The socket statistics command, aka ss, has replaced everyone's favorite network troubleshooting and stats command netstat. They say that technology is rapidly evolving, but I find that those of us who work with it every day are sometimes slow to give up our favorite tools and commands for the shiny and new utilities. I recently explored the netstat command here on EnableSysadmin and thought it only fair to give ss the same air-time.
Basic functions
I want to take a look at the most common uses for ss and what information is gleaned through the various options and flags. For starters, we need to discuss what capabilities that ss brings to the table.
ss is a command-line tool that provides socket stats and displays various information based on various protocols. It can display port stats, TCP, UDP, RAW, and more.
Without options
If we run the ss command with no additional input, we get a rather long list (usually) of TCP socket information. Seen here:
tcarrigan@rhel ~]$ ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 39141 * 39142
u_str ESTAB 0 0 /run/systemd/journal/stdout 40978 * 40451
u_str ESTAB 0 0 * 34449 * 34448
u_str ESTAB 0 0 * 33468 * 32519
u_str ESTAB 0 0 /run/systemd/journal/stdout 23030 * 21973
*Note this output was shortened*
Keep in mind that if you need the full results of this command or want to search through the results, write the full output to a file:
# ss > output.txt
List listening sockets
To view only listening ports, use the following:
[tcarrigan@rhel ~]$ ss -l
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 rtnl:evolution-addre/2592 *
nl UNCONN 0 0 rtnl:-2113928297 *
nl UNCONN 0 0 rtnl:-2130705133 *
List all TCP and UDP connections
To view only TCP connection, use the following:
[tcarrigan@rhel ~]$ ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:40668 172.217.13.238:https
ESTAB 0 0 10.0.2.15:47972 23.49.248.152:https
ESTAB 0 0 10.0.2.15:40254 173.223.72.39:https
ESTAB 0 0 10.0.2.15:44976 99.84.221.9:https
ESTAB 0 0 10.0.2.15:44956 99.84.221.9:https
ESTAB 0 0 10.0.2.15:53300 209.167.231.15:https
ESTAB 0 0 10.0.2.15:33218 172.217.13.67:http
For listening TCP connections:
[tcarrigan@rhel ~]$ ss -lt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:hostmon 0.0.0.0:*
LISTEN 0 128 0.0.0.0:sunrpc 0.0.0.0:*
LISTEN 0 32 192.168.122.1:domain 0.0.0.0:*
LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:*
LISTEN 0 5 127.0.0.1:ipp 0.0.0.0:*
LISTEN 0 128 [::]:hostmon [::]:*
LISTEN 0 128 [::]:sunrpc [::]:*
LISTEN 0 128 [::]:ssh [::]:*
LISTEN 0 5 [::1]:ipp [::]:*
The same flag and filter syntax is used for UDP:
[tcarrigan@rhel ~]$ ss -u
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 10.0.2.15%enp0s3:bootpc 10.0.2.2:bootps
or
[tcarrigan@rhel ~]$ ss -ul
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 0.0.0.0:53159 0.0.0.0:*
UNCONN 0 0 192.168.122.1:domain 0.0.0.0:*
UNCONN 0 0 127.0.0.53%lo:domain 0.0.0.0:*
UNCONN 0 0 0.0.0.0%virbr0:bootps 0.0.0.0:*
UNCONN 0 0 0.0.0.0:sunrpc 0.0.0.0:*
UNCONN 0 0 127.0.0.1:323 0.0.0.0:*
UNCONN 0 0 0.0.0.0:mdns 0.0.0.0:*
UNCONN 0 0 0.0.0.0:hostmon 0.0.0.0:*
UNCONN 0 0 [::]:sunrpc [::]:*
UNCONN 0 0 [::1]:323 [::]:*
UNCONN 0 0 [::]:mdns [::]:*
UNCONN 0 0 [::]:hostmon [::]:*
UNCONN 0 0 [::]:35757 [::]:*
Display sockets with PID
Much like netstat, you can display each socket with the process id of the service occupying it. To do this, use the following:
[tcarrigan@rhel ~]$ ss -p
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 39141 * 39142 users:(("gsd-wacom",pid=2251,fd=7))
u_str ESTAB 0 0 /run/systemd/journal/stdout 40978 * 40451
u_str ESTAB 0 0 * 34449 * 34448 users:(("dbus-daemon",pid=1979,fd=10))
*Note this output may vary based on system configuration*
Filter connections by IP type
For IPv4 connections:
[tcarrigan@rhel ~]$ ss -4
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp ESTAB 0 0 10.0.2.15%enp0s3:bootpc 10.0.2.2:bootps
tcp ESTAB 0 0 10.0.2.15:41406 172.217.9.196:https
tcp ESTAB 0 0 10.0.2.15:52148 172.217.164.170:https
tcp ESTAB 0 0 10.0.2.15:59082 23.15.8.121:http
tcp ESTAB 0 0 10.0.2.15:41176 66.235.147.239:https
tcp ESTAB 0 0 10.0.2.15:40004 172.217.7.174:http
For IPv6 connections:
[tcarrigan@rhel ~]$ ss -6
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
icmp6 UNCONN 0 0 *:ipv6-icmp *:*
Now, we know how to check socket/port connections and how to filter that information down into something useful. Let's take a look at how to pull summary statistics. Again, this is very similar to netstat.
How to pull summary stats
To view a summary of all connection stats, use the -s flag.
[tcarrigan@rhel ~]$ ss -s
Total: 1280
TCP: 47 (estab 27, closed 11, orphaned 0, timewait 10)
Transport Total IP IPv6
RAW 1 0 1
UDP 14 9 5
TCP 36 32 4
INET 51 41 10
FRAG 0 0 0
Wrapping up
These are some of the most common use cases for the ss command. As you can see, it is very similar to the netstat command, with two notable differences. First, the syntax is similar but shorter, so speed on the CLI is improved. Secondly, many of the ss commands in their default form give you information that would have required using options for netstat. Therefore, the ss command is objectively more user-friendly and verbose. I encourage you to wave goodbye to your old pal netstat and start using the ss command today.
[ Want more for your network? Download a free ebook on network automation with Ansible. ]
Sull'autore
Tyler is the Sr. Community Manager at Enable Sysadmin, a submarine veteran, and an all-round tech enthusiast! He was first introduced to Red Hat in 2012 by way of a Red Hat Enterprise Linux-based combat system inside the USS Georgia Missile Control Center. Now that he has surfaced, he lives with his wife and son near Raleigh, where he worked as a data storage engineer before finding his way to the Red Hat team. He has written numerous technical documents, from military procedures to knowledgebase articles and even some training curricula. In his free time, he blends a passion for hiking, climbing, and bushcraft with video games and computer building. He is loves to read and enjoy a scotch or bourbon. Find him on Twitter or on LinkedIn.
Altri risultati simili a questo
Why the future of AI depends on a portable, open PyTorch ecosystem
Scaling the future of Open RAN: Red Hat joins the OCUDU Ecosystem Foundation
Post-quantum Cryptography | Compiler
Understanding AI Security Frameworks | Compiler
Ricerca per canale
Automazione
Novità sull'automazione IT di tecnologie, team e ambienti
Intelligenza artificiale
Aggiornamenti sulle piattaforme che consentono alle aziende di eseguire carichi di lavoro IA ovunque
Hybrid cloud open source
Scopri come affrontare il futuro in modo più agile grazie al cloud ibrido
Sicurezza
Le ultime novità sulle nostre soluzioni per ridurre i rischi nelle tecnologie e negli ambienti
Edge computing
Aggiornamenti sulle piattaforme che semplificano l'operatività edge
Infrastruttura
Le ultime novità sulla piattaforma Linux aziendale leader a livello mondiale
Applicazioni
Approfondimenti sulle nostre soluzioni alle sfide applicative più difficili
Virtualizzazione
Il futuro della virtualizzazione negli ambienti aziendali per i carichi di lavoro on premise o nel cloud
