Reduce context-switching for engineers

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

Ss Command - Network Socket Statistics Tool | Online Free DevTools by Hexmos

Master the ss command for network socket statistics. Learn to display, filter, and analyze network connections with examples for TCP, UDP, listening sockets, and process information.

Ss Command - Network Socket Statistics

Understanding the Ss Command

The ss command is a powerful utility in Linux and Unix-like operating systems used to investigate network sockets. It provides detailed information about network connections, listening sockets, and routing tables, offering a more efficient alternative to the older netstat command. This tool is invaluable for network administrators, developers, and security professionals for diagnosing network issues, monitoring performance, and understanding network traffic.

Core Ss Command Usage

The basic syntax of the ss command allows for a quick overview of active network connections. By default, it displays TCP and UDP sockets. Understanding its various options is key to leveraging its full potential for network analysis.

Basic Usage and Options

Here's how to get started with the ss command:

# ss
# Dump socket statistics for network connections.
#
# Options:
#   -4/-6   list ipv4/ipv6 sockets
#   -n      numeric addresses instead of hostnames
#   -l      list listening sockets
#   -u/-t/-x list udp/tcp/unix sockets
#   -p      Show process(es) that using socket

# Basic usage to display all sockets
ss

# List all TCP connections
ss -t

# List all UDP connections
ss -u

# Show listening sockets
ss -l

# Display summary statistics
ss -s

# Display all sockets, including those in established state
ss -a

# Show detailed information with numeric addresses
ss -n

Advanced Filtering and Analysis

The ss command excels in its ability to filter and display specific types of network information. This allows users to pinpoint relevant data quickly and efficiently.

Filtering Sockets by State and Protocol

You can refine your search by specifying the state of the socket or its protocol: 

# Filter sockets by state (e.g., LISTEN, ESTABLISHED)
ss state LISTEN

# Display sockets of a specific protocol (e.g., TCP)
ss -t -a

# Display IPv4 sockets
ss -4

# Display IPv6 sockets
ss -6

Showing Process Information

Identifying which processes are using specific sockets is crucial for troubleshooting: 

# Show sockets belonging to a specific user
ss -u -p USER

# Show sockets related to a specific process
ss -p

Combining Filters for Precise Results

The true power of ss lies in its ability to combine multiple options and filters to get highly specific output. This is essential for complex network environments.

Port and Destination Filtering

Filter connections based on source or destination ports and IP addresses: 

# Filter based on specific ports
ss 'sport = :80' # source port 80
ss 'dport = :22' # destination port 22

# Combine filters for more refined results
ss -t -a 'dport = :22' state ESTABLISHED

# Show all listening TCP ports, including the corresponding process.
ss -tlp

# Show a summary of all ports connecting to 192.168.2.1 via port 80.
ss -t dst 192.168.2.1:80

Filtering by Service Name and TCP State

Utilize service names and TCP states for more readable and accurate filtering: 

# Show all SSH-related connection.
#
# Documentation on the filter syntax can be installed via the following command
# if on a Debian- or Ubuntu-based distribution of Linux:
#
#     sudo apt-get install iproute2-doc
#
ss -t state established '( dport = :ssh or sport = :ssh )'

# Display timer information.
ss -tno

# Filter connections by TCP state.
ss -t4 state established

Further Resources

For more in-depth information on the ss command and its capabilities, consult the official documentation:

← Back to cmd cheatsheets All cheatsheets 🙏  Credits & Acknowledgments