ss

ss

The ss command in Linux is used to display detailed socket statistics. It can be considered a more modern replacement for the older netstat command, providing more detailed and up-to-date information about network connections, routing tables, and interface statistics. Here's a detailed explanation of how to use ss and what information it provides:

Usage of ss

Basic Usage

To use ss, open a terminal and type:

ss

By default, ss displays a list of all sockets (both listening and non-listening) for all protocols, including TCP, UDP, UNIX, and RAW.

Options and Output

ss provides output with different columns representing various socket statistics:

  1. Socket Types and States

    • State: State of the socket (LISTEN, ESTAB, etc.)

    • Recv-Q: Receive queue size.

    • Send-Q: Send queue size.

    • Local Address: Local IP address and port number.

    • Peer Address: Remote IP address and port number (if applicable).

    • User: Effective user that owns the socket.

    • Inode: Inode number of the socket.

    Example output:

    State       Recv-Q Send-Q                  Local Address:Port                    Peer Address:Port
ESTAB       0      0                       192.168.1.100:ssh                       192.168.1.101:12345
LISTEN      0      0                            0.0.0.0:ssh                                *:*

  2. Filtering and Display Options

    • -t: Display TCP sockets.

    • -u: Display UDP sockets.

    • -l: Display listening sockets.

    • -p: Show process using the socket.

    • -n: Show numerical addresses instead of resolving hostnames.

    • -a: Display all sockets.

    Example:

    ss -t         # Display TCP sockets
ss -u         # Display UDP sockets
ss -l         # Display listening sockets

  3. Detailed Information

    • -i: Display information about network interfaces.

    • -e: Display extended socket information.

    Example:

    ss -i         # Display network interface information
ss -e         # Display extended socket information

Use Cases

  • Network Troubleshooting: ss helps in identifying active connections, checking socket states, and diagnosing network-related issues.

  • Real-time Monitoring: Provides real-time monitoring of network connections, including detailed information about sockets and their states.

  • Security Auditing: Useful for auditing and monitoring network connections for security purposes.

Conclusion

ss is a powerful command-line tool for displaying detailed socket statistics on Linux systems. It offers more comprehensive and up-to-date information compared to netstat, making it a preferred choice for network monitoring and troubleshooting tasks. By understanding its output and options, administrators and users can effectively monitor network activities, diagnose network problems, and optimize network performance.

help

PrevioussplitNextssh-add

Last updated