The ss command is used to dump socket statistics. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compare to netstat) tool for tracking TCP connections and sockets. SS can provide information about:
- All TCP sockets.
- All UDP sockets.
- All established ssh / ftp / http / https connections.
- All local processes connected to X server.
- All the tcp sockets in state FIN-WAIT-1 and much more.
Most Linux distributions are shipped with ss and many monitoring tools. Being familiar with this tool helps enhance your understand of what's going on in the system sockets and helps you find the possible causes of a performance problem.
Task: Display Sockets Summary
List currently established, closed, orphaned and waiting TCP sockets, enter:
# ss -s
Sample Output:
# ss -s
Sample Output:
Total: 734 (kernel 904)
TCP: 1415 (estab 112, closed 1259, orphaned 11, synrecv 0, timewait 1258/0), ports 566
Transport Total IP IPv6
* 904 - -
RAW 0 0 0
UDP 15 12 3
TCP 156 134 22
INET 171 146 25
FRAG 0 0 0
Task: Display All Open Network Ports
# ss -l
Sample Output:
Sample Output:
ss -l
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 127.0.0.1:smux *:*
0 0 127.0.0.1:10024 *:*
0 0 127.0.0.1:10025 *:*
0 0 *:3306 *:*
0 0 *:http *:*
0 0 *:4949 *:*
0 0 *:domain *:*
0 0 *:ssh *:*
0 0 *:smtp *:*
0 0 127.0.0.1:rndc *:*
0 0 127.0.0.1:6010 *:*
0 0 *:https *:*
0 0 :::34571 :::*
0 0 :::34572 :::*
0 0 :::34573 :::*
0 0 ::1:rndc :::*
Type the following to see process named using open socket:
# ss -pl
Find out who is responsible for opening socket / port # 4949:
# ss -lp | grep 4949
Sample output:
# ss -pl
Find out who is responsible for opening socket / port # 4949:
# ss -lp | grep 4949
Sample output:
0 0 *:4949 *:* users:(("munin-node",3772,5))
munin-node (PID # 3772) is responsible for opening port # 4949. You can get more information about this process (like memory used, users, current working directory and so on) visiting /proc/3772 directory:
# cd /proc/3772
# ls –l
# cd /proc/3772
# ls –l
Task: Display All TCP Sockets
# ss -t –a
Task: Display All UDP Sockets
# ss -u –a
Task: Display All Established SMTP Connections
# ss -o state established '( dport = :smtp or sport = :smtp )'
Task: Display All Established HTTP Connections
# ss -o state established '( dport = :http or sport = :http )'
Task: Find All Local Processes Connected To X Server
# ss -x src /tmp/.X11-unix/*
Task: List All The Tcp Sockets in State FIN-WAIT-1
List all the TCP sockets in state -FIN-WAIT-1 for our httpd to network 202.54.1/24 and look at their timers:
# ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 202.54.1/24
# ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 202.54.1/24