You are on page 1of 3

Using ss instead of netstat to investigate sockets

Discussion in 'Linux Networking' started by Rob, Nov 5, 2018.


Tags:
 netstat

1.

RobAdministrator
Staff Member

Joined:

Oct 27, 2011

Messages:

302

Likes Received:

788

If you find yourself looking at networking connections in Linux then you've probably used netstat
at some point. It's very useful to list out established connections, find out which ports your
server is listening on, etc..

Well, ss is a similar tool to netstat. Netstat itself even tells us to use ss instead in its man page!
Code:
NOTE
This program is obsolete. Replacement for netstat is ss. Replacement for
netstat -r is ip route. Replacement for netstat
-i is ip -s link. Replacement for netstat -g is ip maddr.

To use ss, simply open up a terminal and type it:


Code:
ss

To get some better information out of ss, however, you can give it some options..
ss [options] [ FILTER ]

(Log in to hide this advertisement)


Let's start out by showing 'all'
Code:
ss -a

Wow - that showed quite a bit.. you'll see on the left hand side you have some established
connections, time-waits, etc..

Let's narrow this down a bit.. and only show the ports we're listening on. We'll use -l (listen), -n
(numeric ports) and -p (show the process listening).
Code:
ss -lnp

Pretty cool eh? Oh, if you didn't see the processes using the ports, you will need to be root, so
put a sudo in front of that last command.

Show the help screen


Code:
ss -h
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, --help this message
-V, --version output version information
-n, --numeric don't resolve service names
-r, --resolve resolve host names
-a, --all display all sockets
-l, --listening display listening sockets
-o, --options show timer information
-e, --extended show detailed socket information
-m, --memory show socket memory usage
-p, --processes show process using socket
-i, --info show internal TCP information
-s, --summary show socket usage summary

-4, --ipv4 display only IP version 4 sockets


-6, --ipv6 display only IP version 6 sockets
-0, --packet display PACKET sockets
-t, --tcp display only TCP sockets
-u, --udp display only UDP sockets
-d, --dccp display only DCCP sockets
-w, --raw display only RAW sockets
-x, --unix display only Unix domain sockets
-f, --family=FAMILY display sockets of type FAMILY

-A, --query=QUERY, --socket=QUERY


QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]

-D, --diag=FILE Dump raw information about TCP sockets to FILE


-F, --filter=FILE read filter information from FILE
FILTER := [ state TCP-STATE ] [ EXPRESSION ]

Let us know how you like it below in the comments!


Essential Linux Command Line: My first ebook!
rowty.net: share your code snippets
#1Rob, Nov 5, 2018

You might also like