ss-local
Shadowsocks client for local proxying
TLDR
Run a Shadowsocks proxy by specifying the host, server port, local port, password, and encryption method
Run a Shadowsocks proxy by specifying the configuration file
Use a plugin to run the proxy client
Enable TCP fast open
SYNOPSIS
ss [options] [ FILTER ]
PARAMETERS
-h, --help
Show help message and exit.
-V, --version
Show version information and exit.
-n, --numeric
Do not try to resolve service names.
-r, --resolve
Try to resolve numeric address/ports.
-a, --all
Display all sockets.
-l, --listening
Display listening sockets.
-o, --options
Show timer information.
-e, --extended
Show detailed socket information.
-m, --memory
Show socket memory usage.
-p, --processes
Show process using socket.
-i, --info
Show internal TCP information.
-s, --summary
Show summary of socket usage.
-4, --ipv4
Display only IPv4 sockets.
-6, --ipv6
Display only IPv6 sockets.
-0, --unix
Display only UNIX domain sockets.
-t, --tcp
Display only TCP sockets.
-u, --udp
Display only UDP sockets.
-d, --dccp
Display only DCCP sockets.
-w, --raw
Display only RAW sockets.
-x, --unix-all
Display all UNIX domain sockets.
-f, --family=FAMILY
Display sockets of type FAMILY.
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
Allows to filter specific state and expresssion for the socket
DESCRIPTION
The ss command is a powerful utility used to investigate socket statistics. Replacing the older netstat tool in many modern Linux distributions, ss offers improved performance and the ability to display more TCP and state information.
Specifically, ss-local is not a command itself, but represents the usage of ss with filters or options to display information about local sockets. This commonly involves filtering by address, port, or process. The command can show listening and established connections, allowing system administrators to troubleshoot network issues, monitor network activity, and verify that services are operating correctly.
Unlike `netstat`, it uses the TCP connection information provided by the kernel directly. This allows faster gathering of information without the need to contact any process.
CAVEATS
The ss command requires root privileges to display information about sockets owned by other users. Filtering can become complex, requiring a good understanding of socket states and available expressions.
FILTER EXAMPLES
ss with local can be shown by using a FILTER.
'ss -lt sport = :http' to show all TCP listening sockets with source port equals to 80.
'ss -at '( dport = :ssh or sport = :ssh )'' to show all TCP connections that either have dest port or source port 22.
'ss -o state established '( dport > :1024 and dport < :65535 )'' show established connections with dport between 1024 and 65535 with timer information.
HISTORY
ss was created to address performance limitations of netstat, especially on systems with a large number of sockets. Its development has focused on leveraging the kernel's TCP connection information efficiently. It is now the preferred tool for socket statistics in most modern Linux distributions.