The ‘ss’ command is a tool used to print network socket-related information such as PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, etc.
It is considered the best replacement for the old netstat command (now deprecated), offering new, powerful, and faster capabilities for identifying active/inactive network sockets.
In this guide, I’ll show you how to use the ‘ss’ command in Linux to display various socket connection information with practical examples.
1. List All Sockets
When you run the ss command without any options, it lists all socket connections, regardless of their state.
$ ssOutput:
2. Display only TCP, UDP, RAW, or UNIX Sockets
To display only TCP sockets use the “-t” option, for UDP sockets use “-u” option, for RAW sockets use “-w” option, and finally for UNIX sockets use “-x” option.
$ ss -t #for TCP sockets
$ ss -u #for UDP sockets
$ ss -w #for RAW sockets
$ ss -x #for UNIX socketsOutput:
3. List Sockets in the Listening State
To display the list of all sockets that are in listening state (sockets awaiting incoming connections), use the “-l” option.
$ ss -lOutput:
4. List All TCP, UDP, RAW, or UNIX Sockets in the Listening State
You can also use the “-l” option alongside TCP (e.g., “-lt“), UDP (e.g., “-lu“), RAW (e.g., “-lw“), and UNIX (e.g., “-lx“) options to list corresponding sockets in a listening state.
$ ss -lt #for TCP sockets
$ ss -lu #for UDP sockets
$ ss -lw #for RAW sockets
$ ss -lx #for UNIX socketsOutput:
5. Display Summary Statistics
The “-s” option gives you summary statistics about various socket types.
$ ss -sOutput:
6. List All IPv4 and IPv6 Socket Connections
The “-4” option will return a list of IPv4 connections, while the “-6” option will return a list of IPv6 connections.
$ ss -4
$ ss -6Output:
7. List All TCP Sockets Listening on a Specific Port
The command below will display the list of all sockets listening on the local port 80:
$ ss -lt src :80Output:
8. List All User Connected To Your System Via SSH
The “-atp” option, which displays all TCP socket connections, including process information, can be piped with the grep command to list socket connections containing the SSH text. The output will include various details, which you can investigate further to identify the user connected to your system via SSH.
$ ss -atp | grep sshOutput:
9. Display the Process Name Using the Specific Port
It often happens that you start a service that reserves a port, but later, when terminating the service, you forget the name. And what about system services that are already occupying the port? To resolve these issues, use the following command to display the process name using the specific port:.
$ sudo ss -tulpn | grep :80Output:
10. Check Out the Man or Help Page
Covering all the options available with the “ss” command within this single article isn’t possible. Thus, if you’re interested, you can check out the manual or help page using the command below.
$ man ss
$ ss --helpOutput:
Final Word
If you’re more interested in networking, check out our article on monitoring Linux network traffic and bandwidth usage and how to communicate with others on the same network.
Lastly, if you have any questions or queries related to the article, then do let me know in the comment section.
Till then, peace!
Join The Conversation
Users are always welcome to leave comments about the articles, whether they are questions, comments, constructive criticism, old information, or notices of typos. Please keep in mind that all comments are moderated according to our comment policy.