The socket statistics command, aka ss, has replaced everyone's favorite network troubleshooting and stats command netstat. They say that technology is rapidly evolving, but I find that those of us who work with it every day are sometimes slow to give up our favorite tools and commands for the shiny and new utilities. I recently explored the netstat command here on EnableSysadmin and thought it only fair to give ss the same air-time.
Basic functions
I want to take a look at the most common uses for ss and what information is gleaned through the various options and flags. For starters, we need to discuss what capabilities that ss brings to the table.
ss is a command-line tool that provides socket stats and displays various information based on various protocols. It can display port stats, TCP, UDP, RAW, and more.
Without options
If we run the ss command with no additional input, we get a rather long list (usually) of TCP socket information. Seen here:
tcarrigan@rhel ~]$ ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 39141 * 39142
u_str ESTAB 0 0 /run/systemd/journal/stdout 40978 * 40451
u_str ESTAB 0 0 * 34449 * 34448
u_str ESTAB 0 0 * 33468 * 32519
u_str ESTAB 0 0 /run/systemd/journal/stdout 23030 * 21973
*Note this output was shortened*
Keep in mind that if you need the full results of this command or want to search through the results, write the full output to a file:
# ss > output.txt
List listening sockets
To view only listening ports, use the following:
[tcarrigan@rhel ~]$ ss -l
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 rtnl:evolution-addre/2592 *
nl UNCONN 0 0 rtnl:-2113928297 *
nl UNCONN 0 0 rtnl:-2130705133 *
List all TCP and UDP connections
To view only TCP connection, use the following:
[tcarrigan@rhel ~]$ ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:40668 172.217.13.238:https
ESTAB 0 0 10.0.2.15:47972 23.49.248.152:https
ESTAB 0 0 10.0.2.15:40254 173.223.72.39:https
ESTAB 0 0 10.0.2.15:44976 99.84.221.9:https
ESTAB 0 0 10.0.2.15:44956 99.84.221.9:https
ESTAB 0 0 10.0.2.15:53300 209.167.231.15:https
ESTAB 0 0 10.0.2.15:33218 172.217.13.67:http
For listening TCP connections:
[tcarrigan@rhel ~]$ ss -lt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:hostmon 0.0.0.0:*
LISTEN 0 128 0.0.0.0:sunrpc 0.0.0.0:*
LISTEN 0 32 192.168.122.1:domain 0.0.0.0:*
LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:*
LISTEN 0 5 127.0.0.1:ipp 0.0.0.0:*
LISTEN 0 128 [::]:hostmon [::]:*
LISTEN 0 128 [::]:sunrpc [::]:*
LISTEN 0 128 [::]:ssh [::]:*
LISTEN 0 5 [::1]:ipp [::]:*
The same flag and filter syntax is used for UDP:
[tcarrigan@rhel ~]$ ss -u
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 10.0.2.15%enp0s3:bootpc 10.0.2.2:bootps
or
[tcarrigan@rhel ~]$ ss -ul
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 0.0.0.0:53159 0.0.0.0:*
UNCONN 0 0 192.168.122.1:domain 0.0.0.0:*
UNCONN 0 0 127.0.0.53%lo:domain 0.0.0.0:*
UNCONN 0 0 0.0.0.0%virbr0:bootps 0.0.0.0:*
UNCONN 0 0 0.0.0.0:sunrpc 0.0.0.0:*
UNCONN 0 0 127.0.0.1:323 0.0.0.0:*
UNCONN 0 0 0.0.0.0:mdns 0.0.0.0:*
UNCONN 0 0 0.0.0.0:hostmon 0.0.0.0:*
UNCONN 0 0 [::]:sunrpc [::]:*
UNCONN 0 0 [::1]:323 [::]:*
UNCONN 0 0 [::]:mdns [::]:*
UNCONN 0 0 [::]:hostmon [::]:*
UNCONN 0 0 [::]:35757 [::]:*
Display sockets with PID
Much like netstat, you can display each socket with the process id of the service occupying it. To do this, use the following:
[tcarrigan@rhel ~]$ ss -p
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 39141 * 39142 users:(("gsd-wacom",pid=2251,fd=7))
u_str ESTAB 0 0 /run/systemd/journal/stdout 40978 * 40451
u_str ESTAB 0 0 * 34449 * 34448 users:(("dbus-daemon",pid=1979,fd=10))
*Note this output may vary based on system configuration*
Filter connections by IP type
For IPv4 connections:
[tcarrigan@rhel ~]$ ss -4
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp ESTAB 0 0 10.0.2.15%enp0s3:bootpc 10.0.2.2:bootps
tcp ESTAB 0 0 10.0.2.15:41406 172.217.9.196:https
tcp ESTAB 0 0 10.0.2.15:52148 172.217.164.170:https
tcp ESTAB 0 0 10.0.2.15:59082 23.15.8.121:http
tcp ESTAB 0 0 10.0.2.15:41176 66.235.147.239:https
tcp ESTAB 0 0 10.0.2.15:40004 172.217.7.174:http
For IPv6 connections:
[tcarrigan@rhel ~]$ ss -6
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
icmp6 UNCONN 0 0 *:ipv6-icmp *:*
Now, we know how to check socket/port connections and how to filter that information down into something useful. Let's take a look at how to pull summary statistics. Again, this is very similar to netstat.
How to pull summary stats
To view a summary of all connection stats, use the -s flag.
[tcarrigan@rhel ~]$ ss -s
Total: 1280
TCP: 47 (estab 27, closed 11, orphaned 0, timewait 10)
Transport Total IP IPv6
RAW 1 0 1
UDP 14 9 5
TCP 36 32 4
INET 51 41 10
FRAG 0 0 0
Wrapping up
These are some of the most common use cases for the ss command. As you can see, it is very similar to the netstat command, with two notable differences. First, the syntax is similar but shorter, so speed on the CLI is improved. Secondly, many of the ss commands in their default form give you information that would have required using options for netstat. Therefore, the ss command is objectively more user-friendly and verbose. I encourage you to wave goodbye to your old pal netstat and start using the ss command today.
[ Want more for your network? Download a free ebook on network automation with Ansible. ]
執筆者紹介
Tyler is the Sr. Community Manager at Enable Sysadmin, a submarine veteran, and an all-round tech enthusiast! He was first introduced to Red Hat in 2012 by way of a Red Hat Enterprise Linux-based combat system inside the USS Georgia Missile Control Center. Now that he has surfaced, he lives with his wife and son near Raleigh, where he worked as a data storage engineer before finding his way to the Red Hat team. He has written numerous technical documents, from military procedures to knowledgebase articles and even some training curricula. In his free time, he blends a passion for hiking, climbing, and bushcraft with video games and computer building. He is loves to read and enjoy a scotch or bourbon. Find him on Twitter or on LinkedIn.
チャンネル別に見る
自動化
テクノロジー、チームおよび環境に関する IT 自動化の最新情報
AI (人工知能)
お客様が AI ワークロードをどこでも自由に実行することを可能にするプラットフォームについてのアップデート
オープン・ハイブリッドクラウド
ハイブリッドクラウドで柔軟に未来を築く方法をご確認ください。
セキュリティ
環境やテクノロジー全体に及ぶリスクを軽減する方法に関する最新情報
エッジコンピューティング
エッジでの運用を単純化するプラットフォームのアップデート
インフラストラクチャ
世界有数のエンタープライズ向け Linux プラットフォームの最新情報
アプリケーション
アプリケーションの最も困難な課題に対する Red Hat ソリューションの詳細
仮想化
オンプレミスまたは複数クラウドでのワークロードに対応するエンタープライズ仮想化の将来についてご覧ください
