ss

ss

The ss command in Linux is used to display detailed socket statistics. It can be considered a more modern replacement for the older netstat command, providing more detailed and up-to-date information about network connections, routing tables, and interface statistics. Here's a detailed explanation of how to use ss and what information it provides:

Usage of ss

Basic Usage

To use ss, open a terminal and type:

ss

By default, ss displays a list of all sockets (both listening and non-listening) for all protocols, including TCP, UDP, UNIX, and RAW.

Options and Output

ss provides output with different columns representing various socket statistics:

1. Socket Types and States

   • State: State of the socket (LISTEN, ESTAB, etc.)

   • Recv-Q: Receive queue size.

   • Send-Q: Send queue size.

   • Local Address: Local IP address and port number.

   • Peer Address: Remote IP address and port number (if applicable).

   • User: Effective user that owns the socket.

   • Inode: Inode number of the socket.

   Example output:

   State       Recv-Q Send-Q                  Local Address:Port                    Peer Address:Port
   ESTAB       0      0                       192.168.1.100:ssh                       192.168.1.101:12345
   LISTEN      0      0                            0.0.0.0:ssh                                *:*

2. Filtering and Display Options

   • -t: Display TCP sockets.

   • -u: Display UDP sockets.

   • -l: Display listening sockets.

   • -p: Show process using the socket.

   • -n: Show numerical addresses instead of resolving hostnames.

   • -a: Display all sockets.

   Example:

   ss -t         # Display TCP sockets
   ss -u         # Display UDP sockets
   ss -l         # Display listening sockets

3. Detailed Information

   • -i: Display information about network interfaces.

   • -e: Display extended socket information.

   Example:

   ss -i         # Display network interface information
   ss -e         # Display extended socket information

Use Cases

• Network Troubleshooting: ss helps in identifying active connections, checking socket states, and diagnosing network-related issues.

• Real-time Monitoring: Provides real-time monitoring of network connections, including detailed information about sockets and their states.

• Security Auditing: Useful for auditing and monitoring network connections for security purposes.

Conclusion

ss is a powerful command-line tool for displaying detailed socket statistics on Linux systems. It offers more comprehensive and up-to-date information compared to netstat, making it a preferred choice for network monitoring and troubleshooting tasks. By understanding its output and options, administrators and users can effectively monitor network activities, diagnose network problems, and optimize network performance.

help