ss is a command-line utility used to investigate sockets in a Linux system. A socket is an endpoint for sending and receiving data across a network, and can be used by various network services and applications to communicate with each other.
The ss command provides an alternative to the netstat command, which is used to display information about network connections and routing tables. However, ss provides more detailed information about sockets and is generally faster and more efficient than netstat.
ss can be used to display a variety of information about sockets, including the state of the socket, the protocol used, the local and remote addresses, and the amount of data transmitted or received. The command also supports a wide range of filtering options, allowing users to selectively display sockets based on a variety of criteria, such as the socket state or the application that created the socket.
If you encounter the below error while running the command ss:
ss: command not found
you may try installing the below package as per your choice of distribution:
Distribution | Command |
---|---|
Debian | apt-get install iproute2 |
Ubuntu | apt-get install iproute2 |
Alpine | apk add iproute2 |
Arch Linux | pacman -S iproute2 |
Kali Linux | apt-get install iproute2 |
CentOS | yum install iproute |
Fedora | dnf install iproute |
Raspbian | apt-get install iproute2 |
ss Command Examples
1. Show all TCP/UDP/RAW/UNIX sockets:
# ss -a -t|-u|-w|-x
2. Filter TCP sockets by states, only/exclude:
# ss state/exclude bucket/big/connected/synchronized/...
3. Show all TCP sockets connected to the local HTTPS port (443):
# ss -t src :443
4. Show all TCP sockets listening on the local 8080 port:
# ss -lt src :8080
5. Show all TCP sockets along with processes connected to a remote ssh port:
# ss -pt dst :ssh
6. Show all UDP sockets connected on specific source and destination ports:
# ss -u 'sport == :source_port and dport == :destination_port'
7. Show all TCP IPv4 sockets locally connected on the subnet 192.168.0.0/16:
# ss -4t src 192.168/16
Summary
In summary, ss is a powerful and flexible tool for investigating sockets in a Linux system. It provides detailed information about sockets and supports a wide range of filtering options, making it a valuable tool for network troubleshooting and analysis.