Linux processes communicates with the socket between each other. There are tools to list, resolve, provide information about sockets. Ss is one of them. Netstat command can list and resolve the sockets too but it is slow because there is a lot of sockets. Ss gets information about socket from directly Linux kernel.

List All Connections

First of all existing connections, listening Unix and Network sockets can be listed with -l .

$ ss -l

Netid column specifies the type of the socket like nl, u_dgr,tcp,udp

column specifies the type of the socket like nl, u_dgr,tcp,udp State column specifies current status of socket like listening, established etc.

column specifies current status of socket like listening, established etc. Recv-Q column shows received packets

column shows received packets Send-Q column shows send packets

column shows send packets Local Address:Port column shows local address and port or equivalent values

column shows local address and port or equivalent values Remote Address:Port column shows remote address and port or equivalent values

Filter TCP Connections

Listing all connections will create a lot of output on the terminal especially in busy servers. Or we may need only TCP connections to list and inspect. There is two way to list only TCP connections. One way is using TCP option -t directly. This will filter and list all ready established TCP connections.

$ ss -t

OR

$ ss -A tcp

As we can see both command have printed the same output because they do same operation just their syntax is different. -A option is used for simple and complex queries where we will look it below. We specify TCP protocol as query filter to only list TCP connections.

Filter UDP Sockets

Like filtering TCP connections UDP connections can be filtered like below. In the first example, we will provide a direct option -u to filter UDP sockets.

$ ss -ua

OR

$ ss -a -A udp

As we can see previous examples we have provided extra option -a because UDP is a connectionless protocol and we want to list sockets that can be listed with this option.

List All Statuses of Sockets, Connections

ss command by default list only established and connected sockets/connections. Listening sockets will be eliminated. The -a option will make to list all of them without eliminating.

$ ss -a

Filter Unix Sockets

Unix sockets are used for communication and exchange data between processes that resides in same Linux system. This socket mechanism is inherited from old Unix systems. All sockets in a Unix Linux system can be listed with the -x or --unix options.

$ ss -x

Filter IPv4 Connections

Linux network stack supports different protocols but as we know IPv4 is the most popular one which is mainly used for the internet. While printing network protocols all of them are listed like IPv4, IPv6, Apple Talk, etc. IPv4 protocols connections and sockets can be filtered with -4 or --ipv4 option like below.

$ ss -4

Filter IPv6 Connections

As previously done IPv4 filtering for current connections and sockets. The same filtering can be done for IPv6 connections and sockets with -6 or --ipv6 options.

$ ss -6 -a

Filter Connections According to Port Number

Connects and sockets can be filtered according to their port numbers. Filtering this type of information requires special syntax and great flexibility to use. We will provide port number syntax by specifying ssh port.

$ ss '( dport = :ssh or sport = :ssh )'

Using Port Numbers

In this example, we have filtered according to both source and destination ports. While expressing ports we have used the protocol name but numbers are OK for port specification like below.

$ ss '( dport = :22 or sport = :22 )'

Filter Connections According to IP Address

We will filter connections according to IP address. Both destination and source hosts have an IP address. These are called

dst for a destination or remote IP address

for a destination or remote IP address src for source or local IP address

$ ss dst 192.168.122.1

Filter TCP Connections According States

As we know TCP protocol is a stateful protocol. What is stateful? Stateful simply means the source host create sessions for the network connection. TCP has the following states that are popular

listen is used for service listening to a port or socket

is used for service listening to a port or socket established used for already created connection

used for already created connection syn-sent used for session creation is started for the TCP connection but not competed

In this example, we will look for established state TCP ports.

$ ss -t state established

Resolve Host Name

Resolving hostname will convert and show IP addresses with their related hostnames. This will slow down the listing process but may be more useful and informative.

$ ss -t -r state established

Resolve Host Name

Resolving hostname can be a slow down problem and easily disabled with -n parameter like below.

$ ss -t -n

Show Only Listening Sockets

By default only established sockets and ports are listed. To list listening ports and socket -l option should be provided.

$ ss -t -l

Show Process Name and Process ID

While printing existing sockets and ports we may need related process names and IDs. This can be printed with -p parameter. In this example, we will list the process name and id of the ssh port.

$ sudo ss -t -p

As we can see the process name is sshd and process id is 2337 with file descriptor 3 for one connection.

Print Summary Statistics

Statistics about the ports and sockets can be printed with -s parameter.

$ sudo ss -s

In this example statistics about the RAW, UDO, TCP, INET and FRAG types with related IP protocol version like IPv4 and IPv6

Display Timer Information

Timer options will provide information about the socket or connection. Timer information can be seen with -o parameter.

$ sudo ss -t -o

In this example, we can see the total time of the ssh connections and current TCP keep alive status.