Introduction to ss command
ss (socket statistics) is a command-line utility to investigate sockets in the Linux system. It displays similar information to netstat command. It can show more TCP and state information.
The ss
command output contains the following column headers.
Netid - It shows the type of sockets. For example, u_str (Unix stream), icmp6, tcp, udp, etc.
State - It shows the state of socket.
- ESTAB: Established connection,
- UNCONN: Unconnected connection,
- LISTEN: Listening connection.
Recv-Q - The count of bytes not copied by the user program connected to this socket.
Send-Q - The count of bytes not acknowledged by the remote host.
Local Address:Port - The address and port of local machine.
Peer Address:Port - The address and port of remote machine.
Process - In this column, you will find additional information when relevant options are used.
Different examples to use ss command
In this article, we have presented the tutorial on how to use ss
command with the most used practical examples.
The general syntax of ss
command is:
$ ss [option]
Some of the important options in ss
command are:
- -a: To display all sockets
- -l: To display only listening sockets
- -t: To display only TCP sockets
- -u: To display only UDP sockets
- -x: To display only UNIX domain sockets
- -m: To display socket memory usage
- -s: To display summary statistics
You can also use ss
without any option to print all connected sockets in the system.
$ ss
Sample Output:
ubuntu@golinux:~$ ss Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process u_str ESTAB 0 0 /run/user/1000/bus 32286 * 32285 u_str ESTAB 0 0 /run/dbus/system_bus_socket 27820 * 27819 u_str ESTAB 0 0 * 27679 * 27680 u_str ESTAB 0 0 /run/dbus/system_bus_socket 26534 * 26533 u_str ESTAB 0 0 /run/systemd/journal/stdout 22990 * 22988 u_str ESTAB 0 0 /run/dbus/system_bus_socket 31777 * 31776 u_str ESTAB 0 0 @/tmp/dbus-u1IT8bo0Vc 31063 * 31062 u_str ESTAB 0 0 * 30462 * 30463
1. Display all connections with ss command
With -a
or --all
option, you can view all the listening and non-listening connections in the system.
$ ss -a
OR
$ ss --all
Sample Output:
ubuntu@golinux:~$ ss -a Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port nl UNCONN 0 0 rtnl:188 * nl UNCONN 0 0 rtnl:systemd/1 * nl UNCONN 0 0 rtnl:-1883482633 * nl UNCONN 0 0 rtnl:-110342965 * nl UNCONN 0 0 rtnl:-608336539 * u_str LISTEN 0 128 /run/containerd/s/313d55a61cdd8acaea2c8d8ff2b56df328a640db6c2b425faa674658e7a536d2 1436162 * 0 u_str LISTEN 0 128 //csi/csi.sock 119081 * 0 u_str LISTEN 0 128 /run/containerd/s/c3e55b9497dd21a0521cbde2096e89f583548cd0c66fdf7e9859ef32f2091dd2 156165 * 0 u_str LISTEN 0 128 /run/containerd/s/6c1803a3db513b7186513468415f18607d2cfc7615ed615926bed379e1ac41f3 130054 * 0 u_str ESTAB 0 0 * 125317 * 120346 u_str ESTAB 0 0 /run/systemd/journal/stdout 21076 * 18881 u_str ESTAB 0 0 /var/run/gluster/61333cd4d8be78a4.socket 38456 * 60512 u_str ESTAB 0 0 * 72738 * 72737 u_str ESTAB 0 0 * 64682 * 63119 u_str ESTAB 0 0 /run/systemd/journal/stdout 22714 * 31570 tcp TIME-WAIT 0 0 127.0.0.1:34428 127.0.0.1:9250 tcp TIME-WAIT 0 0 127.0.0.1:35308 127.0.0.1:9250 tcp TIME-WAIT 0 0 192.100.8.210:44416 192.100.8.210:9250 tcp TIME-WAIT 0 0 192.100.8.210:45708 192.100.8.210:9250
2. Display only listening sockets with ss command
By default, the listening sockets are not shown in the output. To view the listening sockets, you can use -l
or --listening
option.
$ ss -l
OR
$ ss --listening
Sample Output:
ubuntu@golinux:~$ ss -l Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process tcp LISTEN 0 128 192.100.8.210:10250 *:* tcp LISTEN 0 128 192.100.4.199:rfe *:* tcp LISTEN 0 128 127.0.0.1:2379 *:* tcp LISTEN 0 128 192.100.8.210:2379 *:* tcp LISTEN 0 128 127.0.0.1:apollo-relay *:* tcp LISTEN 0 128 192.100.8.210:2380 *:* tcp LISTEN 0 128 192.100.8.210:8879 *:* tcp LISTEN 0 128 *:sunrpc *:*
3. ss command to display all TCP connections
You can use -t
or --tcp
option to filter the output with TCP connections. The following command shows all the TCP connections in the system.
$ ss -at
OR
$ ss -a --tcp
Sample Output:
ubuntu@golinux:~$ ss -at State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:* LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:* LISTEN 0 5 127.0.0.1:ipp 0.0.0.0:* ESTAB 0 0 10.0.2.15:51644 151.101.130.49:https TIME-WAIT 0 0 192.168.1.78%enp0s8:55500 35.232.111.17:http TIME-WAIT 0 0 10.0.2.15:50064 91.189.91.38:http TIME-WAIT 0 0 10.0.2.15%enp0s3:55470 35.232.111.17:http ESTAB 0 0 10.0.2.15:51642 151.101.130.49:https LISTEN 0 128 [::]:ssh [::]:* LISTEN 0 5 [::1]:ipp [::]:*
4. ss command to display all UDP connections
Similarly, you can use -u
or --udp
option to view only UDP connections in the output.
$ ss -au
OR
$ ss -a --udp
Sample Output:
ubuntu@golinux:~$ ss -au State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 100.73.52.215:51735 10.254.0.10:domain ESTAB 0 0 100.73.52.215:52197 10.254.0.10:domain ESTAB 0 0 100.73.52.215:53170 10.254.0.10:domain ESTAB 0 0 100.73.52.215:59568 10.254.0.10:domain ESTAB 0 0 100.73.52.215:60038 10.254.0.10:domain ESTAB 0 0 100.73.52.215:60421 10.254.0.10:domain UNCONN 0 0 *:30086 *:*
5. Display Listening TCP and UDP sockets
If you want to view the listening TCP and UDP sockets in the system, you can use the following command.
$ ss -ltu
Sample Output:
ubuntu@golinux:~$ ss -ltu Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 *:30086 *:* udp UNCONN 0 0 192.100.8.210:domain *:* udp UNCONN 0 0 *:bootpc *:* udp UNCONN 0 0 *:iris-xpcs *:* udp UNCONN 0 0 [::]:sunrpc [::]:* udp UNCONN 0 0 [::]:ntp [::]:* udp UNCONN 0 0 [::1]:323 [::]:* udp UNCONN 0 0 [::]:iris-xpcs [::]:* tcp LISTEN 0 128 127.0.0.1:44899 *:* tcp LISTEN 0 128 192.100.4.199:49155 *:* tcp LISTEN 0 128 127.0.0.1:10248 *:* tcp LISTEN 0 128 192.100.4.199:commplex-main *:* tcp LISTEN 0 128 127.0.0.1:10249 *:* tcp LISTEN 0 128 192.100.4.199:commplex-link *:*
6. Display only UNIX domain sockets using ss command
You can use -x
or --unix
option to display only UNIX domain sockets in the system.
$ ss -x
OR
$ ss --unix
Sample Output:
ubuntu@golinux:~$ ss -x Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 /run/containerd/s/6ecc8bebd952aa3dffb43b2d6596622c5b5deb6474ca97a0ada64eef34123104 1532888 * 1535688 u_str ESTAB 0 0 /run/containerd/s/ec4b93efe2014f5ca4d96b966322346493d165cbbc55586249935fc128cf4f88 117919 * 119857 u_str ESTAB 0 0 * 138899 * 122853 u_str ESTAB 0 0 /run/containerd/s/b57f8a6c634d9295e37fd52c4deef81f322c792ffda8836064b1e1b8f5a33fac 132456 * 123339 u_str ESTAB 0 0 /var/run/docker.sock 66624 * 64459 u_str ESTAB 0 0 /run/containerd/containerd.sock 28549 * 1630 u_str ESTAB 0 0 * 25143 * 28206 u_str ESTAB 0 0 * 125317 * 120346 u_str ESTAB 0 0 /run/systemd/journal/stdout 21076 * 18881 u_str ESTAB 0 0 /var/run/gluster/61333cd4d8be78a4.socket 38456 * 60512 u_str ESTAB 0 0 * 72738 * 72737 u_str ESTAB 0 0 * 64682 * 63119 u_str ESTAB 0 0 /run/systemd/journal/stdout 22714 * 31570
7. Display all IPv4 sockets with ss command
You can use -4
or --ipv4
option with to list IPv4 sockets in the system.
$ ss -a4
OR
$ ss -a --ipv4
Sample Output:
ubuntu@golinux:~$ ss -a4 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp ESTAB 0 0 100.73.52.215:51735 10.254.0.10:domain udp ESTAB 0 0 100.73.52.215:52150 10.171.8.5:domain udp ESTAB 0 0 100.73.52.215:52197 10.254.0.10:domain udp ESTAB 0 0 100.73.52.215:53170 10.254.0.10:domain udp ESTAB 0 0 100.73.52.215:32854 10.254.0.10:domain tcp LISTEN 0 128 127.0.0.1:44899 *:* tcp LISTEN 0 128 192.100.4.199:49155 *:* tcp LISTEN 0 128 192.100.4.199:49156 *:* tcp LISTEN 0 128 192.100.4.199:24007 *:* tcp LISTEN 0 128 127.0.0.1:10248 *:*
8. Display all IPv6 sockets with ss command
You can use -6
or --ipv6
option with to list IPv4 sockets in the system.
$ ss -a6
OR
$ ss -a --ipv6
Sample Output:
ubuntu@golinux:~$ ss -a6 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 [::]:sunrpc [::]:* udp UNCONN 0 0 [::]:ntp [::]:* udp UNCONN 0 0 [::1]:323 [::]:* udp UNCONN 0 0 [::]:iris-xpcs [::]:* tcp LISTEN 0 128 [::]:xmltec-xmlmail [::]:* tcp LISTEN 0 128 [::]:10251 [::]:* tcp LISTEN 0 128 [::]:fs-mgmt [::]:* tcp TIME-WAIT 0 0 [::ffff:127.0.0.1]:10251 [::ffff:127.0.0.1]:52426 tcp TIME-WAIT 0 0 [::ffff:192.100.8.210]:fs-mgmt [::ffff:192.100.8.210]:47126 tcp TIME-WAIT 0 0 [::ffff:127.0.0.1]:10251 [::ffff:127.0.0.1]:52082 tcp TIME-WAIT 0 0 [::ffff:127.0.0.1]:10251 [::ffff:127.0.0.1]:52784 tcp TIME-WAIT 0 0 [::ffff:127.0.0.1]:10251 [::ffff:127.0.0.1]:50830
9. ss command to show host names
-r
or --resolve
option shows names instead of numerical address for host or port.
$ ss -r
OR
$ ss --resolve
Sample Output:
ubuntu@golinux:~$ ss -tar Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp ESTAB 0 0 ubuntu-server:60038 kube-dns.kube-system.svc.cluster.local:domain udp ESTAB 0 0 ubuntu-server:34649 kube-dns.kube-system.svc.cluster.local:domain udp ESTAB 0 0 ubuntu-server:35116 kube-dns.kube-system.svc.cluster.local:domain udp ESTAB 0 0 ubuntu-server:41845 kube-dns.kube-system.svc.cluster.local:domain udp ESTAB 0 0 ubuntu-server:44778 kube-dns.kube-system.svc.cluster.local:domain tcp ESTAB 0 0 ubuntu-server.storage.bcmt:49156 192.100.4.235:49147 tcp ESTAB 0 0 ubuntu-server.storage.bcmt:49156 192.100.4.213:49147 tcp ESTAB 0 0 ubuntu-server:53500 ubuntu-server:2379 tcp ESTAB 0 0 ubuntu-server:53330 ubuntu-server:2379 tcp ESTAB 0 0 ubuntu-server:53360 ubuntu-server:2379 tcp ESTAB 0 0 ubuntu-server:60179 192.100.8.235:49137 tcp ESTAB 0 0 ubuntu-server:53494 ubuntu-server:2379 tcp ESTAB 0 0 ubuntu-server:60179 192.100.8.221:52911 tcp ESTAB 0 0 ubuntu-server:53132 ubuntu-server:2379
10. Show detailed socket information with ss command
You can use -e
or --extended
option to display detailed socket information in the output.
$ ss -e
OR
$ ss --extended
Sample Output:
ubuntu@golinux:~$ ss -e tcp ESTAB 0 0 192.100.4.199:49156 192.100.4.235:49147 timer:(keepalive,5.090ms,0) ino:31068267 sk:163 <-> tcp ESTAB 0 0 192.100.4.199:49156 192.100.4.213:49147 timer:(keepalive,12sec,0) ino:31068258 sk:164 <-> tcp ESTAB 0 0 192.100.8.210:53500 192.100.8.210:2379 timer:(keepalive,11sec,0) uid:65534 ino:78669 sk:165 <-> tcp ESTAB 0 0 192.100.8.210:53330 192.100.8.210:2379 timer:(keepalive,8.282ms,0) uid:65534 ino:77396 sk:166 <-> tcp ESTAB 0 0 192.100.8.210:53360 192.100.8.210:2379 timer:(keepalive,4.055ms,0) uid:65534 ino:74341 sk:167 <-> tcp ESTAB 0 0 192.100.8.210:60179 192.100.8.235:49137 ino:65043 sk:168 <-> tcp ESTAB 0 0 192.100.8.210:53494 192.100.8.210:2379 timer:(keepalive,9.306ms,0) uid:65534 ino:76068 sk:169 <-> tcp ESTAB 0 0 192.100.8.210:60179 192.100.8.221:52911 ino:65056 sk:16a <-> tcp ESTAB 0 0 192.100.8.210:53132 192.100.8.210:2379 timer:(keepalive,2.058ms,0) ino:72475 sk:16b <-> tcp ESTAB 0 0 192.100.8.210:55484 192.100.8.210:2379 timer:(keepalive,11sec,0) uid:65534 ino:138110 sk:16c <-> tcp ESTAB 0 0 192.100.4.199:49139 192.100.4.199:24007 timer:(keepalive,10sec,0) ino:20301 sk:16d <-> tcp ESTAB 0 0 192.100.8.210:53442 192.100.8.210:2379 timer:(keepalive,4.789ms,0) uid:65534 ino:76066 sk:16e <-> tcp ESTAB 0 0 192.100.8.210:42904 192.106.213.23:6800 ino:49282204 sk:8d7 <-> tcp ESTAB 0 0 192.100.4.199:49142 192.100.4.172:49152 timer:(keepalive,7.810ms,0) ino:22249 sk:16f <->
11. Display memory usage with ss command
With -m
or --memory
option, ss
shows the socket memory usage in the system.
$ ss -m
OR
$ ss --memory
Sample Output:
ubuntu@golinux:~$ ss -m Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 /run/user/1000/bus 32286 * 32285 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 /run/dbus/system_bus_socket 27820 * 27819 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 * 27679 * 27680 skmem:(r0,rb212992,t0,tb425984,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 /run/dbus/system_bus_socket 26534 * 26533 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 /run/systemd/journal/stdout 22990 * 22988 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 /run/dbus/system_bus_socket 31777 * 31776 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 @/tmp/dbus-u1IT8bo0Vc 31063 * 31062 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 * 30462 * 30463 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 /run/user/1000/bus 28719 * 28718 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 * 20709 * 22763 skmem:(r0,rb425984,t0,tb425984,f0,w0,o0,bl0,d0)
12. ss command to display processes that are using socket
-p
or --processes
option shows processes that are using the socket.
$ ss -p
OR
$ ss --processes
Sample Output:
You can see the details in the Process column.
buntu@golinux:~$ ss -p Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp ESTAB 0 0 192.100.8.210:53466 192.100.8.210:2379 users:(("kube-apiserver",pid=12153,fd=57)) tcp ESTAB 0 0 192.100.8.210:41434 192.100.8.210:2379 users:(("kube-apiserver",pid=12153,fd=125)) tcp ESTAB 0 0 100.73.52.215:53436 10.254.0.1:https users:(("kube-controller",pid=17831,fd=7)) tcp ESTAB 0 0 192.100.8.210:54522 192.100.8.210:2379 users:(("kube-apiserver",pid=12153,fd=92)) tcp ESTAB 0 0 192.100.8.210:53472 192.100.8.210:2379 users:(("kube-apiserver",pid=12153,fd=60)) tcp ESTAB 0 0 192.100.4.199:49150 192.100.4.172:24007 users:(("glusterd",pid=3763,fd=30)) tcp ESTAB 0 0 192.100.8.210:pcsync-https 192.100.8.190:38615 users:(("kube-apiserver",pid=12153,fd=94))
13. Display internal TCP information using ss command
You can use -i
or --info
option to view the internal TCP information.
$ ss -i
OR
$ ss --info
Sample Output:
ubuntu@golinux:~$ ss -it State Recv-Q Send-Q Local Address:Port Peer Address:Port Process ESTAB 0 0 10.0.2.15:51430 34.107.221.82:http cubic rto:204 rtt:0.375/0.2 ato:40 mss:1460 pmtu:1500 rcvmss:536 advmss:1460 cwnd:10 bytes_sent:598 bytes_acked:599 bytes_received:604 segs_out:12 segs_in:10 data_segs_out:2 data_segs_in:2 send 311.5Mbps lastsnd:5244 lastrcv:5164 lastack:5244 pacing_rate 622.1Mbps delivery_rate 34.5Mbps delivered:3 app_limited retrans:0/1 rcv_space:14600 rcv_ssthresh:64076 minrtt:0.339 ESTAB 0 0 10.0.2.15:39130 13.33.146.124:https cubic rto:204 rtt:0.66/0.283 ato:40 mss:1460 pmtu:1500 rcvmss:1425 advmss:1460 cwnd:10 bytes_sent:942 bytes_acked:943 bytes_received:5249 segs_out:15 segs_in:13 data_segs_out:3 data_segs_in:4 send 177.0Mbps lastsnd:61340 lastrcv:60892 lastack:10128 pacing_rate 353.9Mbps delivery_rate 25.7Mbps delivered:4 app_limited busy:4ms retrans:0/1 rcv_space:14600 rcv_ssthresh:64076 minrtt:0.455 ESTAB 0 0 10.0.2.15:49124 34.98.75.36:https cubic rto:1248 rtt:215.027/255.178 ato:40 mss:1460 pmtu:1500 rcvmss:1460 advmss:1460 cwnd:10 bytes_sent:1083 bytes_acked:1084 bytes_received:4357 segs_out:12 segs_in:12 data_segs_out:6 data_segs_in:5 send 543.2Kbps lastsnd:57496 lastrcv:57496 lastack:57496 pacing_rate 1.1Mbps delivery_rate 61.8Mbps delivered:7 app_limited rcv_space:14600 rcv_ssthresh:64076 minrtt:0.189 ESTAB 0 0 10.0.2.15:50376 13.33.179.53:https cubic rto:2532 rtt:394.769/514.16 ato:40 mss:1460 pmtu:1500 rcvmss:1460 advmss:1460 cwnd:10 bytes_sent:2838 bytes_acked:2839 bytes_received:61655 segs_out:35 segs_in:60 data_segs_out:7 data_segs_in:47 send 295.9Kbps lastsnd:53788 lastrcv:53096 lastack:1936 pacing_rate 591.7Kbps delivery_rate 41.3Mbps delivered:8 app_limited rcv_space:14600 rcv_ssthresh:64076 minrtt:0.283 ESTAB 0 0 10.0.2.15:50748 142.251.12.94:http cubic rto:1696 rtt:504.56/297.235 ato:40 mss:1460 pmtu:1500 rcvmss:702 advmss:1460 cwnd:10 bytes_sent:425 bytes_acked:426 bytes_received:702 segs_out:9 segs_in:8 data_segs_out:1 data_segs_in:1 send 231.5Kbps lastsnd:60160 lastrcv:59740 lastack:8848 pacing_rate 463.0Kbps delivery_rate 13.0Mbps delivered:2 app_limited busy:4ms rcv_space:14600 rcv_ssthresh:64076 minrtt:0.897 ESTAB 0 0 10.0.2.15:48000 13.33.179.99:https cubic rto:2400 rtt:459.955/484.041 ato:40 mss:1460 pmtu:1500 rcvmss:1460 advmss:1460 cwnd:10 bytes_sent:1148 bytes_acked:1149 bytes_received:4247 segs_out:10 segs_in:10 data_segs_out:5 data_segs_in:4 send 253.9Kbps lastsnd:55184 lastrcv:55184 lastack:55184 pacing_rate 507.9Kbps delivery_rate 65.8Mbps delivered:6 app_limited rcv_space:14600 rcv_ssthresh:64076 minrtt:0.318 ESTAB 0 0 10.0.2.15:56010 117.18.237.29:http
14. ss command to display summary statistics
Instead of showing all sockets, -s
or --summary
command prints the summary statistics of sockets in the output.
ubuntu@golinux:~$ ss -s
Total: 886 (kernel 44942)
TCP: 1189 (estab 254, closed 884, orphaned 0, synrecv 0, timewait 440/0), ports 0
Transport Total IP IPv6
* 44942 - -
RAW 0 0 0
UDP 28 24 4
TCP 305 293 12
INET 333 317 16
FRAG 0 0 0
15. Display timer information with ss command
-o
or --options
command shows networking timer information in the output.
$ ss -o
OR
$ ss --options
Sample Output:
Here, we are viewing the timer information of TCP connections. The information are listed under process column.
ubuntu@golinux:~$ ss -ot State Recv-Q Send-Q Local Address:Port Peer Address:Port Process ESTAB 0 0 10.0.2.15:45592 172.217.166.110:https ESTAB 0 0 10.0.2.15:39550 74.125.24.94:http timer:(keepalive,7.136ms,0) ESTAB 0 0 10.0.2.15:56186 74.125.200.119:https ESTAB 0 0 10.0.2.15:45280 13.227.254.104:https timer:(keepalive,2.848ms,0) ESTAB 0 0 10.0.2.15:45274 13.227.254.104:https timer:(keepalive,3.104ms,0) ESTAB 0 0 10.0.2.15:45278 13.227.254.104:https timer:(keepalive,2.848ms,0) ESTAB 0 0 10.0.2.15:44032 142.251.10.95:https
16. Display sockets of type Family with ss command
You can use -f
or --family
option to specify the connection family. It will only display the information of specified family. The supported families are: unix, inet, inet6, link, netlink.
$ ss -f FAMILY
OR
$ ss --family FAMILY
Sample Output:
To view the information of inet, you can use the following command.
ubuntu@golinux:~$ ss -f inet Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process udp ESTAB 0 0 10.0.2.15:60244 208.67.220.220:domain udp ESTAB 0 0 192.168.1.78%enp0s8:bootpc 192.168.1.254:bootps udp ESTAB 0 0 10.0.2.15%enp0s3:bootpc 10.0.2.2:bootps tcp ESTAB 0 0 10.0.2.15:47400 142.250.182.131:https tcp ESTAB 0 0 10.0.2.15:55982 172.217.163.206:https tcp ESTAB 0 0 10.0.2.15:53926 142.250.4.119:https tcp ESTAB 0 0 10.0.2.15:35152 142.250.193.99:http tcp ESTAB 0 0 10.0.2.15:60124 142.250.196.36:https tcp ESTAB 0 0 10.0.2.15:39366 142.250.182.14:https tcp ESTAB 0 0 10.0.2.15:45968 74.125.24.156:https
17. ss command to close sockets
Using -K
or --kill
option will forcibly close sockets and print the sockets that are closed. You will need root permission to kill the sockets.
$ sudo ss -K
OR
$ sudo ss --kill
Sample Output:
Here, we are closing all UDP sockets using ss command.
ubuntu@golinux:~$ sudo ss -Kau State Recv-Q Send-Q Local Address:Port Peer Address:Port Process UNCONN 0 0 0.0.0.0:631 0.0.0.0:* UNCONN 0 0 0.0.0.0:48060 0.0.0.0:* UNCONN 27648 0 127.0.0.53:domain 0.0.0.0:* UNCONN 0 0 10.0.2.15:bootpc 0.0.0.0:* UNCONN 0 0 192.168.1.78:bootpc 0.0.0.0:* UNCONN 0 0 0.0.0.0:mdns 0.0.0.0:* UNCONN 0 0 [::]:mdns [::]:* UNCONN 0 0 [::]:38384 [::]:*
18. Hide header lines in ss command output
-H
or --hide
option suppresses or hides header line in the output.
$ ss -H
OR
$ ss --hide
Sample Output:
ubuntu@golinux:~$ ss -H u_str ESTAB 0 0 * 30478 * 30479 u_str ESTAB 0 0 * 27464 * 27764 u_str ESTAB 0 0 /run/systemd/journal/stdout 27034 * 27033 u_str ESTAB 0 0 * 29882 * 29883 u_str ESTAB 0 0 * 28171 * 28172 u_str ESTAB 0 0 /run/user/1000/bus 32782 * 32781 u_str ESTAB 0 0 @/tmp/.ICE-unix/1187 30479 * 30478 u_str ESTAB 0 0 /run/user/1000/bus 29883 * 29882 u_str ESTAB 0 0 /run/systemd/journal/stdout 28169 * 28168
19. Display all established ssh connections
You can use the following command to display all the ESTABLISHED SSH connection to your Linux server
$ ss -o state established '( dport = :ssh or sport = :ssh )'
Sample Output:
Here, we will dump the TCP sockets raw information to a file 'golinux'.
ubuntu@golinux:~$ ss -o state established '( dport = :ssh or sport = :ssh )' Netid Recv-Q Send-Q Local Address:Port Peer Address:Port tcp 0 0 100.73.52.215:ssh 10.137.222.194:25100 timer:(keepalive,103min,0) tcp 0 0 100.73.52.215:ssh 10.137.222.194:28990 timer:(keepalive,107min,0) tcp 0 320 100.73.52.215:ssh 10.137.222.194:25096 timer:(on,279ms,0)
20. Define the state of the connections with ss command
We can use -o state <STATE>
to list connections matching the respective state. The supported STATE values are as below:
- STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES}
- TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listen|closing}
- connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
- synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
- bucket := {syn-recv|time-wait}
- big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listen|closing}
List all connected connections i.e all the states except for listening and closed:
# ss -o state connected | less Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp TIME-WAIT 0 0 127.0.0.1:44230 127.0.0.1:9250 timer:(timewait,52sec,0) tcp ESTAB 0 0 192.100.8.210:58867 192.100.8.156:60179 tcp TIME-WAIT 0 0 127.0.0.1:65432 127.0.0.1:44656 timer:(timewait,30sec,0) tcp TIME-WAIT 0 0 127.0.0.1:65432 127.0.0.1:44906 timer:(timewait,37sec,0) tcp ESTAB 0 0 192.100.8.210:pcsync-https 192.100.8.210:53716 timer:(keepalive,19sec,0) tcp TIME-WAIT 0 0 127.0.0.1:42184 127.0.0.1:9250 timer:(timewait,1.590ms,0) tcp TIME-WAIT 0 0 192.100.8.210:53756 192.100.8.210:9250 timer:(timewait,31sec,0)
Conclusion
That's all for ss
command. We hope now you can easily view sockets information using ss
command. If you have any confusion, please feel free to ask us in the comment section.
What's Next
20 netstat command examples in Linux [Cheat Sheet]
Further Reading