Home > Network Management > ss

ss Command Guide: Checking Socket Statistics (netstat Alternative)

`ss` command (socket statistics) is a powerful and modern utility used to check network socket-related information on Linux systems. It replaces the older `netstat` command, providing faster, more detailed, and efficient socket information. It is an essential tool for monitoring network activities and troubleshooting issues, such as network connection status, listening ports, and routing tables. Use this guide to learn various applications of the `ss` command.

Overview of ss

`ss` command operates much faster than `netstat` on systems with a large number of connections because it retrieves socket information directly through the kernel's `netlink` interface. It also provides much more TCP state information and detailed socket statistics that `netstat` does not offer. The use of `ss` is highly recommended when querying network-related information on modern Linux systems.

Main Roles of ss

`ss` command is primarily used for the following purposes:

Key Use Cases

  • Checking Network Connections and Listening Ports: Displays all active TCP, UDP, and UNIX sockets on the system.
  • Process-Port Mapping: Identifies which process is using a specific port.
  • Checking the Routing Table: Displays the routing table that defines the paths for IP packets.
  • Network Interface Statistics: Provides packet transmission and reception statistics for each network interface.
  • Detailed Analysis of Socket States: Deeply analyzes the detailed states (e.g., `ESTAB`, `LISTEN`, `TIME-WAIT`, etc.) and statistics of TCP connections.

`ss` vs `netstat`

`ss` is a modern and powerful alternative to `netstat`.

  • ss: Modern and fast, directly accesses kernel socket statistics, full IPv6 support, offers more filtering options.
  • netstat: Legacy tool, based on `/proc` file system, can be slow with large connections, incomplete IPv6 support.

Key ss Command Options

`ss` command allows you to filter and display desired network information in detail by combining various options.

1. Socket Type and State Filtering

2. Output Format and Detailed Information

3. Routing and Others

Generated command:

Try combining the commands.

Description:

`ss` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Effectively monitor and analyze the network connections and socket states of the system through various usage examples of the `ss` command.

Check All Active TCP Connections and Listening Ports

sudo ss -tulpn

Displays all activated TCP sockets (including listening) on the current system in numeric address format, along with the associated program names and PIDs.

Check Only Listening TCP Ports

sudo ss -tlpn

Displays all TCP listening ports waiting for connections in numeric format. Useful for checking if service ports like web servers or databases are open.

Check Processes Using a Specific Port

sudo ss -tlpn | grep :22

Checks detailed information of all TCP connections and listening ports using port `22` (SSH). Useful for diagnosing SSH servers.

Check All TCP Connections in ESTABLISHED State

ss -t state established

Displays all TCP connections that are currently active and communicating. Useful for checking if external connections are normal.

Check Number of Sockets in TIME-WAIT State

ss -s | grep -i time-wait

Checks the number of sockets remaining in the `TIME-WAIT` state after TCP connections close. A high number can lead to resource depletion in the system.

Check All UDP Sockets

ss -ulpn

Displays all UDP socket connections and listening ports currently in use on the system.

Check Routing Table

ss -r

Displays the system's IP routing table. Similar to `ip route show`.

Same category commands

curl

The Complete Guide to the Curl Command

dig

dig: DNS Information Lookup Tool

ftp

ftp: File Transfer Protocol Client

host

host: Simple DNS Information Lookup Tool

http

Mastering the HTTPie Command