The socket statistics command, aka ss, has replaced everyone's favorite network troubleshooting and stats command netstat. They say that technology is rapidly evolving, but I find that those of us who work with it every day are sometimes slow to give up our favorite tools and commands for the shiny and new utilities. I recently explored the netstat command here on EnableSysadmin and thought it only fair to give ss the same air-time.
Basic functions
I want to take a look at the most common uses for ss and what information is gleaned through the various options and flags. For starters, we need to discuss what capabilities that ss brings to the table.
ss is a command-line tool that provides socket stats and displays various information based on various protocols. It can display port stats, TCP, UDP, RAW, and more.
Without options
If we run the ss command with no additional input, we get a rather long list (usually) of TCP socket information. Seen here:
tcarrigan@rhel ~]$ ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 39141 * 39142
u_str ESTAB 0 0 /run/systemd/journal/stdout 40978 * 40451
u_str ESTAB 0 0 * 34449 * 34448
u_str ESTAB 0 0 * 33468 * 32519
u_str ESTAB 0 0 /run/systemd/journal/stdout 23030 * 21973
*Note this output was shortened*
Keep in mind that if you need the full results of this command or want to search through the results, write the full output to a file:
# ss > output.txt
List listening sockets
To view only listening ports, use the following:
[tcarrigan@rhel ~]$ ss -l
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 rtnl:evolution-addre/2592 *
nl UNCONN 0 0 rtnl:-2113928297 *
nl UNCONN 0 0 rtnl:-2130705133 *
List all TCP and UDP connections
To view only TCP connection, use the following:
[tcarrigan@rhel ~]$ ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:40668 172.217.13.238:https
ESTAB 0 0 10.0.2.15:47972 23.49.248.152:https
ESTAB 0 0 10.0.2.15:40254 173.223.72.39:https
ESTAB 0 0 10.0.2.15:44976 99.84.221.9:https
ESTAB 0 0 10.0.2.15:44956 99.84.221.9:https
ESTAB 0 0 10.0.2.15:53300 209.167.231.15:https
ESTAB 0 0 10.0.2.15:33218 172.217.13.67:http
For listening TCP connections:
[tcarrigan@rhel ~]$ ss -lt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:hostmon 0.0.0.0:*
LISTEN 0 128 0.0.0.0:sunrpc 0.0.0.0:*
LISTEN 0 32 192.168.122.1:domain 0.0.0.0:*
LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:*
LISTEN 0 5 127.0.0.1:ipp 0.0.0.0:*
LISTEN 0 128 [::]:hostmon [::]:*
LISTEN 0 128 [::]:sunrpc [::]:*
LISTEN 0 128 [::]:ssh [::]:*
LISTEN 0 5 [::1]:ipp [::]:*
The same flag and filter syntax is used for UDP:
[tcarrigan@rhel ~]$ ss -u
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 10.0.2.15%enp0s3:bootpc 10.0.2.2:bootps
or
[tcarrigan@rhel ~]$ ss -ul
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 0.0.0.0:53159 0.0.0.0:*
UNCONN 0 0 192.168.122.1:domain 0.0.0.0:*
UNCONN 0 0 127.0.0.53%lo:domain 0.0.0.0:*
UNCONN 0 0 0.0.0.0%virbr0:bootps 0.0.0.0:*
UNCONN 0 0 0.0.0.0:sunrpc 0.0.0.0:*
UNCONN 0 0 127.0.0.1:323 0.0.0.0:*
UNCONN 0 0 0.0.0.0:mdns 0.0.0.0:*
UNCONN 0 0 0.0.0.0:hostmon 0.0.0.0:*
UNCONN 0 0 [::]:sunrpc [::]:*
UNCONN 0 0 [::1]:323 [::]:*
UNCONN 0 0 [::]:mdns [::]:*
UNCONN 0 0 [::]:hostmon [::]:*
UNCONN 0 0 [::]:35757 [::]:*
Display sockets with PID
Much like netstat, you can display each socket with the process id of the service occupying it. To do this, use the following:
[tcarrigan@rhel ~]$ ss -p
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 39141 * 39142 users:(("gsd-wacom",pid=2251,fd=7))
u_str ESTAB 0 0 /run/systemd/journal/stdout 40978 * 40451
u_str ESTAB 0 0 * 34449 * 34448 users:(("dbus-daemon",pid=1979,fd=10))
*Note this output may vary based on system configuration*
Filter connections by IP type
For IPv4 connections:
[tcarrigan@rhel ~]$ ss -4
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp ESTAB 0 0 10.0.2.15%enp0s3:bootpc 10.0.2.2:bootps
tcp ESTAB 0 0 10.0.2.15:41406 172.217.9.196:https
tcp ESTAB 0 0 10.0.2.15:52148 172.217.164.170:https
tcp ESTAB 0 0 10.0.2.15:59082 23.15.8.121:http
tcp ESTAB 0 0 10.0.2.15:41176 66.235.147.239:https
tcp ESTAB 0 0 10.0.2.15:40004 172.217.7.174:http
For IPv6 connections:
[tcarrigan@rhel ~]$ ss -6
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
icmp6 UNCONN 0 0 *:ipv6-icmp *:*
Now, we know how to check socket/port connections and how to filter that information down into something useful. Let's take a look at how to pull summary statistics. Again, this is very similar to netstat.
How to pull summary stats
To view a summary of all connection stats, use the -s flag.
[tcarrigan@rhel ~]$ ss -s
Total: 1280
TCP: 47 (estab 27, closed 11, orphaned 0, timewait 10)
Transport Total IP IPv6
RAW 1 0 1
UDP 14 9 5
TCP 36 32 4
INET 51 41 10
FRAG 0 0 0
Wrapping up
These are some of the most common use cases for the ss command. As you can see, it is very similar to the netstat command, with two notable differences. First, the syntax is similar but shorter, so speed on the CLI is improved. Secondly, many of the ss commands in their default form give you information that would have required using options for netstat. Therefore, the ss command is objectively more user-friendly and verbose. I encourage you to wave goodbye to your old pal netstat and start using the ss command today.
[ Want more for your network? Download a free ebook on network automation with Ansible. ]
Über den Autor
Tyler is the Sr. Community Manager at Enable Sysadmin, a submarine veteran, and an all-round tech enthusiast! He was first introduced to Red Hat in 2012 by way of a Red Hat Enterprise Linux-based combat system inside the USS Georgia Missile Control Center. Now that he has surfaced, he lives with his wife and son near Raleigh, where he worked as a data storage engineer before finding his way to the Red Hat team. He has written numerous technical documents, from military procedures to knowledgebase articles and even some training curricula. In his free time, he blends a passion for hiking, climbing, and bushcraft with video games and computer building. He is loves to read and enjoy a scotch or bourbon. Find him on Twitter or on LinkedIn.
Ähnliche Einträge
Friday Five — December 19, 2025 | Red Hat
Master modern hybrid cloud security and scale with Red Hat updates
Technically Speaking | Platform engineering for AI agents
Technically Speaking | Driving healthcare discoveries with AI
Nach Thema durchsuchen
Automatisierung
Das Neueste zum Thema IT-Automatisierung für Technologien, Teams und Umgebungen
Künstliche Intelligenz
Erfahren Sie das Neueste von den Plattformen, die es Kunden ermöglichen, KI-Workloads beliebig auszuführen
Open Hybrid Cloud
Erfahren Sie, wie wir eine flexiblere Zukunft mit Hybrid Clouds schaffen.
Sicherheit
Erfahren Sie, wie wir Risiken in verschiedenen Umgebungen und Technologien reduzieren
Edge Computing
Erfahren Sie das Neueste von den Plattformen, die die Operations am Edge vereinfachen
Infrastruktur
Erfahren Sie das Neueste von der weltweit führenden Linux-Plattform für Unternehmen
Anwendungen
Entdecken Sie unsere Lösungen für komplexe Herausforderungen bei Anwendungen
Virtualisierung
Erfahren Sie das Neueste über die Virtualisierung von Workloads in Cloud- oder On-Premise-Umgebungen
