ss

What is ss

ss is a command-line tool that is available in quite a lot unix distributions.This tool is used for displaying network socket related information on a Linux system. The tool displays more detailed information than the netstat command which is used for displaying active socket connections.

How to use ss

# syntax
ss <OPTIONS>

##### examples with parameters
ss -t # show all tcp sockets
ss -u # show all udp sockets
ss -l # show only listening sockets (important one)
ss -n # don't resolve service names (only port numbers will be shown instead of the service that is bound to the port
ss -i # show internal tcp information
ss -p # show the processes that are bound to this service
ss -e # show detailed socket information

ss -4 # show only ip version 4 sockets
ss -6 # show only ip version 6 sockets

# best combinations so far :
ss -tuln # gives a perfect look on what interesting services are currently running
ss -tulen # addition to ss -tuln : show extra information about the socket
ss -tulpen # addition to the command ss-tulen : show extra information of the processes that are bound to the service/socket

ss command explained

Netid

Displays the socket type, e.g : tcp/udp etc.

State

current state of the the service.

Recv-Q/Send-Q

Proto     Recv-Q   Send-Q    Local Address      Foreign Address     State        PID/Program name
# Recv-Q
tcp       8216172  0         127.0.0.1:9503     127.0.0.1:47654     ESTABLISHED  34390/python
# Send-Q
tcp       0        4189632   127.0.0.1:47686    127.0.0.1:9503      ESTABLISHED  34379/python

Recv-Q

means that process 34390 has a connection open, between port 9503 on the local host, and port 47654 on the local host, and that 8216172 bytes of data have been received by the kernel on port 9503 but haven’t yet been copied by the process.

Send-Q

means that process 34379 has a connection open, between port 47686 on the local host, and port 9503 on the local host, and that 4189632 bytes of data have been sent from port 47686 but not acknowledged yet (so they’re still in the TCP window).

Local Address:Port

process is bound to <host>:<port>, so for example; a process can be bound to 127.0.0.1:8381 (localhost on port 8381)

Peer Address:Port

The address and port number of the remote end of the connection. (what ip's with which ports can connect to the service)

Process

An overview is shown of the processes that are attached to this service

PreviousNetwork monitoring (netstat, ss)Nextnetstat

Last updated