This article covers the usage of the ss command with some straightforward examples. All the commands shown in this article were executed on the Ubuntu 20.04 distribution to check the statistics of socket and network connections.
Example 1: List Network Connection Using ss Command
You can easily list all network connections present in a system, including TCP, UDP, and UNIX socket connections, using the following ss command. The output is displayed in “less” format so that you can scroll through the output window:
Example 2: List TCP, UDP, & Unix Socket Connections
You can also filter out the TCP, UDP, and UNIX socket connections using the following options:
Using only the “t” option displays connections that are ‘Connected’ or ‘Established.’ This option alone does not show you the TCP socket connections that are ‘Listening.’
For TCP, use the ‘-t’ option, along with the ‘-A’ tag.
For UDP connections, use the following command:
The ‘a’ option displays both ‘Connected’ and ‘Listening’ sockets. UDP is a connectionless protocol, so using ‘ss -u’ alone will not display anything. However, the ‘a’ can be used to show all UDP connections.
For Unix socket connections, use the following command:
Example 3: Display Faster Output
The “n” option used with ‘t’ prevents socket statistics from resolving IP addresses to hostnames and displays the faster output, as follows:
Example 4: Display Listening Sockets Only
You can also display only the TCP socket connections that are listening. The “n” option ignores resolving the hostnames of the IP address to display the output more quickly.
For all UDP listening connections, replace the ‘t’ option with the ‘u’ option, as follows:
Example 5: Display Process Name with pid
You can display the process name, along with the pid of each process, using the following ss command with the ‘-ltp’ option:
Example 6: Display Statistics
The use of the ‘s’ option with the ss command displays the complete statistics, as follows:
Example 7: Display Timer Details of Connection
By using the ‘-o’ option with the ss command, you can display the time information of each connection. The time details inform the user how long this connection has been maintained:
Example 8: Print IPV6 or IPV4 Socket Connection
To print the IPv4 socket connections only, use the ‘-4’ option with ‘-f inet,’ as follows:
For IPV6, use the ‘-6’ option or ‘-f inet.’
Example 9: Filter TCP Connections by State
You can also filter connections by connection state with the ss command. Connections can exist in various states, such as established, syn-recv, syn-sent, fin-wait-1, fin-wait-2, time-wait, close-wait, closed, all, last-ack, closing, connected, bucket, synchronized, and bucket.
So, according to the user requirements, you can use and filter any connection state by running the following command:
$ ss -t4 state established
In the above example, we filtered all ‘established’ socket connections of TCP.
Example 10: Filter Address by Port Number
You can also filter the connection by the port number or by a specified IP address, as follows:
Conclusion
This article explored the various uses of the ss command. The ss command is the best alternative for the netstat command, as you have seen in this tutorial. Using the above examples, you can easily monitor system sockets and network connections.
