ss
Display network socket statistics
TLDR
Show all TCP/UDP/RAW/UNIX sockets
Filter TCP sockets by states, only/exclude
Show all TCP sockets connected to the local HTTPS port (443)
Show all TCP sockets listening on the local 8080 port
Show all TCP sockets along with processes connected to a remote SSH port
Show all UDP sockets connected on specific source and destination ports
Show all TCP IPv4 sockets locally connected on the subnet 192.168.0.0/16
Kill IPv4 or IPv6 Socket Connection with destination IP 192.168.1.17 and destination port 8080
SYNOPSIS
ss [OPTIONS] [STATE-FILTER] [ADDRESS-FILTER]
PARAMETERS
-h, --help
Displays a help message and exits.
-V, --version
Prints version information and exits.
-n, --numeric
Do not resolve service names. Display port numbers instead of service names.
-a, --all
Display all sockets (default: only connected sockets).
-l, --listening
Display only listening sockets.
-p, --processes
Show process using socket. Requires root privileges for most processes.
-t, --tcp
Display TCP sockets.
-u, --udp
Display UDP sockets.
-x, --unix
Display Unix domain sockets.
-s, --summary
Display summary statistics.
-e, --extended
Show extended socket information (UID, GID, SECLABEL).
-o, --options
Show timer information.
-m, --memory
Show socket memory usage.
-i, --info
Show internal TCP information (e.g., RTT, retransmits).
-r, --resolve
Resolve numeric host addresses and port numbers to their symbolic names.
-4, --ipv4
Display only IPv4 sockets.
-6, --ipv6
Display only IPv6 sockets.
-K, --kill
Attempts to forcibly close sockets. Use with extreme caution! Requires root privileges.
DESCRIPTION
The ss command is a powerful and highly efficient utility for examining network sockets on Linux. It serves as a modern and faster replacement for the traditional netstat command, leveraging the Netlink socket interface in the kernel for superior performance and more detailed information retrieval. ss can display a wealth of information about open sockets, including TCP, UDP, RAW, and Unix domain sockets, along with their states (e.g., ESTABLISHED, LISTEN, TIME-WAIT), associated processes, and various connection details like send/receive queues, timer information, and memory usage. Its design allows it to quickly query kernel space for socket information, making it particularly useful on systems with a large number of connections. Administrators and developers use ss for network troubleshooting, performance monitoring, and security auditing, providing insights into active network connections and listening services.
CAVEATS
Some options, such as displaying process information (-p) or forcefully closing sockets (-K), require root privileges to function correctly. Without appropriate permissions, ss may not show all details or may fail to execute certain actions. While more efficient than netstat, its output can be dense and requires familiarity with networking concepts for full interpretation.
FILTERING SOCKETS
The ss command supports powerful filtering capabilities to narrow down the output. You can filter by state (e.g., ss -t state established), source/destination address and port (e.g., ss -t dst 192.168.1.1:80), or by user/group. This allows for highly specific queries to quickly find relevant connection information.
OUTPUT FIELDS EXPLAINED
Typical output columns include Netid (protocol), State (connection state), Recv-Q (bytes received but not yet read), Send-Q (bytes sent but not yet acknowledged), Local Address:Port, and Peer Address:Port. Understanding these fields is crucial for effective network diagnostics.
HISTORY
The ss command is part of the iproute2 utility suite, which was developed to provide a more robust and efficient set of networking tools for Linux. Unlike older utilities like netstat that parse pseudo-files in /proc/net, ss directly queries the kernel's Netlink socket interface. This design choice grants ss significant performance advantages, especially on systems with a large number of active network connections, and allows it to retrieve more detailed and up-to-date information directly from the kernel. Its development reflects the Linux kernel's evolution towards more modern and efficient interfaces for network management.