The ss command in Linux is a powerful tool used to investigate network sockets and gather detailed information about network connections. It is commonly employed by system administrators, network engineers, and security professionals to analyze and troubleshoot network issues. This article will explore what the ss command is, its syntax, and how to use it effectively.
What is the ss Command?
The ss (Socket Statictics) command is a utility in Linux and Unix-like operating systems for displaying information about network connections, listening sockets, and related networking statistics. It is often seen as a faster and more efficient alternative to the older netstat command, offering the same functionality with enhanced performance.
The primary function of ss is to display active socket connections, providing detailed information about TCP, UDP, and UNIX domain sockets. This data can include information about local and remote addresses, port numbers, connection states, and process IDs.
Key Features of the ss Command
- Faster than netstat: One of the key advantages of ss over netstat is its speed. While netstat can sometimes be slow to display information, especially on systems with many connections, ss is optimized to handle large volumes of data more efficiently.
- Detailed Output: The ss command provides detailed information about network connections, including the state of each connection (e.g., ESTABLISHED, LISTEN), the PID/Program name associated with the connection, and more.
- Support for Different Protocols: ss supports multiple protocols, including TCP, UDP, UNIX domain sockets, and more. It can also filter by specific connection states, making it versatile for troubleshooting different types of network problems.
Basic Syntax:
ss [options] [filter]- options: These are flags that control the type and format of the output.
- filter: You can specify filters such as connection states, ports, or protocols to refine the results.
Examples of Using the ss Command
1.Display All Active Connections:
ss -tuln- -t: Show TCP sockets.
- -u: Show UDP sockets.
- -l: Display listening sockets.
- -n: Display numeric addresses and port numbers.
2.Show TCP and Udp Connections:
# list all tcp connection
ss -at
# list all the listening tcp connection
ss -lt
# list only TCP connections that are in the "ESTABLISHED" state
ss -tn state established
# list all udp connection
ss -au
# list all the listening tcp connection
ss -lu- -t: Show TCP sockets.
- state established: Filter for established connections.
3,Display Process Information:
# List the procss id and port number & ip address runnnig tcp and udp in listening mode
ss -tulnp
# List the process id runnig tcp
ss -pt
# List the process id runnig udp
ss -pu- -p: Show the process ID and program name associated with each socket.
4. List Connections to a Specific IP Address
# To show connections to a specific destination address
ss dst <ip-address>
# To test this on locally
nc -u <ip address> 5000
# To show connections to a specific source address
ss src <ip-address>
# port based filtering
ss dst :<port>
# filter based on https
ss dst :https5. List all listening and non-listening connections
# list all the connection
ss -a
# To display only listening sockets
ss -l
# List TCP Connection
ss -t
# List Unix Sockets
ss -x
# List Raw Socket
ss -w
6. List the summary
ss -sConclusion
The ss command is an essential tool for anyone working with Linux networking, offering a quick and efficient way to monitor and troubleshoot network connections. Whether you’re an administrator investigating network performance, a security professional auditing open ports, or just a curious user wanting to understand what’s going on under the hood, ss is an invaluable command to have in your toolkit. By mastering ss, you’ll gain deeper insights into the status and behavior of your system’s network connections.
