Top 14 SS Command Examples to Monitor Socket Connections

by

SS is a command line tool that displays socket statistics and monitor network connections of a Linux system. It has replaced the netstat command which has now been deprecated. The ss command is much faster and prints more detailed network statistics than the netstat command. In this guide, we focus on the how to use ss command to monitor socket connections on a Linux system.

1) View all socket connections (ss)

In its basic form, without any arguments, the ss command displays all the socket or network connections (TCP/UDP/UNIX) as shown:

$ ss

ss-command-output-without-agruments

To make it easier to view the output, you can pipe the output to less as shown.

$ ss | less

2) View TCP / UDP socket connections

The ss command comes with a myriad of options that you can pass to view different statistics. For example, to view TCP scoket connections only, pass the -t option only as shown.

$ ss -t

view-tcp-network-connection-ss-command

To filter out UDP connections, pass the -ua option as shown.

$ ss -ua

UDP-Network-Connection-ss-command

3) View all listening sockets (ss -l)

To get a glimpse of all the listening sockets, – which are usually omitted by default, use the -l option.

$ ss -l

List-all-listening-sockets-ss-command

4) View all listening TCP socket connections (ss -lt)

To narrow down the search results and list only the TCP listening connections, use the -lt option.

$ ss -lt

List-all-tcp-listening-sockets-ss-command

5) View all listening UDP socket connections (ss -lu)

For UDP listening connections, pass the -lu option as shown. In most cases, the listening UDP connections will be fewer than TCP connections

$ ss -lu

List-all-udp-listening-sockets-ss-command

6) View all the listening and non-listening sockets (ss -a)

The -a option will print out all the connected and non-listening sockets on your Linux system as shown.

$ ss -a

Listening-NonListening-Socket-Connections-ss-command

7) List IPv4 and Ipv6 socket connections

To have a peek at the current IPv4 socket connections use the -4 option.

$ ss -4

Ipv4-Socket-Session-ss-command

For IPv6, pass the -6 argument.

pkumar@linuxtechi:~$ ss -6
Netid        State         Recv-Q         Send-Q             Local Address:Port                      Peer Address:Port
icmp6        UNCONN        0              0                   *:ipv6-icmp                            *:*
pkumar@linuxtechi:~$

8) List Summary of all socket connections (ss -s)

If you want to just view the overall statistics of the socket connections including the number of TCP & UDP, IPv4 and IPv6 connections simply pass -s option as shown. This prints out the results in a tabular format.

$ ss -s

Socket-Connections-summary-ss-command

9) Filter connections by port number

You can also decide to filter connections by the port number. For instance, in the example below, we have filtered connections lined to SSH port 22

$ ss -at '( dport = :22 or sport = :22 )'

Filter-Socket-Connections-ss-command

10) List socket connections without resolving hostname (ss -nt)

By default, ss command tries to resolve ip address into the hostname. In case you want ss command to prevent ip address to hostname resolution then use ‘-n’ option, example is shown below:

pkumar@linuxtechi:~$ ss -nt
State           Recv-Q        Send-Q        Local Address:Port         Peer Address:Port
ESTAB           0             0             192.168.1.80:22            192.168.1.3:53155
ESTAB           0             36            192.168.1.80:22            192.168.1.3:53152
pkumar@linuxtechi:~$

11) List process name and pid for socket connections (ss -p)

Use ‘-p’ option in ss command to list the process name and pid associated to the network connections. Example is shown below,

$ ss -p | more

Socket-Connection-Process-Name-PID

12) Extended output of socket connections (ss -e)

Use ‘-e’ option in ss command to display the extended output of socket connections. Extended output will display the uid of the socket, socket’s inode number and uuid of the socket.

Run below command to list the extended tcp listening sockets.

$ ss -elt

Extended-socket-connection-details

For UDP extended socket connection details, run

$ ss -elu

13) View memory usage of socket connections (ss -m)

Use -m option in ss command to view how much memory is consumed by a socket connection.

Socket memory format would look like below:

Socket-Memory-Usage-Format

Below command will display the memory usage of tcp connections.

$ ss -mt

TCP-Socket-Memory-Usage-ss-command

14) Kill IPv4 / IPv6 Socket Connection (ss -k)

ss command can terminate or kill ipv4 & ipv6 socket connection forcefully using -k option. Let’s suppose we want to kill ipv4 ssh socket connection.

pkumar@linuxtechi:~$ ss -4
Netid         State         Recv-Q         Send-Q        Local Address:Port                 Peer Address:Port
tcp           ESTAB         0              0             192.168.1.80:ssh                   192.168.1.3:53155
tcp           ESTAB         0              36            192.168.1.80:ssh                   192.168.1.3:53152

pkumar@linuxtechi:~$

To terminate the 2nd ssh session, use below ss command,

pkumar@linuxtechi:~$ sudo ss -K dst 192.168.1.3 dport = 53152

For more options on the ss command usage, visit the man pages as shown.

$ man ss

This wraps up our guide today. Hopefully, you can now use the ss command confidently to view your socket connections. Thanks for taking your time, and as always, we appreciate your feedback

Also Read : 8 Stat Command Examples in Linux

Leave a Comment