potent tool for inspecting and displaying detailed information about network sockets on a Linux system. The ‘ss’ command is an indispensable resource for network administrators, system administrators, and developers, offering insights into network connections, routing tables, and more.

In this comprehensive guide, we’ll explore the ‘ss’ command, its various options, and use cases, and provide real-world examples to help you harness its full potential.

Basic Syntax of `ss` command in Linux

Before diving into the intricacies of ‘ss,’ let’s start with its basic syntax:

ss [options]

Where [options] can be any combination of command-line options that modify the behavior of ‘ss.’ Below, we’ll delve into some common options and their use cases.

Options Available in the `ss` command Linux

We will go through the most common options available.

Options	Description
-t	Display TCP sockets
-u	Display UDP sockets
-l	Display listening sockets
-a	Display all sockets (listening and non-listening)
-e	Display detailed information (including users)
-i	Display internal information
-n	Show numerical addresses instead of resolving
-r	Display the routing table
-s	Display summary statistics
-4	Display only IPv4 sockets
-6	Display only IPv6 sockets
-o	Show timers
-p	Show process information
-P	Show process statistics
–timewait	Display TIME-WAIT sockets
–listening	Display listening sockets
–all	Display all sockets (listening and non-listening)
–numeric	Show numerical addresses instead of resolving
–extended	Display extended socket information
–resolve	Resolve hostnames
–processes	Display process information
–processes-raw	Display process information in raw format
–summary	Display summary statistics

Note : This is not an exhaustive list, and the ‘ss’ command offers additional options and flexibility. You can explore further options and combinations by referring to the ‘ss’ manual page using the command man ss in your terminal.

Displaying Socket Information:

List All Sockets:

To obtain a comprehensive list of all active sockets on your system, use the following command:

ss

When you execute this command, it provides a detailed list of established connections. This information includes the protocol type (e.g., TCP, UDP, RAW), local and foreign addresses, the state of each connection, and more.

Filtering by Protocol:

You can narrow down the socket list by specifying a particular protocol. For instance, if you want to view only TCP sockets, use the -t option like this:

ss -t

This command displays only TCP sockets, making it easier to focus on a specific type of connection.

Display Listening Sockets:

To see all sockets currently in the listening state (sockets waiting for incoming connections), employ the -l option:

ss -l

This command helps you identify which services or applications are actively listening for incoming network connections.

Display Established Connections:

If you’re interested in viewing exclusively established connections (sockets that are actively communicating), use the -e option:

ss -e

This command provides a concise list of connections that are currently established, omitting listening or other states.

Advanced Filtering and Display Options:

The ‘ss’ command offers more advanced options for filtering and customizing the displayed socket information.

Filter by Port:

To filter sockets based on a specific port number, you can use commands like this:

ss sport = :80

This command, for example, displays sockets with a source port of 80. It’s useful for pinpointing connections related to a particular service or port.

Display IPv6 Sockets:

If you need to view IPv6 sockets in addition to IPv4, use the `-6` option:

ss -6

This command allows you to see both IPv4 and IPv6 socket information.

Display Summary Statistics:

To obtain summary statistics about various socket types, utilize the -s option:

ss -s

Running this command provides a summarized overview of socket types, including their counts and various states.

Real-World Examples:

Example 1: Display TCP Connections to Port 22 (SSH):

ss -t sport = :22

This command specifically displays TCP connections with a source port of 22, which is typically associated with SSH connections. It helps you identify active SSH sessions.

Example 2: Show UDP Listening Ports:

ss -ul

This command lists all UDP sockets in the listening state, which is valuable for identifying open UDP ports on your system.

Example 3: Display Summary Statistics for TCP and UDP:

ss -s -t -u

Here, the command combines `-s` with `-t`and `-u` to provide summary statistics separately for TCP and UDP socket types, offering insights into the overall network usage on your system.

Conclusion:

The ‘ss’ command is a valuable tool for examining network sockets and connections on a Linux system. Its flexibility and numerous options make it suitable for a wide range of tasks, from troubleshooting network issues to monitoring network activity.

In this guide, we’ve covered the basic syntax of ‘ss’ and explored various options and real-world examples to illustrate its practical use. By mastering the ‘ss’ command, you gain insight into the network activity on your Linux system and can effectively manage and troubleshoot network-related tasks.