Information around socket statistics on a Linux system is often used to troubleshoot network and connectivity issues, as well as evaluate the health of a Linux host. There are a few ways to extract that information and in this post we’ll review how to use the “ss” utility.
“ss” stands for socket statistics. It’s very similar to the netstat utility.
It’s part of the iproute package, and you can install it with “apt-get install iproute.”
Let’s see how it works and what information it can give us:
Established Sockets Statistics
By typing “ss,” without any options you’ll get all sockets that have established connections.
netbeez.net$ ss State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 240 172.31.0.14:ssh 172.30.10.202:51831
On this host there is just one established TCP connection which corresponds to an ssh session. As you can see, ss made the translation and instead of showing port 22 (172.310.14:22), it shows ssh as the service that is using that port.
Display Numeric Values
If you want to see the actual numeric values without any translation use the “-n” option:
netbeez.net$ ss -n State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 240 172.31.0.14:22 172.30.10.202:51831
Listening Sockets
If you want to see a list of listening sockets, add the “-l” option:
netbeez.net$ ss -l State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:ssh *:*
UDP Sockets
By default, ss shows only established connections, and since UDP sockets are connectionless we have to explicitly ask ss to show UDP socket statistics with the “-a” (all) and “-u” (UDP) options:
netbeez.net$ ss -ua State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 172.31.0.255:ntp *:* UNCONN 0 0 172.31.0.14:ntp *:* UNCONN 0 0 127.0.0.1:ntp *:* UNCONN 0 0 *:ntp *:*
Display Processes
To display the process that is using a socket enter the “-p” option:
netbeez.net$ ss -p
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 240 172.31.0.14:ssh 172.30.10.202:51831 users:(("sshd",13548,3))
In this example, sshd is the process that is running the ssh service, and its process id is 13548.
Filter by State
“ss” gives you ability to filter ports by the status of the socket with the “state” keyword as follows:
netbeez.net$ ss state established Recv-Q Send-Q Local Address:Port Peer Address:Port 0 240 172.31.0.14:ssh 172.30.10.202:51831
Of course, you can use several other state filters such as sync-sent, closed, etc.
Filter by port
To see which UDP sockets use port 153, I can use the “sport” (source port) filter
netbeez.net$ ss -au sport = :123 State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 172.31.0.255:ntp *:* UNCONN 0 0 172.31.0.14:ntp *:* UNCONN 0 0 127.0.0.1:ntp *:* UNCONN 0 0 *:ntp *:*
Filter by Port Range
If you want to display specific port ranges, you can use “comparative operators,” such as, greater than or less than. Here is an example that displays sockets that use ports with values greater than 100:
netbeez.net$ ss -taun sport gt :100 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 172.31.0.255:123 *:* udp UNCONN 0 0 172.31.0.14:123 *:* udp UNCONN 0 0 127.0.0.1:123 *:* udp UNCONN 0 0 *:123 *:*
Summary of Socket Statistics
Finally, to get a summary of the socket statistics on a host use the “-s” option as follows:
netbeez.net$ ss -s Total: 43 (kernel 0) TCP: 2 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0 Transport Total IP IPv6 * 0 - - RAW 0 0 0 UDP 4 4 0 TCP 2 2 0 INET 6 6 0 FRAG 0 0 0
If you want to get all the details and available options of ss you can look at the manual of the command with “man ss.”
