20 ss command examples in Linux [Cheat Sheet]


CheatSheet

Reviewer: Deepak Prasad

Introduction to ss command

ss (socket statistics) is a command-line utility to investigate sockets in the Linux system. It displays similar information to netstat command. It can show more TCP and state information.

The ss command output contains the following column headers.

Netid - It shows the type of sockets. For example, u_str (Unix stream), icmp6, tcp, udp, etc.

State - It shows the state of socket.

  • ESTAB: Established connection,
  • UNCONN: Unconnected connection,
  • LISTEN: Listening connection.

Recv-Q - The count of bytes not copied by the user program connected to this socket.

Send-Q - The count of bytes not acknowledged by the remote host.

Local Address:Port - The address and port of local machine.

Peer Address:Port - The address and port of remote machine.

Process - In this column, you will find additional information when relevant options are used.

 

Different examples to use ss command

In this article, we have presented the tutorial on how to use ss command with the most used practical examples.

The general syntax of ss command is:

$ ss [option]

Some of the important options in ss command are:

  • -a: To display all sockets
  • -l: To display only listening sockets
  • -t: To display only TCP sockets
  • -u: To display only UDP sockets
  • -x: To display only UNIX domain sockets
  • -m: To display socket memory usage
  • -s: To display summary statistics

You can also use ss without any option to print all connected sockets in the system.

$ ss 

Sample Output:

ubuntu@golinux:~$ ss
Netid              State                Recv-Q               Send-Q                                                       Local Address:Port                                   Peer Address:Port                Process              
u_str              ESTAB                0                    0                                                       /run/user/1000/bus 32286                                             * 32285                                    
u_str              ESTAB                0                    0                                              /run/dbus/system_bus_socket 27820                                             * 27819                                    
u_str              ESTAB                0                    0                                                                        * 27679                                             * 27680                                    
u_str              ESTAB                0                    0                                              /run/dbus/system_bus_socket 26534                                             * 26533                                    
u_str              ESTAB                0                    0                                              /run/systemd/journal/stdout 22990                                             * 22988                                    
u_str              ESTAB                0                    0                                              /run/dbus/system_bus_socket 31777                                             * 31776                                    
u_str              ESTAB                0                    0                                                    @/tmp/dbus-u1IT8bo0Vc 31063                                             * 31062                                    
u_str              ESTAB                0                    0                                                                        * 30462                                             * 30463                                    

 

1. Display all connections with ss command

With -a or --all option, you can view all the listening and non-listening connections in the system.

$ ss -a

OR

$ ss --all

Sample Output:

ubuntu@golinux:~$ ss -a
Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port  
nl     UNCONN     0      0      rtnl:188                    *                     
nl     UNCONN     0      0      rtnl:systemd/1              *                     
nl     UNCONN     0      0      rtnl:-1883482633            *                     
nl     UNCONN     0      0      rtnl:-110342965             *                     
nl     UNCONN     0      0      rtnl:-608336539             *                     
u_str  LISTEN     0      128    /run/containerd/s/313d55a61cdd8acaea2c8d8ff2b56df328a640db6c2b425faa674658e7a536d2 1436162               * 0                    
u_str  LISTEN     0      128    //csi/csi.sock 119081                * 0                    
u_str  LISTEN     0      128    /run/containerd/s/c3e55b9497dd21a0521cbde2096e89f583548cd0c66fdf7e9859ef32f2091dd2 156165                * 0                    
u_str  LISTEN     0      128    /run/containerd/s/6c1803a3db513b7186513468415f18607d2cfc7615ed615926bed379e1ac41f3 130054                * 0    
u_str  ESTAB      0      0       * 125317                * 120346               
u_str  ESTAB      0      0      /run/systemd/journal/stdout 21076                 * 18881                
u_str  ESTAB      0      0      /var/run/gluster/61333cd4d8be78a4.socket 38456                 * 60512                
u_str  ESTAB      0      0       * 72738                 * 72737                
u_str  ESTAB      0      0       * 64682                 * 63119                
u_str  ESTAB      0      0      /run/systemd/journal/stdout 22714                 * 31570                
tcp    TIME-WAIT  0      0      127.0.0.1:34428                127.0.0.1:9250                 
tcp    TIME-WAIT  0      0      127.0.0.1:35308                127.0.0.1:9250                 
tcp    TIME-WAIT  0      0      192.100.8.210:44416                192.100.8.210:9250                 
tcp    TIME-WAIT  0      0      192.100.8.210:45708                192.100.8.210:9250

 

2. Display only listening sockets with ss command

By default, the listening sockets are not shown in the output. To view the listening sockets, you can use -l or --listening option.

$ ss -l

OR

$ ss --listening

Sample Output:

ubuntu@golinux:~$ ss -l
Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port              Process             
tcp    LISTEN     0      128    192.100.8.210:10250                 *:*                    
tcp    LISTEN     0      128    192.100.4.199:rfe                   *:*                    
tcp    LISTEN     0      128    127.0.0.1:2379                  *:*                    
tcp    LISTEN     0      128    192.100.8.210:2379                  *:*                    
tcp    LISTEN     0      128    127.0.0.1:apollo-relay          *:*                    
tcp    LISTEN     0      128    192.100.8.210:2380                  *:*                    
tcp    LISTEN     0      128    192.100.8.210:8879                  *:*                    
tcp    LISTEN     0      128     *:sunrpc                *:*

 

3. ss command to display all TCP connections

You can use -t or --tcp option to filter the output with TCP connections. The following command shows all the TCP connections in the system.

$ ss -at

OR

$ ss -a --tcp

Sample Output:

ubuntu@golinux:~$ ss -at
State                       Recv-Q                    Send-Q                                             Local Address:Port                                           Peer Address:Port                    Process                   
LISTEN                      0                         4096                                               127.0.0.53%lo:domain                                              0.0.0.0:*                                                 
LISTEN                      0                         128                                                      0.0.0.0:ssh                                                 0.0.0.0:*                                                 
LISTEN                      0                         5                                                      127.0.0.1:ipp                                                 0.0.0.0:*                                                 
ESTAB                       0                         0                                                      10.0.2.15:51644                                        151.101.130.49:https                                             
TIME-WAIT                   0                         0                                            192.168.1.78%enp0s8:55500                                         35.232.111.17:http                                              
TIME-WAIT                   0                         0                                                      10.0.2.15:50064                                          91.189.91.38:http                                              
TIME-WAIT                   0                         0                                               10.0.2.15%enp0s3:55470                                         35.232.111.17:http                                              
ESTAB                       0                         0                                                      10.0.2.15:51642                                        151.101.130.49:https                                             
LISTEN                      0                         128                                                         [::]:ssh                                                    [::]:*                                                 
LISTEN                      0                         5                                                          [::1]:ipp                                                    [::]:*                                                 

 

4. ss command to display all UDP connections

Similarly, you can use -u or --udp option to view only UDP connections in the output.

$ ss -au

OR

$ ss -a --udp

Sample Output:

ubuntu@golinux:~$ ss -au
State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port                
ESTAB      0      0      100.73.52.215:51735                10.254.0.10:domain               
ESTAB      0      0      100.73.52.215:52197                10.254.0.10:domain               
ESTAB      0      0      100.73.52.215:53170                10.254.0.10:domain               
ESTAB      0      0      100.73.52.215:59568                10.254.0.10:domain               
ESTAB      0      0      100.73.52.215:60038                10.254.0.10:domain               
ESTAB      0      0      100.73.52.215:60421                10.254.0.10:domain               
UNCONN     0      0          *:30086                    *:*

 

5. Display Listening TCP and UDP sockets

If you want to view the listening TCP and UDP sockets in the system, you can use the following command.

$ ss -ltu

Sample Output:

ubuntu@golinux:~$ ss -ltu
Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port                
udp    UNCONN     0      0       *:30086                 *:*                    
udp    UNCONN     0      0      192.100.8.210:domain                *:*                    
udp    UNCONN     0      0       *:bootpc                *:*                                     
udp    UNCONN     0      0       *:iris-xpcs             *:*                    
udp    UNCONN     0      0        [::]:sunrpc                 [::]:*                    
udp    UNCONN     0      0        [::]:ntp                    [::]:*                    
udp    UNCONN     0      0       [::1]:323                    [::]:*                    
udp    UNCONN     0      0        [::]:iris-xpcs              [::]:*                    
tcp    LISTEN     0      128    127.0.0.1:44899                 *:*                    
tcp    LISTEN     0      128    192.100.4.199:49155                 *:*                                   
tcp    LISTEN     0      128    127.0.0.1:10248                 *:*                    
tcp    LISTEN     0      128    192.100.4.199:commplex-main         *:*                    
tcp    LISTEN     0      128    127.0.0.1:10249                 *:*                    
tcp    LISTEN     0      128    192.100.4.199:commplex-link         *:*

6. Display only UNIX domain sockets using ss command

You can use -x or --unix option to display only UNIX domain sockets in the system.

$ ss -x

OR

$ ss --unix

Sample Output:

ubuntu@golinux:~$ ss -x
Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port                
u_str  ESTAB      0      0      /run/containerd/s/6ecc8bebd952aa3dffb43b2d6596622c5b5deb6474ca97a0ada64eef34123104 1532888               * 1535688              
u_str  ESTAB      0      0      /run/containerd/s/ec4b93efe2014f5ca4d96b966322346493d165cbbc55586249935fc128cf4f88 117919                * 119857               
u_str  ESTAB      0      0       * 138899                * 122853               
u_str  ESTAB      0      0      /run/containerd/s/b57f8a6c634d9295e37fd52c4deef81f322c792ffda8836064b1e1b8f5a33fac 132456                * 123339               
u_str  ESTAB      0      0      /var/run/docker.sock 66624                 * 64459                
u_str  ESTAB      0      0      /run/containerd/containerd.sock 28549                 * 1630                 
u_str  ESTAB      0      0       * 25143                 * 28206                
u_str  ESTAB      0      0       * 125317                * 120346               
u_str  ESTAB      0      0      /run/systemd/journal/stdout 21076                 * 18881                
u_str  ESTAB      0      0      /var/run/gluster/61333cd4d8be78a4.socket 38456                 * 60512                
u_str  ESTAB      0      0       * 72738                 * 72737                
u_str  ESTAB      0      0       * 64682                 * 63119                
u_str  ESTAB      0      0      /run/systemd/journal/stdout 22714                 * 31570                

 

7. Display all IPv4 sockets with ss command

You can use -4 or --ipv4 option with to list IPv4 sockets in the system.

$ ss -a4

OR

$ ss -a --ipv4

Sample Output:

ubuntu@golinux:~$ ss -a4
Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port                
udp    ESTAB      0      0      100.73.52.215:51735                10.254.0.10:domain               
udp    ESTAB      0      0      100.73.52.215:52150                10.171.8.5:domain               
udp    ESTAB      0      0      100.73.52.215:52197                10.254.0.10:domain               
udp    ESTAB      0      0      100.73.52.215:53170                10.254.0.10:domain                   
udp    ESTAB      0      0      100.73.52.215:32854                10.254.0.10:domain                           
tcp    LISTEN     0      128    127.0.0.1:44899                 *:*                    
tcp    LISTEN     0      128    192.100.4.199:49155                 *:*                    
tcp    LISTEN     0      128    192.100.4.199:49156                 *:*                    
tcp    LISTEN     0      128    192.100.4.199:24007                 *:*                    
tcp    LISTEN     0      128    127.0.0.1:10248                 *:*                    

 

8. Display all IPv6 sockets with ss command

You can use -6 or --ipv6 option with to list IPv4 sockets in the system.

$ ss -a6

OR

$ ss -a --ipv6

Sample Output:

ubuntu@golinux:~$ ss -a6
Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port                
udp    UNCONN     0      0        [::]:sunrpc                 [::]:*                    
udp    UNCONN     0      0        [::]:ntp                    [::]:*                    
udp    UNCONN     0      0       [::1]:323                    [::]:*                    
udp    UNCONN     0      0        [::]:iris-xpcs              [::]:*                    
tcp    LISTEN     0      128      [::]:xmltec-xmlmail         [::]:*                    
tcp    LISTEN     0      128      [::]:10251                  [::]:*                    
tcp    LISTEN     0      128      [::]:fs-mgmt                [::]:*                                   
tcp    TIME-WAIT  0      0      [::ffff:127.0.0.1]:10251                [::ffff:127.0.0.1]:52426                            
tcp    TIME-WAIT  0      0      [::ffff:192.100.8.210]:fs-mgmt              [::ffff:192.100.8.210]:47126                
tcp    TIME-WAIT  0      0      [::ffff:127.0.0.1]:10251                [::ffff:127.0.0.1]:52082                
tcp    TIME-WAIT  0      0      [::ffff:127.0.0.1]:10251                [::ffff:127.0.0.1]:52784                
tcp    TIME-WAIT  0      0      [::ffff:127.0.0.1]:10251                [::ffff:127.0.0.1]:50830                

 

9. ss command to show host names

-r or --resolve option shows names instead of numerical address for host or port.

$ ss -r

OR

$ ss --resolve

Sample Output:

ubuntu@golinux:~$ ss -tar
Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port
udp    ESTAB      0      0      ubuntu-server:60038                kube-dns.kube-system.svc.cluster.local:domain               
udp    ESTAB      0      0      ubuntu-server:34649                kube-dns.kube-system.svc.cluster.local:domain               
udp    ESTAB      0      0      ubuntu-server:35116                kube-dns.kube-system.svc.cluster.local:domain               
udp    ESTAB      0      0      ubuntu-server:41845                kube-dns.kube-system.svc.cluster.local:domain               
udp    ESTAB      0      0      ubuntu-server:44778                kube-dns.kube-system.svc.cluster.local:domain               
tcp    ESTAB      0      0      ubuntu-server.storage.bcmt:49156                192.100.4.235:49147                
tcp    ESTAB      0      0      ubuntu-server.storage.bcmt:49156                192.100.4.213:49147                
tcp    ESTAB      0      0      ubuntu-server:53500                ubuntu-server:2379                 
tcp    ESTAB      0      0      ubuntu-server:53330                ubuntu-server:2379                 
tcp    ESTAB      0      0      ubuntu-server:53360                ubuntu-server:2379                 
tcp    ESTAB      0      0      ubuntu-server:60179                192.100.8.235:49137                
tcp    ESTAB      0      0      ubuntu-server:53494                ubuntu-server:2379                 
tcp    ESTAB      0      0      ubuntu-server:60179                192.100.8.221:52911                
tcp    ESTAB      0      0      ubuntu-server:53132                ubuntu-server:2379

 

10. Show detailed socket information with ss command

You can use -e or --extended option to display detailed socket information in the output.

$ ss -e

OR

$ ss --extended

Sample Output:

ubuntu@golinux:~$ ss -e
tcp    ESTAB      0      0      192.100.4.199:49156                192.100.4.235:49147                 timer:(keepalive,5.090ms,0) ino:31068267 sk:163 <->
tcp    ESTAB      0      0      192.100.4.199:49156                192.100.4.213:49147                 timer:(keepalive,12sec,0) ino:31068258 sk:164 <->
tcp    ESTAB      0      0      192.100.8.210:53500                192.100.8.210:2379                  timer:(keepalive,11sec,0) uid:65534 ino:78669 sk:165 <->
tcp    ESTAB      0      0      192.100.8.210:53330                192.100.8.210:2379                  timer:(keepalive,8.282ms,0) uid:65534 ino:77396 sk:166 <->
tcp    ESTAB      0      0      192.100.8.210:53360                192.100.8.210:2379                  timer:(keepalive,4.055ms,0) uid:65534 ino:74341 sk:167 <->
tcp    ESTAB      0      0      192.100.8.210:60179                192.100.8.235:49137                 ino:65043 sk:168 <->
tcp    ESTAB      0      0      192.100.8.210:53494                192.100.8.210:2379                  timer:(keepalive,9.306ms,0) uid:65534 ino:76068 sk:169 <->
tcp    ESTAB      0      0      192.100.8.210:60179                192.100.8.221:52911                 ino:65056 sk:16a <->
tcp    ESTAB      0      0      192.100.8.210:53132                192.100.8.210:2379                  timer:(keepalive,2.058ms,0) ino:72475 sk:16b <->
tcp    ESTAB      0      0      192.100.8.210:55484                192.100.8.210:2379                  timer:(keepalive,11sec,0) uid:65534 ino:138110 sk:16c <->
tcp    ESTAB      0      0      192.100.4.199:49139                192.100.4.199:24007                 timer:(keepalive,10sec,0) ino:20301 sk:16d <->
tcp    ESTAB      0      0      192.100.8.210:53442                192.100.8.210:2379                  timer:(keepalive,4.789ms,0) uid:65534 ino:76066 sk:16e <->
tcp    ESTAB      0      0      192.100.8.210:42904                192.106.213.23:6800                  ino:49282204 sk:8d7 <->
tcp    ESTAB      0      0      192.100.4.199:49142                192.100.4.172:49152                 timer:(keepalive,7.810ms,0) ino:22249 sk:16f <->

 

11. Display memory usage with ss command

With -m or --memory option, ss shows the socket memory usage in the system.

$ ss -m

OR

$ ss --memory

Sample Output:

ubuntu@golinux:~$ ss -m
Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port                                                                   
u_str         ESTAB           0               0                                             /run/user/1000/bus 32286                                   * 32285           skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)             
u_str         ESTAB           0               0                                    /run/dbus/system_bus_socket 27820                                   * 27819           skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)             
u_str         ESTAB           0               0                                                              * 27679                                   * 27680           skmem:(r0,rb212992,t0,tb425984,f0,w0,o0,bl0,d0)             
u_str         ESTAB           0               0                                    /run/dbus/system_bus_socket 26534                                   * 26533           skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)             
u_str         ESTAB           0               0                                    /run/systemd/journal/stdout 22990                                   * 22988           skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)             
u_str         ESTAB           0               0                                    /run/dbus/system_bus_socket 31777                                   * 31776           skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)             
u_str         ESTAB           0               0                                          @/tmp/dbus-u1IT8bo0Vc 31063                                   * 31062           skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)             
u_str         ESTAB           0               0                                                              * 30462                                   * 30463           skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)             
u_str         ESTAB           0               0                                             /run/user/1000/bus 28719                                   * 28718           skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)             
u_str         ESTAB           0               0                                                              * 20709                                   * 22763           skmem:(r0,rb425984,t0,tb425984,f0,w0,o0,bl0,d0)             

 

12. ss command to display processes that are using socket

-p or --processes option shows processes that are using the socket.

$ ss -p

OR

$ ss --processes

Sample Output:

You can see the details in the Process column.

buntu@golinux:~$ ss -p
Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port                
tcp    ESTAB      0      0      192.100.8.210:53466                192.100.8.210:2379                  users:(("kube-apiserver",pid=12153,fd=57))
tcp    ESTAB      0      0      192.100.8.210:41434                192.100.8.210:2379                  users:(("kube-apiserver",pid=12153,fd=125))
tcp    ESTAB      0      0      100.73.52.215:53436                10.254.0.1:https                 users:(("kube-controller",pid=17831,fd=7))
tcp    ESTAB      0      0      192.100.8.210:54522                192.100.8.210:2379                  users:(("kube-apiserver",pid=12153,fd=92))
tcp    ESTAB      0      0      192.100.8.210:53472                192.100.8.210:2379                  users:(("kube-apiserver",pid=12153,fd=60))
tcp    ESTAB      0      0      192.100.4.199:49150                192.100.4.172:24007                 users:(("glusterd",pid=3763,fd=30))
tcp    ESTAB      0      0      192.100.8.210:pcsync-https         192.100.8.190:38615                 users:(("kube-apiserver",pid=12153,fd=94))

 

13. Display internal TCP information using ss command

You can use -i or --info option to view the internal TCP information.

$ ss -i

OR

$ ss --info

Sample Output:

ubuntu@golinux:~$ ss -it
State                         Recv-Q                         Send-Q                                                 Local Address:Port                                                     Peer Address:Port                         Process                                                                                                                                                                                                                              
ESTAB                         0                              0                                                          10.0.2.15:51430                                                   34.107.221.82:http                         
	 cubic rto:204 rtt:0.375/0.2 ato:40 mss:1460 pmtu:1500 rcvmss:536 advmss:1460 cwnd:10 bytes_sent:598 bytes_acked:599 bytes_received:604 segs_out:12 segs_in:10 data_segs_out:2 data_segs_in:2 send 311.5Mbps lastsnd:5244 lastrcv:5164 lastack:5244 pacing_rate 622.1Mbps delivery_rate 34.5Mbps delivered:3 app_limited retrans:0/1 rcv_space:14600 rcv_ssthresh:64076 minrtt:0.339
ESTAB                         0                              0                                                          10.0.2.15:39130                                                   13.33.146.124:https                        
	 cubic rto:204 rtt:0.66/0.283 ato:40 mss:1460 pmtu:1500 rcvmss:1425 advmss:1460 cwnd:10 bytes_sent:942 bytes_acked:943 bytes_received:5249 segs_out:15 segs_in:13 data_segs_out:3 data_segs_in:4 send 177.0Mbps lastsnd:61340 lastrcv:60892 lastack:10128 pacing_rate 353.9Mbps delivery_rate 25.7Mbps delivered:4 app_limited busy:4ms retrans:0/1 rcv_space:14600 rcv_ssthresh:64076 minrtt:0.455
ESTAB                         0                              0                                                          10.0.2.15:49124                                                     34.98.75.36:https                        
	 cubic rto:1248 rtt:215.027/255.178 ato:40 mss:1460 pmtu:1500 rcvmss:1460 advmss:1460 cwnd:10 bytes_sent:1083 bytes_acked:1084 bytes_received:4357 segs_out:12 segs_in:12 data_segs_out:6 data_segs_in:5 send 543.2Kbps lastsnd:57496 lastrcv:57496 lastack:57496 pacing_rate 1.1Mbps delivery_rate 61.8Mbps delivered:7 app_limited rcv_space:14600 rcv_ssthresh:64076 minrtt:0.189
ESTAB                         0                              0                                                          10.0.2.15:50376                                                    13.33.179.53:https                        
	 cubic rto:2532 rtt:394.769/514.16 ato:40 mss:1460 pmtu:1500 rcvmss:1460 advmss:1460 cwnd:10 bytes_sent:2838 bytes_acked:2839 bytes_received:61655 segs_out:35 segs_in:60 data_segs_out:7 data_segs_in:47 send 295.9Kbps lastsnd:53788 lastrcv:53096 lastack:1936 pacing_rate 591.7Kbps delivery_rate 41.3Mbps delivered:8 app_limited rcv_space:14600 rcv_ssthresh:64076 minrtt:0.283
ESTAB                         0                              0                                                          10.0.2.15:50748                                                   142.251.12.94:http                         
	 cubic rto:1696 rtt:504.56/297.235 ato:40 mss:1460 pmtu:1500 rcvmss:702 advmss:1460 cwnd:10 bytes_sent:425 bytes_acked:426 bytes_received:702 segs_out:9 segs_in:8 data_segs_out:1 data_segs_in:1 send 231.5Kbps lastsnd:60160 lastrcv:59740 lastack:8848 pacing_rate 463.0Kbps delivery_rate 13.0Mbps delivered:2 app_limited busy:4ms rcv_space:14600 rcv_ssthresh:64076 minrtt:0.897
ESTAB                         0                              0                                                          10.0.2.15:48000                                                    13.33.179.99:https                        
	 cubic rto:2400 rtt:459.955/484.041 ato:40 mss:1460 pmtu:1500 rcvmss:1460 advmss:1460 cwnd:10 bytes_sent:1148 bytes_acked:1149 bytes_received:4247 segs_out:10 segs_in:10 data_segs_out:5 data_segs_in:4 send 253.9Kbps lastsnd:55184 lastrcv:55184 lastack:55184 pacing_rate 507.9Kbps delivery_rate 65.8Mbps delivered:6 app_limited rcv_space:14600 rcv_ssthresh:64076 minrtt:0.318
ESTAB                         0                              0                                                          10.0.2.15:56010                                                   117.18.237.29:http                         

 

14. ss command to display summary statistics

Instead of showing all sockets, -s or --summary command prints the summary statistics of sockets in the output.

ubuntu@golinux:~$ ss -s
Total: 886 (kernel 44942)
TCP:   1189 (estab 254, closed 884, orphaned 0, synrecv 0, timewait 440/0), ports 0

Transport Total     IP        IPv6
*	  44942     -         -        
RAW	  0         0         0        
UDP	  28        24        4        
TCP	  305       293       12       
INET	  333       317       16       
FRAG	  0         0         0

 

15. Display timer information with ss command

-o or --options command shows networking timer information in the output.

$ ss -o

OR

$ ss --options

Sample Output:

Here, we are viewing the timer information of TCP connections. The information are listed under process column.

ubuntu@golinux:~$ ss -ot
State                    Recv-Q                 Send-Q                                       Local Address:Port                                     Peer Address:Port                 Process                                        
ESTAB                    0                      0                                                10.0.2.15:45592                                 172.217.166.110:https                                                               
ESTAB                    0                      0                                                10.0.2.15:39550                                    74.125.24.94:http                  timer:(keepalive,7.136ms,0)                   
ESTAB                    0                      0                                                10.0.2.15:56186                                  74.125.200.119:https                                                                                                          
ESTAB                    0                      0                                                10.0.2.15:45280                                  13.227.254.104:https                 timer:(keepalive,2.848ms,0)                   
ESTAB                    0                      0                                                10.0.2.15:45274                                  13.227.254.104:https                 timer:(keepalive,3.104ms,0)                   
ESTAB                    0                      0                                                10.0.2.15:45278                                  13.227.254.104:https                 timer:(keepalive,2.848ms,0)                   
ESTAB                    0                      0                                                10.0.2.15:44032                                   142.251.10.95:https                                                               

 

16. Display sockets of type Family with ss command

You can use -f or --family option to specify the connection family. It will only display the information of specified family. The supported families are: unix, inet, inet6, link, netlink.

$ ss -f FAMILY

OR

$ ss --family FAMILY

Sample Output:

To view the information of inet, you can use the following command.

ubuntu@golinux:~$ ss -f inet
Netid                 State                 Recv-Q                 Send-Q                                       Local Address:Port                                       Peer Address:Port                   Process                 
udp                   ESTAB                 0                      0                                                10.0.2.15:60244                                    208.67.220.220:domain                                         
udp                   ESTAB                 0                      0                                      192.168.1.78%enp0s8:bootpc                                    192.168.1.254:bootps                                         
udp                   ESTAB                 0                      0                                         10.0.2.15%enp0s3:bootpc                                         10.0.2.2:bootps                                         
tcp                   ESTAB                 0                      0                                                10.0.2.15:47400                                   142.250.182.131:https                                          
tcp                   ESTAB                 0                      0                                                10.0.2.15:55982                                   172.217.163.206:https                                          
tcp                   ESTAB                 0                      0                                                10.0.2.15:53926                                     142.250.4.119:https                                          
tcp                   ESTAB                 0                      0                                                10.0.2.15:35152                                    142.250.193.99:http                                           
tcp                   ESTAB                 0                      0                                                10.0.2.15:60124                                    142.250.196.36:https                                          
tcp                   ESTAB                 0                      0                                                10.0.2.15:39366                                    142.250.182.14:https                                          
tcp                   ESTAB                 0                      0                                                10.0.2.15:45968                                     74.125.24.156:https                                          

17. ss command to close sockets

Using -K or --kill option will forcibly close sockets and print the sockets that are closed. You will need root permission to kill the sockets.

$ sudo ss -K

OR

$ sudo ss --kill

Sample Output:

Here, we are closing all UDP sockets using ss command.

ubuntu@golinux:~$ sudo ss -Kau
State                      Recv-Q                     Send-Q                                         Local Address:Port                                            Peer Address:Port                     Process                     
UNCONN                     0                          0                                                    0.0.0.0:631                                                  0.0.0.0:*                                                    
UNCONN                     0                          0                                                    0.0.0.0:48060                                                0.0.0.0:*                                                    
UNCONN                     27648                      0                                                 127.0.0.53:domain                                               0.0.0.0:*                                                    
UNCONN                     0                          0                                                  10.0.2.15:bootpc                                               0.0.0.0:*                                                    
UNCONN                     0                          0                                               192.168.1.78:bootpc                                               0.0.0.0:*                                                    
UNCONN                     0                          0                                                    0.0.0.0:mdns                                                 0.0.0.0:*                                                    
UNCONN                     0                          0                                                       [::]:mdns                                                    [::]:*                                                    
UNCONN                     0                          0                                                       [::]:38384                                                   [::]:*                                                    

18. Hide header lines in ss command output

-H or --hide option suppresses or hides header line in the output.

$ ss -H

OR

$ ss --hide

Sample Output:

ubuntu@golinux:~$ ss -H
u_str                 ESTAB                  0                      0                                                                              * 30478                                                * 30479                    
u_str                 ESTAB                  0                      0                                                                              * 27464                                                * 27764                    
u_str                 ESTAB                  0                      0                                                    /run/systemd/journal/stdout 27034                                                * 27033                    
u_str                 ESTAB                  0                      0                                                                              * 29882                                                * 29883                    
u_str                 ESTAB                  0                      0                                                                              * 28171                                                * 28172                    
u_str                 ESTAB                  0                      0                                                             /run/user/1000/bus 32782                                                * 32781                    
u_str                 ESTAB                  0                      0                                                           @/tmp/.ICE-unix/1187 30479                                                * 30478                    
u_str                 ESTAB                  0                      0                                                             /run/user/1000/bus 29883                                                * 29882                    
u_str                 ESTAB                  0                      0                                                    /run/systemd/journal/stdout 28169                                                * 28168                    

 

19. Display all established ssh connections

You can use the following command to display all the ESTABLISHED SSH connection to your Linux server

$ ss -o state established '( dport = :ssh or sport = :ssh )'

Sample Output:

Here, we will dump the TCP sockets raw information to a file 'golinux'.

ubuntu@golinux:~$ ss -o state established '( dport = :ssh or sport = :ssh )'
Netid  Recv-Q Send-Q Local Address:Port                 Peer Address:Port                
tcp    0      0      100.73.52.215:ssh                  10.137.222.194:25100                 timer:(keepalive,103min,0)
tcp    0      0      100.73.52.215:ssh                  10.137.222.194:28990                 timer:(keepalive,107min,0)
tcp    0      320    100.73.52.215:ssh                  10.137.222.194:25096                 timer:(on,279ms,0)

 

20. Define the state of the connections with ss command

We can use -o state <STATE> to list connections matching the respective state. The supported STATE values are as below:

  • STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES}
  • TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listen|closing}
  • connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
  • synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
  • bucket := {syn-recv|time-wait}
  • big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listen|closing}

List all connected connections i.e all the states except for listening and closed:

# ss -o state connected | less
Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port                
tcp    TIME-WAIT  0      0      127.0.0.1:44230                127.0.0.1:9250                  timer:(timewait,52sec,0)
tcp    ESTAB      0      0      192.100.8.210:58867                192.100.8.156:60179                
tcp    TIME-WAIT  0      0      127.0.0.1:65432                127.0.0.1:44656                 timer:(timewait,30sec,0)
tcp    TIME-WAIT  0      0      127.0.0.1:65432                127.0.0.1:44906                 timer:(timewait,37sec,0)
tcp    ESTAB      0      0      192.100.8.210:pcsync-https         192.100.8.210:53716                 timer:(keepalive,19sec,0)
tcp    TIME-WAIT  0      0      127.0.0.1:42184                127.0.0.1:9250                  timer:(timewait,1.590ms,0)
tcp    TIME-WAIT  0      0      192.100.8.210:53756                192.100.8.210:9250                  timer:(timewait,31sec,0)

 

Conclusion

That's all for ss command. We hope now you can easily view sockets information using ss command. If you have any confusion, please feel free to ask us in the comment section.

 

What's Next

20 netstat command examples in Linux [Cheat Sheet]

 

Further Reading

man page for ss command

 

Rohan Timalsina

Rohan Timalsina

He is proficient in a wide range of skills, including Page Builder Plugins such as Elementor, Beaver Builder, Visual Composer, and Divi Builder. His expertise extends to Front End Development with HTML5/CSS3, JavaScript, Bootstrap, and React.js. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment