The ss command is used to display socket status. It can show statistics for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and more. It provides more detailed TCP and state information than other tools and is a practical, fast, and effective tool for tracking IP connections and sockets.
What ss Provides
- All TCP sockets
- All UDP sockets
- All persistent connections for SSH/FTP/HTTP/HTTPS
- All local processes connected to X server
- Filtering by state (e.g., connected, synchronized, SYN-RECV, SYN-SENT, TIME-WAIT), address, or port
- All TCP socket connections in states like FIN-WAIT-1 and more
Many popular Linux distributions support ss, and many monitoring tools use it. Familiarity with this tool helps you better discover and solve system performance problems. I strongly recommend using ss to replace some netstat commands, such as netstat -ant or netstat -ltn.
Common Options
-t: Show TCP sockets-u: Show UDP sockets-l: Show listening sockets-p: Show process information-n: Show numeric addresses and ports (no DNS resolution)-a: Show all sockets (listening and non-listening)-s: Show summary statistics
Examples
- Show all TCP connections:
ss -t - Show listening TCP sockets:
ss -tln - Show UDP sockets with process info:
ss -uln -p - Filter by state:
ss -t state established - Summary:
ss -s
Why Use ss Over netstat?
- Faster and more efficient, especially on busy systems.
- Provides more detailed information and better filtering options.
netstatis deprecated in favor ofssandipcommands.
Use Cases
- Network troubleshooting: Identify open ports, connections, and states.
- Performance monitoring: Check for too many connections or unusual states.
- Security: Monitor for unauthorized connections.