ss
Socket Statistics
ss is an utility to investigate sockets.
Syntax
ss [options] [ FILTER ]
ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state information than other tools.
Important options
| Options | Description |
|---|---|
-t |
Show only TCP connections. |
-u |
Show only UDP connections. |
-l or --listening |
Show listening sockets. |
-p or --processes |
Show process using socket. |
-s or --summary |
Print summary statistics. This option does not parse socket lists obtaining summary from various sources. |
-n or --numeric |
Do not try to resolve service names. Show exact bandwidth values, instead of human-readable. |
Filters
Syntax
FILTER := [ state SOCKET_OPTIONS ] [ exclude SOCKET_OPTIONS ] [ EXPRESSION ]
With state the sockets can be: ESTABLISHED, LISTENING, CLOSED, CONNECTED, TIME-WAIT, etc.
With exclude some sockets that met the state criteria are excluded.
EXPRESSION can be constructed with:
- Logical operators:
and,orandnot - Origin and destination:
{src|dst} [ IP[/prefix] ][ :port ] - Socket origin and destination:
{dport|sport} {eq|neq|gt|ge|lt|le} [IP]:port
Example:
ss state established '(sport = :http or sport = :https)' src 192.188.1.0/24
With this, socket statistics shows sockets that:
- Have an
establishedstate - Their origin port (
sport) ishttporhttps - And their source is the
192.188.1.0/24address