Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd, 2017 please sign up again. Thanks!

  1. More ways to get the info! - we shoot all of our new original content out as well as random messages on Twitter and our newsletter!. Twitter | Newsletter
    Dismiss Notice

Using ss instead of netstat to investigate sockets

Discussion in 'Linux Networking' started by Rob, Nov 5, 2018.

  1. Rob

    Rob Administrator
    Staff Member

    Oct 27, 2011
    Likes Received:
    If you find yourself looking at networking connections in Linux then you've probably used netstat at some point. It's very useful to list out established connections, find out which ports your server is listening on, etc..

    Well, ss is a similar tool to netstat. Netstat itself even tells us to use ss instead in its man page!
           This program is obsolete.  Replacement for netstat is ss.  Replacement for netstat -r is ip route.  Replacement for netstat
           -i is ip -s link.  Replacement for netstat -g is ip maddr.
    To use ss, simply open up a terminal and type it:
    To get some better information out of ss, however, you can give it some options..
    ss [options] [ FILTER ]

    Let's start out by showing 'all'
    ss -a
    Wow - that showed quite a bit.. you'll see on the left hand side you have some established connections, time-waits, etc..

    (Log in to hide this advertisement)

    Let's narrow this down a bit.. and only show the ports we're listening on. We'll use -l (listen), -n (numeric ports) and -p (show the process listening).
    ss -lnp
    Pretty cool eh? Oh, if you didn't see the processes using the ports, you will need to be root, so put a sudo in front of that last command.

    Show the help screen
    ss -h
    Usage: ss [ OPTIONS ]
           ss [ OPTIONS ] [ FILTER ]
       -h, --help        this message
       -V, --version    output version information
       -n, --numeric    don't resolve service names
       -r, --resolve       resolve host names
       -a, --all        display all sockets
       -l, --listening    display listening sockets
       -o, --options       show timer information
       -e, --extended      show detailed socket information
       -m, --memory        show socket memory usage
       -p, --processes    show process using socket
       -i, --info        show internal TCP information
       -s, --summary    show socket usage summary
       -4, --ipv4          display only IP version 4 sockets
       -6, --ipv6          display only IP version 6 sockets
       -0, --packet    display PACKET sockets
       -t, --tcp        display only TCP sockets
       -u, --udp        display only UDP sockets
       -d, --dccp        display only DCCP sockets
       -w, --raw        display only RAW sockets
       -x, --unix        display only Unix domain sockets
       -f, --family=FAMILY display sockets of type FAMILY
       -A, --query=QUERY, --socket=QUERY
           QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
       -D, --diag=FILE    Dump raw information about TCP sockets to FILE
       -F, --filter=FILE   read filter information from FILE
           FILTER := [ state TCP-STATE ] [ EXPRESSION ]
    Let us know how you like it below in the comments!
    sseltra, wizardfromoz and CptCharis like this.
  2. hulises

    hulises New Member

    Apr 7, 2019
    Likes Received:
  3. wizardfromoz

    wizardfromoz Super Moderator
    Staff Member Gold Supporter

    Apr 30, 2017
    Likes Received:
    Welcome to linux.org @hulises :)

    Is there a question there?


    Chris Turner
    Rob likes this.

Share This Page