Linux for Network Engineers: How to get Socket Statistics Information with ss

By January 16, 2019Linux

Information around sockets on a Linux system is often used to troubleshoot network and connectivity issues, as well as evaluate the health of a Linux host. There are a few ways to extract that information and in this post we’ll review how to use the “ss” utility.

“ss” stands for socket statistics. It’s very similar to the netstat utility.

It’s part of the iproute package, and you can install it with “apt-get install iproute.”

Let’s see how it works and what information it can give us:

Established Sockets

By typing “ss,” without any options you’ll get all sockets that have established connections.

On this host there is just one established TCP connection which corresponds to an ssh session. As you can see, ss made the translation and instead of showing port 22 (172.310.14:22), it shows ssh as the service that is using that port.

Display Numeric Values

If you want to see the actual numeric values without any translation use the “-n” option:

Listening Sockets

If you want to see a list of listening sockets, add the “-l” option:

UDP Sockets

By default, ss shows only established connections, and since UDP sockets are connectionless we have to explicitly ask ss to show UDP socket statistics with the “-a” (all) and “-u” (UDP) options:

Display Processes

To display the process that is using a socket enter the “-p” option:

In this example, sshd is the process that is running the ssh service, and its process id is 13548.

Filter by State

“ss” gives you ability to filter ports by the status of the socket with the “state” keyword as follows:

Of course, you can use several other state filters such as sync-sent, closed, etc.

Filter by port

To see which UDP sockets use port 153, I can use the “sport” (source port) filter

Filter by port range

If you want to display specific port ranges, you can use “comparative operators,” such as, greater than or less than. Here is an example that displays sockets that use ports with values greater than 100:

Summary Statistics

Finally, to get a summary of the socket statistics on a host use the “-s” option as follows:

If you want to get all the details and available options of ss you can look at the manual of the command with “man ss.”