ss

The ss command is used to investigate sockets on your system. It's a utility to display detailed information about network connections, both listening and established. It’s often seen as a faster alternative to netstat, as it provides a more direct interface to the kernel and can handle a large number of connections more efficiently.

Basic Syntax:

ss [options]

Common `ss` Command Options:

-t: Display TCP sockets.
-u: Display UDP sockets.
-l: Display only listening sockets.
-p: Show the process using the socket.
-n: Show numerical addresses instead of resolving hostnames.
-a: Show all sockets (listening and non-listening).
-s: Display summary statistics for socket usage.
-r: Show routing information (reverse lookup).
-l -t: Display only listening TCP sockets.

1. Show All Sockets

This command shows all the sockets (TCP, UDP, and Unix) with their status.

Example:

ss -a

Sample Output:

State      Recv-Q   Send-Q     Local Address:Port     Peer Address:Port  
LISTEN     0        128        0.0.0.0:22             0.0.0.0:*     
ESTAB      0        52         192.168.1.2:22         192.168.1.3:52346

Explanation:
- State: The state of the connection (LISTEN, ESTAB).
- Recv-Q: The number of bytes in the receive queue.
- Send-Q: The number of bytes in the send queue.
- Local Address:Port: The local IP and port that the socket is bound to.
- Peer Address:Port: The remote address and port for established connections.

2. Show Listening Sockets

To see which sockets are currently listening for incoming connections, use the -l option.

Example:

ss -l

Sample Output:

State      Recv-Q   Send-Q     Local Address:Port     Peer Address:Port  
LISTEN     0        128        0.0.0.0:22             0.0.0.0:*     
LISTEN     0        128        [::]:80                [::]:*

Explanation:
- Displays only the sockets that are waiting for incoming connections (e.g., SSH on port 22, HTTP on port 80).

3. Show TCP Sockets

To view TCP sockets (used for most internet connections), use the -t option.

Example:

ss -t

Sample Output:

State      Recv-Q   Send-Q     Local Address:Port     Peer Address:Port  
ESTAB      0        52         192.168.1.2:22         192.168.1.3:52346

Explanation:
- Only TCP connections are shown (e.g., SSH connection from 192.168.1.3).

4. Show UDP Sockets

To list only UDP sockets (used for connectionless communications), use the -u option.

Example:

ss -u

Sample Output:

State      Recv-Q   Send-Q     Local Address:Port     Peer Address:Port  
UNCONN     0        0          0.0.0.0:123            0.0.0.0:*

Explanation:
- Displays the status of UDP sockets. For example, it might show that port 123 is used for NTP (Network Time Protocol).

5. Show Processes Using Sockets

To display the processes that are using each socket, add the -p option.

Example:

ss -t -p

Sample Output:

State      Recv-Q   Send-Q     Local Address:Port     Peer Address:Port  Process
ESTAB      0        52         192.168.1.2:22         192.168.1.3:52346  sshd

Explanation:
- This shows that the sshd process is responsible for the SSH connection on port 22.

6. Show Socket Summary

To view a summary of socket usage (e.g., the number of established and listening connections), use the -s option.

Example:

ss -s

Sample Output:

Total: 258 (kernel 259)
TCP:   4 (estab 2, closed 1, orphaned 0, synrecv 0, timewait 0)
UDP:   2 (active 0, inactive 2)
Raw:   0

Explanation:
- Displays a summary of the socket usage:
  - Total: Total number of sockets.
  - TCP: Details on TCP socket states (e.g., estab for established connections).
  - UDP: Details on UDP socket states.

7. Show Detailed Information About a Specific Socket

To show detailed information about a particular socket, use the -i option followed by the socket address.

Example:

ss -t -i

Sample Output:

State      Recv-Q   Send-Q     Local Address:Port     Peer Address:Port  
ESTAB      0        52         192.168.1.2:22         192.168.1.3:52346
  inode: 12345
  skmem:(r0,rb0,w0,wb0)
  read_bytes: 0 write_bytes: 0
  retransmits: 0 timeouts: 0

Explanation:
- Provides additional information such as the socket’s inode, memory usage, read/write byte counts, and more.

8. Show Sockets in Use by a Specific User

To see the sockets being used by a particular user, use the -u option with a username.

Example:

ss -u user1

Explanation:
- Displays all the sockets being used by user1.

9. Show Reverse DNS Lookup (Address to Hostname)

To display hostnames instead of IP addresses, use the -r option.

Example:

ss -t -r

Sample Output:

State      Recv-Q   Send-Q     Local Address:Port     Peer Address:Port  
ESTAB      0        52         myhost.example.com:22  remotehost.example.com:52346

Explanation:
- The command resolves IP addresses to hostnames (myhost.example.com and remotehost.example.com).

10. Filtering Connections by Specific Address or Port

You can filter the results by a specific address or port.

Example (show connections on port 22):

ss -t -n sport = :22

Example (show connections to a specific IP):

ss -t -n dport = :80

Additional Examples

Show All Listening Ports (TCP and UDP):
```
ss -tuln
```
- Shows all TCP and UDP ports that are currently listening.
Show All Sockets with Process Information:
```
ss -tulnp
```
- Lists all listening sockets along with the processes using those sockets.

Basic Syntax:

Common ss Command Options:

1. Show All Sockets

Example:

Sample Output:

2. Show Listening Sockets

Example:

Sample Output:

3. Show TCP Sockets

Example:

Sample Output:

4. Show UDP Sockets

Example:

Sample Output:

5. Show Processes Using Sockets

Example:

Sample Output:

6. Show Socket Summary

Example:

Sample Output:

7. Show Detailed Information About a Specific Socket

Example:

Sample Output:

8. Show Sockets in Use by a Specific User

Example:

9. Show Reverse DNS Lookup (Address to Hostname)

Example:

Sample Output:

10. Filtering Connections by Specific Address or Port

Example (show connections on port 22):

Example (show connections to a specific IP):

Additional Examples

Common `ss` Command Options: