SS Command in Linux (Monitor Network Connections)

The ss command is a powerful utility in Linux that allows you to monitor and display information about network sockets. Unlike netstat, ss provides more detailed information and is faster and more efficient. This makes it an essential tool for system administrators and network engineers.

In this article, we will discuss the basics of the ss command, its syntax, and some of its key features. We will also cover some advanced usage examples of the ss command to help you get started with this powerful tool.

Advertisement

ss Command in Linux

Listing All Network Connections

To list all network connections, use the following syntax:

ss -a 

This command will display a list of all network connections, including those in the LISTEN, ESTABLISHED, and other states. The output of this command will include the source and destination IP addresses, source and destination ports, the protocol (TCP, UDP, etc.), the state of the connection, and other information.

Listing TCP Connections

To list only TCP connections, use the following syntax:

ss -t 

This command will display a list of all TCP connections, including those in the LISTEN, ESTABLISHED, and other states. The output of this command will include the source and destination IP addresses, source and destination ports, the protocol (TCP), the state of the connection, and other information.

Listing UDP Connections

To list only UDP connections, use the following syntax:

ss -u 

This command will display a list of all UDP connections. The output of this command will include the source and destination IP addresses, source and destination ports, the protocol (UDP), the state of the connection, and other information.

Filtering Connections by Port

You can filter network connections by port using the following syntax:

ss -t dst :port 

This command will display a list of all TCP connections with a destination port equal to the specified port. For example, to list all TCP connections with a destination port of 80, you would use the following command:

ss -t dst :80 

Filtering Connections by IP Address

You can filter network connections by IP address using the following syntax:

ss dst IP_ADDRESS 

This command will display a list of all connections with a destination IP address equal to the specified IP address. For example, to list all connections with a destination IP address of 192.168.1.100, you would use the following command:

ss dst 192.168.1.100 

Displaying Statistics for a Specific Connection

You can display statistics for a specific connection using the following syntax:

ss -i state IP_ADDRESS:port 

This command will display detailed information about the specified connection, including the state of the connection, the number of packets and bytes sent and received, and other information. For example, to display statistics for a TCP connection with a destination IP address of 192.168.1.100 and a destination port of 80, you would use the following command:

ss -i state 192.168.1.100:80 

Listing Listening Ports

To list listening ports, use the following syntax:

ss -l 

This command will display a list of all listening ports, including the IP address and port number for each listening socket. The output of this command will also include information about the process

Display All Established TCP Connections

The following command will display all the established TCP connections on the system:

ss -t state established 

Display All Listening Sockets

If you want to see all the listening sockets, you can use the following command:

ss -l 

Display Network Statistics for a Specific Protocol

You can display network statistics for a specific protocol using the following command:

ss -s protocol 

Replace protocol with the desired protocol (e.g., tcp, udp, etc.).

Display Information for a Specific Port

You can display information for a specific port using the following command:

ss -t state port 

Replace port with the desired port number.

Display Information for a Specific Remote IP Address

If you want to display information for a specific remote IP address, you can use the following command:

ss -o src IP_ADDRESS 

Replace IP_ADDRESS with the desired IP address.

Display Information for a Specific Process

You can display information for a specific process using the following command:

ss -p | grep PID 

Replace PID with the process ID of the desired process.

Display Timestamp Information

You can display the timestamp information of a socket using the following command:

ss -o time 

Display Information for a Specific Socket Buffer

You can display information for a specific socket buffer using the following command:

ss -o buffer SOCKET_BUFFER 

Replace SOCKET_BUFFER with the desired socket buffer.

Display Information for a Specific Interface

You can display information for a specific interface using the following command:

ss -i interface 

Replace interface with the desired network interface.

Display Information for a Specific User

You can display information for a specific user using the following command:

ss -u user 

Replace user with the desired user name.

Conclusion

The ss command is a valuable tool for monitoring and analyzing network sockets in Linux. Whether you are a system administrator, network engineer, or simply a Linux enthusiast, having a good understanding of ss can help you diagnose network issues, improve network performance, and optimize your system.

In conclusion, the ss command is an essential tool for anyone working in a network environment. By using its advanced features and options, you can gain deeper insights into your network and make informed decisions to improve its performance. So, be sure to familiarize yourself with this powerful tool and put it to use in your next Linux project.