ss - Linux
Overview
The ss
(socket statistics) command is a utility for investigating sockets in a Linux system. It allows you to display information about sockets, their attributes, and statistics. The command excels in diagnosing network issues and monitoring network connections. It is a modern replacement for the older netstat
command, offering a faster and more informative interface for analyzing network interfaces and connections.
Syntax
The basic syntax of the ss
command is:
ss [options] [FILTER]
- [options]: These are flags and arguments that modify the output or function of the command.
- [FILTER]: A query used to filter the results based on specific criteria such as state, port, etc.
Options/Flags
The ss
command includes several options that help in tailoring the output according to specific needs:
- -n: Displays addresses as numbers. Prevents the command from trying to resolve DNS hostnames, speeding up the output.
- -l: Shows listening sockets.
- -p: Shows the process using the socket.
- -t: Displays TCP sockets.
- -u: Displays UDP sockets.
- -a: Displays both listening and non-listening sockets.
- -r: Tries to resolve numeric address/ports to names.
- -s: Prints socket usage statistics.
Examples
- View all active connections:
ss -t -a
- List all UDP sockets:
ss -u -a
- Show all processes connected to any socket:
ss -pl
- Filter TCP sockets by state (e.g., established):
ss -t state established
Common Issues
- Performance: Using
ss
without the-n
option may cause delays in large environments due to DNS resolution. - Permissions: Some options like
-p
might require root permissions to view all data.
Solutions: Use ss -n
for faster performance by avoiding DNS lookups and consider running with sudo
for full visibility.
Integration
ss
can be integrated with other commands like grep
for more refined output, or within scripts to monitor and log socket state changes:
-
Example with grep:
ss -t -a | grep ':22'
-
Script usage:
#!/bin/bash ss -t state established | grep http > /var/log/http_connections.log
Related Commands
- netstat: Classical tool for network connections, routing tables, etc. (mostly replaced by
ss
). - lsof: Useful for listing open files, including sockets.
- ip: Shows / manipulates routing, devices, and tunnels.
For more detailed information, consult the ss
man page by typing man ss
in your terminal, or visit the online Linux manual pages.