The ss command is used to dump socket statistics. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compare to netstat) tool for tracking TCP connections and sockets. SS can provide information about:
- All TCP sockets.
- All UDP sockets.
- All established ssh / ftp / http / https connections.
- All local processes connected to X server.
- All the tcp sockets in state FIN-WAIT-1 and much more.
Most Linux distributions are shipped with ss and many monitoring tools. Being familiar with this tool helps enhance your understand of what's going on in the system sockets and helps you find the possible causes of a performance problem.
Task: Display Sockets Summary
List currently established, closed, orphaned and waiting TCP sockets, enter:
# ss -s
Sample Output:
Total: 734 (kernel 904) TCP: 1415 (estab 112, closed 1259, orphaned 11, synrecv 0, timewait 1258/0), ports 566 Transport Total IP IPv6 * 904 - - RAW 0 0 0 UDP 15 12 3 TCP 156 134 22 INET 171 146 25 FRAG 0 0 0
Task: Display All Open Network Ports
# ss -l
Sample Output:
ss -l Recv-Q Send-Q Local Address:Port Peer Address:Port 0 0 127.0.0.1:smux *:* 0 0 127.0.0.1:10024 *:* 0 0 127.0.0.1:10025 *:* 0 0 *:3306 *:* 0 0 *:http *:* 0 0 *:4949 *:* 0 0 *:domain *:* 0 0 *:ssh *:* 0 0 *:smtp *:* 0 0 127.0.0.1:rndc *:* 0 0 127.0.0.1:6010 *:* 0 0 *:https *:* 0 0 :::34571 :::* 0 0 :::34572 :::* 0 0 :::34573 :::* 0 0 ::1:rndc :::*
Type the following to see process named using open socket:
# ss -pl
Find out who is responsible for opening socket / port # 4949:
# ss -lp | grep 4949
Sample output:
0 0 *:4949 *:* users:(("munin-node",3772,5))
munin-node (PID # 3772) is responsible for opening port # 4949. You can get more information about this process (like memory used, users, current working directory and so on) visiting /proc/3772 directory:
# cd /proc/3772
# ls -l
Task: Display All TCP Sockets
# ss -t -a
Task: Display All UDP Sockets
# ss -u -a
Task: Display All Established SMTP Connections
# ss -o state established '( dport = :smtp or sport = :smtp )'
Task: Display All Established HTTP Connections
# ss -o state established '( dport = :http or sport = :http )'
Task: Find All Local Processes Connected To X Server
# ss -x src /tmp/.X11-unix/*
Task: List All The Tcp Sockets in State FIN-WAIT-1
List all the TCP sockets in state -FIN-WAIT-1 for our httpd to network 202.54.1/24 and look at their timers:
# ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 202.54.1/24
Recommended readings:
- See ss command help page.
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- 10 Greatest Open Source Software Of 2009
- My 10 UNIX Command Line Mistakes
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email this to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: Jun/18/2009
{ 7 comments… read them below or add one }
Why haven’t I heard of the ’ss’ command before? This is great – I’ve tested the commands on several servers and this will be an excellent addition to the tools I’ve already been using. Thanks for bringing this command to the light of day for me! :)
astonishing. years of unix administration and never stumbled across this goodie?
OK, where the HECK is this thing?
I can’t find source, webpage, RPM, etc. Having a link within the article is appropriate.
It is part of iproute package.
The source code can be obtained from:
http://devresources.linux-foundation.org/dev/iproute2/download/
my more used recipe
ss -4nlp
cheers !
Yummy, thanks for sharing! And ss is included in CentOS 5.2.
Best,
Aleksey
Thanks for sharing this great tool. I’m loving it.