Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd, 2017 please sign up again. Thanks!

Using ss instead of netstat to investigate sockets

Discussion in 'Linux Networking' started by Rob, Nov 5, 2018.

Tags:
  1. Rob

    Rob Administrator
    Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    306
    Likes Received:
    789
    If you find yourself looking at networking connections in Linux then you've probably used netstat at some point. It's very useful to list out established connections, find out which ports your server is listening on, etc..

    Well, ss is a similar tool to netstat. Netstat itself even tells us to use ss instead in its man page!
    Code:
    NOTE
           This program is obsolete.  Replacement for netstat is ss.  Replacement for netstat -r is ip route.  Replacement for netstat
           -i is ip -s link.  Replacement for netstat -g is ip maddr.
    To use ss, simply open up a terminal and type it:
    Code:
    ss
    To get some better information out of ss, however, you can give it some options..
    ss [options] [ FILTER ]

    Let's start out by showing 'all'
    Code:
    ss -a
    Wow - that showed quite a bit.. you'll see on the left hand side you have some established connections, time-waits, etc..

    Let's narrow this down a bit.. and only show the ports we're listening on. We'll use -l (listen), -n (numeric ports) and -p (show the process listening).
    Code:
    ss -lnp
    Pretty cool eh? Oh, if you didn't see the processes using the ports, you will need to be root, so put a sudo in front of that last command.

    Show the help screen
    Code:
    ss -h
    Usage: ss [ OPTIONS ]
           ss [ OPTIONS ] [ FILTER ]
       -h, --help        this message
       -V, --version    output version information
       -n, --numeric    don't resolve service names
       -r, --resolve       resolve host names
       -a, --all        display all sockets
       -l, --listening    display listening sockets
       -o, --options       show timer information
       -e, --extended      show detailed socket information
       -m, --memory        show socket memory usage
       -p, --processes    show process using socket
       -i, --info        show internal TCP information
       -s, --summary    show socket usage summary
    
       -4, --ipv4          display only IP version 4 sockets
       -6, --ipv6          display only IP version 6 sockets
       -0, --packet    display PACKET sockets
       -t, --tcp        display only TCP sockets
       -u, --udp        display only UDP sockets
       -d, --dccp        display only DCCP sockets
       -w, --raw        display only RAW sockets
       -x, --unix        display only Unix domain sockets
       -f, --family=FAMILY display sockets of type FAMILY
    
       -A, --query=QUERY, --socket=QUERY
           QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
    
       -D, --diag=FILE    Dump raw information about TCP sockets to FILE
       -F, --filter=FILE   read filter information from FILE
           FILTER := [ state TCP-STATE ] [ EXPRESSION ]
    Let us know how you like it below in the comments!


    (Log in to hide this advertisement)

     
    wizardfromoz and CptCharis like this.

Share This Page