Monitor Network Sockets Using ss Command in Linux

Linux TLDR
Last Updated:
Reading time: 3 minutes

The β€˜ss’ command is a tool used to print network socket-related information such as PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, etc.

It is considered the best replacement for the old netstat command (now deprecated), offering new, powerful, and faster capabilities for identifying active/inactive network sockets.

In this guide, I’ll show you how to use the β€˜ss’ command in Linux to display various socket connection information with practical examples.

1. List All Sockets

When you run the ss command without any options, it lists all socket connections, regardless of their state.

$ ss


list all connections in linux

2. Display only TCP, UDP, RAW, or UNIX Sockets

To display only TCP sockets use the β€œ-t” option, for UDP sockets use β€œ-u” option, for RAW sockets use β€œ-w” option, and finally for UNIX sockets use β€œ-x” option.

$ ss -t                                                                                                                      #for TCP sockets
$ ss -u                                                                                                                     #for UDP sockets
$ ss -w                                                                                                                    #for RAW sockets
$ ss -x                                                                                                                     #for UNIX sockets


listing tcp, udp, raw, and unix sockets using ss command

3. List Sockets in the Listening State

To display the list of all sockets that are in listening state (sockets awaiting incoming connections), use the β€œ-l” option.

$ ss -l


list sockets in listening state

4. List All TCP, UDP, RAW, or UNIX Sockets in the Listening State

You can also use the β€œ-l” option alongside TCP (e.g., β€œ-ltβ€œ), UDP (e.g., β€œ-luβ€œ), RAW (e.g., β€œ-lwβ€œ), and UNIX (e.g., β€œ-lxβ€œ) options to list corresponding sockets in a listening state.

$ ss -lt                                                                                                                      #for TCP sockets
$ ss -lu                                                                                                                     #for UDP sockets
$ ss -lw                                                                                                                    #for RAW sockets
$ ss -lx                                                                                                                     #for UNIX sockets


listing all listening tcp, udp, raw, and unix sockets using ss command

5. Display Summary Statistics

The β€œ-s” option gives you summary statistics about various socket types.

$ ss -s


summary statistics of socket type

6. List All IPv4 and IPv6 Socket Connections

The β€œ-4” option will return a list of IPv4 connections, while the β€œ-6” option will return a list of IPv6 connections.

$ ss -4
$ ss -6


listing ipv4 and ipv6 connections

7. List All TCP Sockets Listening on a Specific Port

The command below will display the list of all sockets listening on the local port 80:

$ ss -lt src :80


listing listening socket on specific local port

8. List All User Connected To Your System Via SSH

The β€œ-atp” option, which displays all TCP socket connections, including process information, can be piped with the grep command to list socket connections containing the SSH text. The output will include various details, which you can investigate further to identify the user connected to your system via SSH.

$ ss -atp | grep ssh


list all user connected via ssh

9. Display the Process Name Using the Specific Port

It often happens that you start a service that reserves a port, but later, when terminating the service, you forget the name. And what about system services that are already occupying the port? To resolve these issues, use the following command to display the process name using the specific port:.

$ sudo ss -tulpn | grep :80


print process name that using specific port

10. Check Out the Man or Help Page

Covering all the options available with the β€œss” command within this single article isn’t possible. Thus, if you’re interested, you can check out the manual or help page using the command below.

$ man ss
$ ss --help


ss command manual page

Final Word

If you’re more interested in networking, check out our article on monitoring Linux network traffic and bandwidth usage and how to communicate with others on the same network.

Lastly, if you have any questions or queries related to the article, then do let me know in the comment section.

Till then, peace!

Join The Conversation

Users are always welcome to leave comments about the articles, whether they are questions, comments, constructive criticism, old information, or notices of typos. Please keep in mind that all comments are moderated according to our comment policy.