ss - Linux

Overview

The ss (socket statistics) command is a utility for investigating sockets in a Linux system. It allows you to display information about sockets, their attributes, and statistics. The command excels in diagnosing network issues and monitoring network connections. It is a modern replacement for the older netstat command, offering a faster and more informative interface for analyzing network interfaces and connections.

Syntax

The basic syntax of the ss command is:

ss [options] [FILTER]
  • [options]: These are flags and arguments that modify the output or function of the command.
  • [FILTER]: A query used to filter the results based on specific criteria such as state, port, etc.

Options/Flags

The ss command includes several options that help in tailoring the output according to specific needs:

  • -n: Displays addresses as numbers. Prevents the command from trying to resolve DNS hostnames, speeding up the output.
  • -l: Shows listening sockets.
  • -p: Shows the process using the socket.
  • -t: Displays TCP sockets.
  • -u: Displays UDP sockets.
  • -a: Displays both listening and non-listening sockets.
  • -r: Tries to resolve numeric address/ports to names.
  • -s: Prints socket usage statistics.

Examples

  1. View all active connections: 
    ss -t -a
  2. List all UDP sockets: 
    ss -u -a
  3. Show all processes connected to any socket: 
    ss -pl
  4. Filter TCP sockets by state (e.g., established): 
    ss -t state established

Common Issues

  • Performance: Using ss without the -n option may cause delays in large environments due to DNS resolution.
  • Permissions: Some options like -p might require root permissions to view all data.

Solutions: Use ss -n for faster performance by avoiding DNS lookups and consider running with sudo for full visibility.

Integration

ss can be integrated with other commands like grep for more refined output, or within scripts to monitor and log socket state changes:

  • Example with grep:

    ss -t -a | grep ':22'

  • Script usage:

    #!/bin/bash
ss -t state established | grep http > /var/log/http_connections.log
  • netstat: Classical tool for network connections, routing tables, etc. (mostly replaced by ss).
  • lsof: Useful for listing open files, including sockets.
  • ip: Shows / manipulates routing, devices, and tunnels.

For more detailed information, consult the ss man page by typing man ss in your terminal, or visit the online Linux manual pages.