How to Use Linux SS (Socket Statistics) Command

The ss (Socket Statistics) command is a modern Linux utility for displaying detailed network and socket statistics. It provides comprehensive information about open network connections, listening ports, packet statistics, and more. This command is much simpler, faster, and feature-rich than the classic netstat tool. These features make it a preferred choice for many Linux users and administrators.

In this tutorial, we’ll discuss all the basics that you need to know about the Linux socket statistics command. 

Understanding the Linux SS (Socket Statistics) Command

Socket Statistics, or SS, is a command-line Linux utility for analyzing socket-level details. Using this command, you can list all connections, Listening and Non-listening Ports, Listening Sockets, all TCP Connections, all UDP Connections, and much more. This makes the ss command a powerful tool for monitoring and troubleshooting network connectivity in Linux systems.

Basic Usage of SS Command in Linux

Executing the ss command without any options displays a basic summary of the active socket connections on the system. However, you can enhance its functionality by using various options and arguments. The following points outline the ss command options along with their descriptions:

  • ss: Displays socket statistics.
  • ss -a: Shows all sockets (listening and non-listening).
  • ss -l: Displays only listening sockets.
  • ss -t: Shows TCP sockets.
  • ss -lt: Lists only listening TCP sockets.
  • ss -ua: Displays all UDP sockets.
  • ss -lu: Lists only listening UDP sockets.
  • ss -p: Displays the process using the sockets.
  • ss -s: Provides a summary of socket statistics.
  • ss -4: Shows IPv4 sockets only.
  • ss -6: Shows IPv6 sockets only.

To learn more about the ss command, you can access the command’s general manual page, as follows:

man ss
ss command manual page

Let’s explore some practical examples to understand how to monitor network connections using the ss command:

Example 1: List all Connections

You can run the ss command without any argument to list all connections:

ss

Here, the Netid represents the socket type (e.g., TCP, UDP, u_str, u_seq), the State indicates the socket’s status (e.g., ESTAB, UNCONN, LISTEN), Recv-Q and Send-Q show the packets in receive and send queues, while the Local address:port and Peer address:port display the local and remote machine addresses with their respective ports:

ss command basic usage

Example 2: List all Connections

To list all connections, we can execute the ss command with the “-a” or “–all” option:

ss -a

This command retrieves all connections including all listening and non-listening connections:

listing all connections

Example 3: List Listening Sockets

To list only listening sockets, you can run the ss command with the “-l” or “–list” option as follows:

ss -l
list only listening sockets

Example 4: List IPv4 and IPv6 Socket Connections

You can execute the ss command with -4 and -6 options to show the IPv4 and IPv6 socket connections, respectively. For example, the following command returns IPv4 socket connections:

ss -4
ipv4 sockets

Example 5: Show Summary Stats

Running the ss command with the -s option (ss -s) provides a summary of all connections. This option is useful for assessing the overall state of the system’s network connections:

ss -s

The output shows the aggregated statistics about sockets, such as the number of established, listening, and other socket states, categorized by protocols (TCP, UDP, etc.):

summary of sockets

This way, you can use any other option with the ss command to get the desired network connection details.

Difference Between netstat and ss Command

The main difference between the Linux netstat command and ss is speed and features. The ss command is faster because it gets data directly from the system’s kernel, while netstat reads system files, making it slower. ss also provides more detailed and advanced options. However, netstat is still useful for older systems or when simpler output is enough.

Conclusion

The ss command is an essential tool for Linux users and administrators, offering a modern, fast, and feature-rich alternative to the traditional netstat command. Its ability to provide detailed insights into network connections, socket states, and protocol-specific statistics makes it valuable for monitoring and troubleshooting network activities. In this article, we covered the basic usage, key options, and practical examples of the ss command. 

The ss command helps you monitor and analyze network connections, making it essential for troubleshooting and managing Linux network performance. For a seamless experience, try Ultahost’s fast VPS hosting. With affordable plans and reliable uptime, Ultahost provides the perfect environment to practice the ss command and other Linux commands without interruptions.

FAQ

What is the ss command in Linux used for?
How is the ss command better than netstat?
What does running the ss command without options do?
How can I list all socket connections using ss?
How can I display only listening sockets?
How do I list IPv4 or IPv6 connections using ss?
What does the ss -s command do?

Related Post

lsof Command in Linux with Examples

lsof command stands for "list open files" and it is inc...

How to Forward Ports With Iptables in Linux

Port forwarding is a crucial technique for network admi...

How to Create a Linux Swap File

A swap file is a designated space on a hard disk drive ...

How to Install Visual Studio Code on Linux

Visual Studio Code (VS Code) is a widely used code edit...

Exploring the Linux tr Command

tr is a text manipulation command in Linux/Unix that is...

How to Use apropos Command in Linux

The apropos command in Linux is an essential tool for b...

Leave a Comment