If you’ve ever needed to troubleshoot network connections on a Linux system, you’ve likely encountered tools like netstat. But there’s a modern, faster alternative that deserves your attention: the ss command. Short for "socket statistics," ss provides detailed insights into active network connections, listening ports, and more. In this blog, we’ll break down how to use ss in plain language, with practical examples for everyday use.
What is the ss Command?
ss is a powerful utility for inspecting network sockets (endpoints for communication). It’s faster and more efficient than netstat, and it’s preinstalled on most Linux distributions. Use it to:
List active connections.
Identify listening ports.
Diagnose network issues.
Monitor traffic by protocol (TCP, UDP, etc.).
Basic Usage
Let’s start with the basics. Open your terminal and try these commands:
1. Show All Connections
[root@siddhesh ~]# ssThis lists all active sockets, including TCP, UDP, and UNIX domain sockets.
2. Filter by Protocol
[root@siddhesh ~]# ss -t # Show TCP connections
[root@siddhesh ~]# ss -u # Show UDP connections Use -t for TCP, -u for UDP, or -4/-6 for IPv4/IPv6.
3. List Listening Ports
[root@siddhesh ~]# ss -lDisplays all ports actively listening for incoming connections (like a web server’s port 80).
Common Use Cases
1. Find Services on Specific Ports
[root@siddhesh ~]# ss -tlnp | grep ':80' Breakdown:
-t: TCP connections.
-l: Only listening sockets.
-n: Show port numbers (not service names like "http").
-p: Show the process using the port.
grep ':80': Filter for port 80.
Use Case: Identify which process (e.g., Nginx, Apache) is using port 80.
2. Check Connected Clients
[root@siddhesh ~]# ss -t state established Breakdown:
state established: Show active TCP connections (e.g., users connected to your server).
Use Case: Monitor who’s connected to your system in real-time.
3. Diagnose Hanging Connections
[root@siddhesh ~]# ss -t state time-wait Breakdown:
time-wait: Sockets waiting to close after a connection ends.
Use Case: Investigate why a port isn’t freeing up.
Advanced Tricks
1. Show Process Names and Ports
[root@siddhesh ~]# ss -ltnp Combine -l (listening), -t (TCP), -n (numeric ports), and -p (process names) to see which apps are using which ports.
2. Filter by Source/Destination IP
[root@siddhesh ~]# ss -t src 192.168.1.5 Show TCP connections originating from 192.168.1.5. Replace src with dst to filter by destination IP.
3. Monitor Connections in Real-Time
[root@siddhesh ~]# watch -n 1 'ss -t' Update the connection list every 1 second (like a live dashboard).
Why ss Over netstat?
Speed: ss retrieves data directly from the kernel, making it faster.
Accuracy: Better support for modern socket types (e.g., TCP congestion states).
Simplicity: Concise syntax for filtering by state, protocol, or IP.
Cheat Sheet
Command | Description | |
ss -tuln | All listening TCP/UDP ports | |
ss -o state established | Active connections | |
ss -s | Summary statistics | |
`ss -p | grep "nginx"` | Find processes (e.g., Nginx) |
Conclusion
The ss command is a must-have tool for Linux admins and developers. With its intuitive filters and speed, you can quickly diagnose network bottlenecks, debug services, or monitor traffic. Next time you’re troubleshooting, skip netstat and give ss a try!
Comments