In this post we will learn how to use ss command, which can give you a lot of useful socket related information. ss comes pre-installed with all modern popular Linux distributions. We will go through several examples, so you could easily modify them and get the desired result. I will be using Ubuntu 18.04 for demo purposes.
Example 1. Show all established connections.
The most basic command format is just ss without any options. It will list all established connections.
To list all sockets (TCP, UDP and Unix) in all states use -a option. The command will be:
Example 2. Show all listening sockets.
The ss command does not list listening sockets by default. We need to use -l option to list them. We can combine this option with other options, like -t (for tcp) or -u (for udp).
The following command will list all listening TCP sockets:
The next command displays all listening UDP sockets:
Example 3. Show processes using the sockets.
It is also possible to show the processes which own the sockets. Use -p option for this. Let’s find the TCP sockets in established state with their corresponding processes:
Example 4. List IPv4 or IPv6 sockets.
There are two options -4 and -6 which allow us to only list IPv4 or IPv6 sockets, respectively.
The following command lists all IPv4 sockets:
This command displays all IPv6 sockets:
Example 5. Display Unix Domain sockets.
To list all Unix domain sockets use options -ax:
Example 6. Filter by port number.
It is possible to use filter to limit output to some specific ports or port range.
The following port filters are available: dport (destination port) or sport (source port), followed by the condition keywords.
Condition keywords are listed below:
eq – equal to
ne – not equal to
gt – greater than
lt – less than
ge – greater than or equal to
le – less than or equal to
Condition keyword should be followed by the number, for example le 100 or gt 500.
ss -tl sport gt 1000 (listening TCP sockets with source port greater than 1000)
ss -t dport eq 443 (established TCP sockets with destination port equal to 443)
ss -lt sport le 100 (listening TCP sockets with source port less than or equal to 100)
Example 7. Filter by TCP connection state
It is also possible to filter output based on TCP connection states.
Valid TCP connection states are: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listening and closing.
Here are some examples:
ss -t state established
ss -t state closing
ss -t state syn-sent
Now you should have some basic knowledge on how to use ss utility to get socket information in your Linux environment. For more info you may want to read man page.