Using ss instead of netstat to investigate sockets

Rob

Administrator
Staff member
Joined
Oct 27, 2011
Messages
1,210
Reaction score
2,240
Credits
3,485
If you find yourself looking at networking connections in Linux then you've probably used netstat at some point. It's very useful to list out established connections, find out which ports your server is listening on, etc..

Well, ss is a similar tool to netstat. Netstat itself even tells us to use ss instead in its man page!
Code:
NOTE
       This program is obsolete.  Replacement for netstat is ss.  Replacement for netstat -r is ip route.  Replacement for netstat
       -i is ip -s link.  Replacement for netstat -g is ip maddr.

To use ss, simply open up a terminal and type it:
Code:
ss

To get some better information out of ss, however, you can give it some options..
ss [options] [ FILTER ]

Let's start out by showing 'all'
Code:
ss -a

Wow - that showed quite a bit.. you'll see on the left hand side you have some established connections, time-waits, etc..

Let's narrow this down a bit.. and only show the ports we're listening on. We'll use -l (listen), -n (numeric ports) and -p (show the process listening).
Code:
ss -lnp

Pretty cool eh? Oh, if you didn't see the processes using the ports, you will need to be root, so put a sudo in front of that last command.

Show the help screen
Code:
ss -h
Usage: ss [ OPTIONS ]
       ss [ OPTIONS ] [ FILTER ]
   -h, --help        this message
   -V, --version    output version information
   -n, --numeric    don't resolve service names
   -r, --resolve       resolve host names
   -a, --all        display all sockets
   -l, --listening    display listening sockets
   -o, --options       show timer information
   -e, --extended      show detailed socket information
   -m, --memory        show socket memory usage
   -p, --processes    show process using socket
   -i, --info        show internal TCP information
   -s, --summary    show socket usage summary

   -4, --ipv4          display only IP version 4 sockets
   -6, --ipv6          display only IP version 6 sockets
   -0, --packet    display PACKET sockets
   -t, --tcp        display only TCP sockets
   -u, --udp        display only UDP sockets
   -d, --dccp        display only DCCP sockets
   -w, --raw        display only RAW sockets
   -x, --unix        display only Unix domain sockets
   -f, --family=FAMILY display sockets of type FAMILY

   -A, --query=QUERY, --socket=QUERY
       QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]

   -D, --diag=FILE    Dump raw information about TCP sockets to FILE
   -F, --filter=FILE   read filter information from FILE
       FILTER := [ state TCP-STATE ] [ EXPRESSION ]

Let us know how you like it below in the comments!
 


Welcome to linux.org @hulises :)

Is there a question there?

Cheers

Chris Turner
wizardfromoz
 
  • Like
Reactions: Rob

Members online


Top