How to get Socket Statistics Information with ss

Information around socket statistics on a Linux system is often used to troubleshoot network and connectivity issues, as well as evaluate the health of a Linux host. There are a few ways to extract that information and in this post we’ll review how to use the “ss” utility.

“ss” stands for socket statistics. It’s very similar to the netstat utility.

It’s part of the iproute package, and you can install it with “apt-get install iproute.”

Let’s see how it works and what information it can give us:

Established Sockets Statistics

By typing “ss,” without any options you’ll get all sockets that have established connections.

netbeez.net$ ss
State      Recv-Q Send-Q    Local Address:Port    Peer Address:Port
ESTAB      0      240         172.31.0.14:ssh    172.30.10.202:51831

On this host there is just one established TCP connection which corresponds to an ssh session. As you can see, ss made the translation and instead of showing port 22 (172.310.14:22), it shows ssh as the service that is using that port.

Display Numeric Values

If you want to see the actual numeric values without any translation use the “-n” option:

netbeez.net$ ss -n
State      Recv-Q Send-Q    Local Address:Port     Peer Address:Port
ESTAB      0      240         172.31.0.14:22      172.30.10.202:51831

Listening Sockets

If you want to see a list of listening sockets, add the “-l” option:

netbeez.net$ ss -l
State      Recv-Q Send-Q    Local Address:Port   Peer Address:Port
LISTEN     0      128                   *:ssh               *:*

UDP Sockets

By default, ss shows only established connections, and since UDP sockets are connectionless we have to explicitly ask ss to show UDP socket statistics with the “-a” (all) and “-u” (UDP) options:

netbeez.net$ ss -ua
State      Recv-Q Send-Q     Local Address:Port     Peer Address:Port
UNCONN     0      0           172.31.0.255:ntp                 *:*
UNCONN     0      0            172.31.0.14:ntp                 *:*
UNCONN     0      0              127.0.0.1:ntp                 *:*
UNCONN     0      0                      *:ntp                 *:*

Display Processes

To display the process that is using a socket enter the “-p” option:

netbeez.net$ ss -p
State      Recv-Q Send-Q      Local Address:Port   Peer Address:Port
ESTAB      0      240           172.31.0.14:ssh   172.30.10.202:51831    users:(("sshd",13548,3))

In this example, sshd is the process that is running the ssh service, and its process id is 13548.

Filter by State

“ss” gives you ability to filter ports by the status of the socket with the “state” keyword as follows:

netbeez.net$ ss state established
Recv-Q Send-Q    Local Address:Port   Peer Address:Port
0      240         172.31.0.14:ssh   172.30.10.202:51831

Of course, you can use several other state filters such as sync-sent, closed, etc.

Filter by port

To see which UDP sockets use port 153, I can use the “sport” (source port) filter

netbeez.net$ ss -au sport = :123
State      Recv-Q Send-Q    Local Address:Port     Peer Address:Port
UNCONN     0      0          172.31.0.255:ntp                 *:*
UNCONN     0      0           172.31.0.14:ntp                 *:*
UNCONN     0      0             127.0.0.1:ntp                 *:*
UNCONN     0      0                     *:ntp                 *:*

Filter by Port Range

If you want to display specific port ranges, you can use “comparative operators,” such as, greater than or less than. Here is an example that displays sockets that use ports with values greater than 100:

netbeez.net$ ss -taun sport gt :100
Netid  State      Recv-Q Send-Q    Local Address:Port    Peer Address:Port
udp    UNCONN     0      0          172.31.0.255:123                *:*
udp    UNCONN     0      0           172.31.0.14:123                *:*
udp    UNCONN     0      0             127.0.0.1:123                *:*
udp    UNCONN     0      0                     *:123                *:*

Summary of Socket Statistics

Finally, to get a summary of the socket statistics on a host use the “-s” option as follows:

netbeez.net$ ss -s
Total: 43 (kernel 0)
TCP:   2 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0

Transport Total     IP        IPv6
*         0         -         -
RAW       0         0         0
UDP       4         4         0
TCP       2         2         0
INET      6         6         0
FRAG      0         0         0

If you want to get all the details and available options of ss you can look at the manual of the command with “man ss.” 

decoration image

Get your free trial now

Monitor your network from the user perspective

You can share

Twitter Linkedin Facebook

Let's keep in touch

decoration image