Table of Contents
In this article, I will take you through 25 Useful Linux ss command examples to monitor Network Connections. If you are familiar with netstat tool in Linux then it will be easy for you to understand Linux ss command which is more advanced version of netstat command. Using Linux ss command you can check more information about TCP and UDP Socket connections.
You will find this command available by default in most of the Linux Based Systems hence you don’t have to install it separately. We will go through different Linux ss command examples below to understand the various usages of this command.
Syntax
ss [options] [ FILTER ]
Linux ss command examples
Also Read: How to use gcloud for GCP Login in 2 Best Steps
Example 1. Check Linux ss command version
If you want to check Linux ss command version then you need to use ss --version command as shown below.
[root@localhost ~]# ss --version ss utility, iproute2-ss170501
–version : Output version information.
NOTE:
root user to run all the below commands.You can use any user with sudo access to run all these commands.For more information Please check Step by Step: How to Add User to Sudoers to provide sudo access to User.Example 2. Display all Listening and Non-Listening Sockets
To check all Listening and Non-Listening sockets connection you need to use ss -a command as shown below. Using Linux ss command with -a option will show you the output in great detail.
[root@localhost ~]# ss -a Netid State Recv-Q Send-Q Local Address:Port Peer Address: Port nl UNCONN 0 0 rtnl:kernel * nl UNCONN 0 0 rtnl:NetworkManager/706 * nl UNCONN 0 0 rtnl:NetworkManager/706 * nl UNCONN 768 0 tcpdiag:kernel * nl UNCONN 4352 0 tcpdiag:ss/3535 * nl UNCONN 0 0 xfrm:kernel * nl UNCONN 0 0 selinux:kernel * nl UNCONN 0 0 selinux:dbus-daemon/676 *
-a : Display both listening and non-listening (for TCP this means established connections) sockets.
Example 3. Display Socket Memory Usages using Linux ss command
If you want to check memory usages by each socket connections then you need to run ss -m command as shown below.
[root@localhost ~]# ss -m Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 18190 * 18191 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 * 18205 * 18206 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 * 12931 * 12932 skmem:(r0,rb212992,t0,tb16777216,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 /run/dbus/system_bus_socket 18036 * 18035 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 * 18194 * 18193 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 * 14731 * 14732 skmem:(r0,rb212992,t0,tb16777216,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 /run/dbus/system_bus_socket 15072 * 15050 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0) u_str ESTAB 0 0 * 18178 * 18179 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)
-m : Show socket memory usage.
Example 4. Display Only Listening Sockets using Linux ss command
If you want to see only Listening sockets connection then you need to run ss -l command as shown below. This is very important Linux ss command example where you can check all active Listening connections. This is often used during network troubleshooting.
[root@localhost ~]# ss -l Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port nl UNCONN 0 0 rtnl:kernel * nl UNCONN 0 0 rtnl:NetworkManager/706 * nl UNCONN 0 0 rtnl:NetworkManager/706 * nl UNCONN 4352 0 tcpdiag:ss/3621 * nl UNCONN 768 0 tcpdiag:kernel * nl UNCONN 0 0 xfrm:kernel * nl UNCONN 0 0 selinux:kernel * nl UNCONN 0 0 selinux:dbus-daemon/676 * nl UNCONN 0 0 selinux:systemd/1 *
-l : Display only listening sockets (these are omitted by default).
Example 5. Run Linux ss command without Any Option
You can run Linux ss command to check all the active socket and packet connections as shown in below output.
[root@localhost ~]# ss Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 18190 * 18191 u_str ESTAB 0 0 * 18205 * 18206 u_str ESTAB 0 0 * 12931 * 12932 u_str ESTAB 0 0 /run/dbus/system_bus_socket 18036 * 18035 u_str ESTAB 0 0 * 18194 * 18193 u_str ESTAB 0 0 * 14731 * 14732 u_str ESTAB 0 0 /run/dbus/system_bus_socket 15072 * 15050 u_str ESTAB 0 0 * 18178 * 18179 u_str ESTAB 0 0 /run/systemd/journal/stdout 15603 * 15602 u_str ESTAB 0 0 * 18209 * 18208 u_str ESTAB 0 0 * 17389 * 17390 u_str ESTAB 0 0 * 18163 * 18164 u_str ESTAB 0 0 * 15068 * 15069
Example 6. Display Only TCP Sockets using Linux ss command
If you only want to check TCP socket connections then you need to use ss -t command as shown below.
[root@localhost ~]# ss -t State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 64 192.168.0.101:ssh 192.168.0.102:6761
-t : Display TCP sockets.
Example 7. Display only TCP Listening Connections Using Linux ss command
If you are interested in checking all Listening TCP connections only then you need to use ss -lt command as shown below.
[root@localhost ~]# ss -lt State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 100 127.0.0.1:smtp *:* LISTEN 0 128 *:ssh *:* LISTEN 0 100 [::1]:smtp [::]:* LISTEN 0 128 [::]:ssh [::]:*
Example 8. List all Unix Domain Sockets Using Linux ss command
If you want to list the connections in Unix Domain Sockets type then you need to use ss -x command as shown below.
[root@localhost ~]# ss -x Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 18190 * 18191 u_str ESTAB 0 0 * 18205 * 18206 u_str ESTAB 0 0 * 12931 * 12932 u_str ESTAB 0 0 /run/dbus/system_bus_socket 18036 * 18035 u_str ESTAB 0 0 * 18194 * 18193 u_str ESTAB 0 0 * 14731 * 14732 u_str ESTAB 0 0 /run/dbus/system_bus_socket 15072 * 15050 u_str ESTAB 0 0 * 18178 * 18179 u_str ESTAB 0 0 /run/systemd/journal/stdout 15603 * 15602 u_str ESTAB 0 0 * 18209 * 18208 u_str ESTAB 0 0 * 17389 * 17390 u_str ESTAB 0 0 * 18163 * 18164
-x : Display Unix domain sockets (alias for -f unix).
Example 9. Show Detailed Socket Information Using Linux ss command
If you want to check detailed information about socket connections then you need to use ss -e command as shown below.
[root@localhost ~]# ss -e Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 18190 * 18191 <-> u_str ESTAB 0 0 * 18205 * 18206 <-> u_str ESTAB 0 0 * 12931 * 12932 --> u_str ESTAB 0 0 /run/dbus/system_bus_socket 18036 * 18035 <-> u_str ESTAB 0 0 * 18194 * 18193 <-> u_str ESTAB 0 0 * 14731 * 14732 --> u_str ESTAB 0 0 /run/dbus/system_bus_socket 15072 * 15050
-e : Show detailed socket information
Example 10. Suppress Header Information in the Output
If you want to suppress header information in Linux ss command output then you need to use ss -H command as shown below.
[root@localhost ~]# ss -H
u_str ESTAB 0 0 * 18190 * 18191
u_str ESTAB 0 0 * 18205 * 18206
u_str ESTAB 0 0 * 12931 * 12932
u_str ESTAB 0 0 /run/dbus/system_bus_socket 18036 * 18035
u_str ESTAB 0 0 * 18194 * 18193
u_str ESTAB 0 0 * 14731 * 14732
u_str ESTAB 0 0 /run/dbus/system_bus_socket 15072 * 15050
u_str ESTAB 0 0 * 18178 * 18179
u_str ESTAB 0 0 /run/systemd/journal/stdout 15603 * 15602
u_str ESTAB 0 0 * 18209 * 18208
u_str ESTAB 0 0 * 17389 * 17390
u_str ESTAB 0 0 * 18163 * 18164
u_str ESTAB 0 0 * 15068 * 15069
u_str ESTAB 0 0 /run/dbus/system_bus_socket 15541 * 15540
-H : Suppress header line.
Example 11. Show Timer Information using Linux ss command
If you want to check the timer information then you need to use ss -o command as shown below.
[root@localhost ~]# ss -o Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 18190 * 18191 u_str ESTAB 0 0 * 18205 * 18206 u_str ESTAB 0 0 * 12931 * 12932 u_str ESTAB 0 0 /run/dbus/system_bus_socket 18036 * 18035 u_str ESTAB 0 0 * 18194 * 18193 u_str ESTAB 0 0 * 14731 * 14732 u_str ESTAB 0 0 /run/dbus/system_bus_socket 15072 * 15050 u_str ESTAB 0 0 * 18178 * 18179 u_str ESTAB 0 0 /run/systemd/journal/stdout 15603 * 15602 u_str ESTAB 0 0 * 18209 * 18208 u_str ESTAB 0 0 * 17389 * 17390 u_str ESTAB 0 0 * 18163 * 18164 u_str ESTAB 0 0 * 15068 * 15069 u_str ESTAB 0 0 /run/dbus/system_bus_socket 15541 * 15540 u_str ESTAB 0 0 * 18182 * 18181 u_str ESTAB 0 0 /run/systemd/journal/stdout 17260 * 17259 u_str ESTAB 0 0 * 18167 * 18166 u_str ESTAB 0 0 * 18202 * 18203 u_str ESTAB 0 0 * 18217 * 18218 u_str ESTAB 0 0 * 18173 * 18172 u_str ESTAB 0 0 * 18206 * 18205 u_str ESTAB 0 0 * 14991 * 15070 u_str ESTAB 0 0 * 18191 * 18190 u_str ESTAB 0 0 * 18149 * 18150 u_str ESTAB 0 0 * 18156 * 18157 u_str ESTAB 0 0 * 18169 * 18170 u_str ESTAB 0 0 * 18153 * 18154 u_str ESTAB 0 0 * 18196 * 18197 u_str ESTAB 0 0 * 15428 * 15429 u_str ESTAB 0 0 * 18211 * 18212 tcp ESTAB 0 1232 192.168.0.101:ssh 192.168.0.102:6761 timer:(on,220ms,0)
-o : Show timer information.
Example 12. Display Summary Stats Using Linux ss command
If you want to check the summary of Socket state then you need to use ss -s command as shown below.
[root@localhost ~]# ss -s Total: 180 (kernel 228) TCP: 5 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0 Transport Total IP IPv6 * 228 - - RAW 0 0 0 UDP 3 2 1 TCP 5 3 2 INET 8 5 3 FRAG 0 0 0
-s : Print summary statistics.
Example 13. Display Only IPV4 Scokets Using Linux ss command
If you want to display all IPV4 socket connections only then you need to use ss -4 command as shown below.
[root@localhost ~]# ss -4 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp ESTAB 0 64 192.168.0.101:ssh 192.168.0.102:6761
-4 : Display only IP version 4 sockets
Example 14. Display IPV4 Listening Connections Only Using Linux ss command
If you want to display all IPV4 Listening Connections only then you need to use ss -l4 command as shown below.
[root@localhost ~]# ss -l4 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 *:bootpc *:* udp UNCONN 0 0 127.0.0.1:323 *:* tcp LISTEN 0 100 127.0.0.1:smtp *:* tcp LISTEN 0 128 *:ssh *:*
Example 15. Display IPV6 Listening Connections Only
If you want to see all Listening IPV6 connections only then you need to use ss -l6 command as shown below.
[root@localhost ~]# ss -l6 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 [::1]:323 [::]:* tcp LISTEN 0 100 [::1]:smtp [::]:* tcp LISTEN 0 128 [::]:ssh [::]:*
-6 : Display only IP version 6 sockets.
Example 16. Show Socket BPF Filters Using Linux ss command
If you want to list all Socket BPF Filters then you need to use ss -b command as shown below.
[root@localhost ~]# ss -b Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 18190 * 18191 u_str ESTAB 0 0 * 18205 * 18206 u_str ESTAB 0 0 * 12931 * 12932 u_str ESTAB 0 0 /run/dbus/system_bus_socket 18036 * 18035 u_str ESTAB 0 0 * 18194 * 18193 u_str ESTAB 0 0 * 14731 * 14732 u_str ESTAB 0 0 /run/dbus/system_bus_socket 15072 * 15050 u_str ESTAB 0 0 * 18178 * 18179 u_str ESTAB 0 0 /run/systemd/journal/stdout 15603 * 15602 u_str ESTAB 0 0 * 18209 * 18208 u_str ESTAB 0 0 * 17389 * 17390 u_str ESTAB 0 0 * 18163 * 18164
-b : Show socket BPF filters (only administrators are allowed to get these information)
Example 17. List all UDP Connections Using Linux ss command
If you want to check all udp Listening connections only then you need to use ss -lu command as shown below.
[root@localhost ~]# ss -lu State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:bootpc *:* UNCONN 0 0 127.0.0.1:323 *:* UNCONN 0 0 [::1]:323 [::]:*
-u : Display UDP sockets.
Example 18. Show All Processes Using Socket Connection
If you want to show all the process using sockets then you need to use ss -p command as shown below.
[root@localhost ~]# ss -p Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 18190 * 18191 users:(("master",pid=1201,fd=60)) u_str ESTAB 0 0 * 18205 * 18206 users:(("master",pid=1201,fd=75)) u_str ESTAB 0 0 * 12931 * 12932 users:(("lvmetad",pid=512,fd=2),("lvmetad",pid=512,fd=1)) u_str ESTAB 0 0 /run/dbus/system_bus_socket 18036 * 18035 users:(("dbus-daemon",pid=676,fd=16)) u_str ESTAB 0 0 * 18194 * 18193 users:(("master",pid=1201,fd=64)) u_str ESTAB 0 0 * 14731 * 1473
-p : Show process using socket.
Example 19. Do not Resolve Service Names
If you don’t want to resolve service names then you need to use ss -n command as shown below.
[root@localhost ~]# ss -n Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 18190 * 18191 u_str ESTAB 0 0 * 18205 * 18206 u_str ESTAB 0 0 * 12931 * 12932 u_str ESTAB 0 0 /run/dbus/system_bus_socket 18036 * 18035 u_str ESTAB 0 0 * 18194 * 18193 u_str ESTAB 0 0 * 14731 * 14732 u_str ESTAB 0 0 /run/dbus/system_bus_socket 15072 * 15050 u_str ESTAB 0 0 * 18178 * 18179 u_str ESTAB 0 0 /run/systemd/journal/stdout 15603 * 15602 u_str ESTAB 0 0 * 18209 * 18208 u_str ESTAB 0 0 * 17389 * 17390 u_str ESTAB 0 0 * 18163 * 18164 u_str ESTAB 0 0 * 15068 * 15069 u_str ESTAB 0 0 /run/dbus/system_bus_socket 15541 * 15540
-n : Do not try to resolve service names.
Example 20. Show Internal TCP Information Using Linux ss command
If you want to show internal TCP information then you need to use ss -i command as shown below.
[root@localhost ~]# ss -i Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 18190 * 18191 u_str ESTAB 0 0 * 18205 * 18206 u_str ESTAB 0 0 * 12931 * 12932 u_str ESTAB 0 0 /run/dbus/system_bus_socket 18036 * 18035 u_str ESTAB 0 0 * 18194 * 18193 u_str ESTAB 0 0 * 14731 * 14732 u_str ESTAB 0 0 /run/dbus/system_bus_socket 15072 * 15050 u_str ESTAB 0 0 * 18178 * 18179 u_str ESTAB 0 0 /run/systemd/journal/stdout 15603 * 15602 u_str ESTAB 0 0 * 18164 * 18163 u_str ESTAB 0 0 * 18179 * 18178 u_str ESTAB 0 0 * 18208 * 18209 u_str ESTAB 0 0 /run/systemd/journal/stdout 17390 * 17389 u_str ESTAB 0 0 * 18193 * 18194 u_str ESTAB 0 0 * 15050 * 15072 u_str ESTAB 0 0 * 17259 * 17260 u_str ESTAB 0 0 * 18212 * 18211 u_str ESTAB 0 0 * 18197 * 18196 u_str ESTAB 0 0 * 18172 * 18173 u_str ESTAB 0 0 * 18187 * 18188 u_str ESTAB 0 0 * 14441 * 14442 tcp ESTAB 0 1232 192.168.0.101:ssh 192.168.0.102:6761 cubic wscale:8,7 rto:222 rtt:21.09/10.626 ato:40 mss:1460 rcvmss:1168 advmss:1460 cwnd:16 bytes_acked:291973 bytes_received:33116 segs_out:617 segs_in:815 send 8.9Mbps lastrcv:3 pacing_rate 17.7Mbps unacked:1 rcv_rtt:494076 rcv_space:29260
-i : Show internal TCP information.
Example 21. Display Packet Sockets Using Linux ss command
If you want to display packet sockets then you need to use ss -0 command as shown below.
[root@localhost ~]# ss -0 Netid Recv-Q Send-Q Local Address:Port Peer Address:Port p_raw 0 0 * :enp0s3 *
-0 : Display PACKET sockets.
Example 22. Display All Established SSH Connections
If you want to display all established SSH Connections then you need to use below Linux ss command.
[root@localhost ~]# ss -o state established '( dport = :ssh or sport = :ssh )' Netid Recv-Q Send-Q Local Address:Port Peer Address:Port tcp 0 64 192.168.0.101:ssh 192.168.0.102:6761 timer:(on,223ms,0)
Example 23. Try to Resolve Numeric Address/Ports
If you want to try to resolve numeric address or ports then you need to use ss -r command as shown below.
[root@localhost ~]# ss -r Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 18190 * 18191 u_str ESTAB 0 0 * 18205 * 18206 u_str ESTAB 0 0 * 12931 * 12932 u_str ESTAB 0 0 /run/dbus/system_bus_socket 18036 * 18035 u_str ESTAB 0 0 * 18194 * 18193 u_str ESTAB 0 0 * 14731 * 14732 u_str ESTAB 0 0 /run/dbus/system_bus_socket 15072 * 15050 u_str ESTAB 0 0 * 18178 * 18179 u_str ESTAB 0 0 /run/systemd/journal/stdout 15603 * 15602 u_str ESTAB 0 0 * 18209 * 18208 u_str ESTAB 0 0 * 17389 * 17390 u_str ESTAB 0 0 * 18163 * 18164 u_str ESTAB 0 0 * 15068 * 15069 u_str ESTAB 0 0 /run/dbus/system_bus_socket 15541 * 15540 u_str ESTAB 0 0 * 18182 * 18181 u_str ESTAB 0 0 /run/systemd/journal/stdout 17260 * 17259
-r : Try to resolve numeric address/ports.
Example 24. Display all TCP sockets with process SELinux security contexts.
If you want to display all TCP Sockets with Process SELinux Security Contexts then you need to use ss -t -a -Z command as shown below.
[root@localhost ~]# ss -t -a -Z State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 100 127.0.0.1:smtp *:* users:(("master",pid=1201,proc_ctx=system_u:system_r:postfix_master_t:s0,fd=13)) LISTEN 0 128 *:ssh *:* users:(("sshd",pid=959,proc_ctx=system_u:system_r:sshd_t:s0-s0:c0.c1023,fd=3)) ESTAB 0 0 192.168.0.101:ssh 192.168.0.102:6761 users:(("sshd",pid=3236,proc_ctx=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023,fd=3)) LISTEN 0 100 [::1]:smtp [::]:* users:(("master",pid=1201,proc_ctx=system_u:system_r:postfix_master_t:s0,fd=14)) LISTEN 0 128 [::]:ssh [::]:* users:(("sshd",pid=959,proc_ctx=system_u:system_r:sshd_t:s0-s0:c0.c1023,fd=4))
-Z : As the -p option but also shows process security context.
Example 25. Check Other Linux SS Command options
If you want to check all the options that can be used with Linux ss command then you need to use ss --help as shown below.
[root@localhost ~]# ss --help Usage: ss [ OPTIONS ] ss [ OPTIONS ] [ FILTER ] -h, --help this message -V, --version output version information -n, --numeric don't resolve service names -r, --resolve resolve host names -a, --all display all sockets -l, --listening display listening sockets -o, --options show timer information -e, --extended show detailed socket information -m, --memory show socket memory usage -p, --processes show process using socket -i, --info show internal TCP information -s, --summary show socket usage summary -b, --bpf show bpf filter socket information -E, --events continually display sockets as they are destroyed -Z, --context display process SELinux Linux ss command -z, --contexts display process and socket SELinux security contexts -N, --net switch to the specified network namespace Linux ss command
Popular Recommendations:-
Understanding Kafka Console Producer and Consumer in 10 Easy Steps
Popular Apache Kafka Architecture Explained Using 4 Basic Components
10 Popular Examples of sudo command in Linux(RedHat/CentOS 7/8)
9 useful w command in Linux with Examples
12 Most Popular rm command in Linux with Examples
Create a Self Signed Certificate using OpenSSL
Top 12 Nmap Commands to Scan Remote Host with Best Practices