SS command on Linux (investigate the network)
The ss command on Linux is extremely useful for investigating sockets, providing various information about the network. It is the evolution of the netstat command from the old Net-Tools. It is important to understand that a socket can be a network connection, as well as a Unix-like socket, which is a special file that acts as a “communication bridge” between two programs.
Your most common options are:
- -a: list all sockets;
- -r: resolve IP addresses and ports by service names;
- -n: does not resolve IP addresses and ports for services;
- -l: lists only open ports (LISTEN);
- -e: shows detailed information about the socket;
- -m: shows the socket’s memory allocation;
- -p: shows the process that owns the socket;
- -i: shows TCP statistics about the socket;
- -K: forces a socket to close;
-s: shows network statistics;
- -t: filters only TCP packets;
- -u: filters only UDP packets;
- -4: filters only IPv4 packets;
- -6: filters only IPv6 packets;
Some options may be combined to form a given result.
Examples:
To view network statistics:
To view open TCP ports (under LISTENING):
To show the open TCP and UDP ports and the processes that own the sockets. To show the processes, the user must be the root administrator, or using sudo command to gain superpowers:
Shows all connections established on port (22) of ssh:
This command is useful for diagnosing the following problems:
- Check which network services are running (-l)
- Check the amount of memory consumed by a socket (-m)
- Check the processes that own the sockets (-p)
- Check established connections (-o state established)
- Check the amount of data traveled on a connection TCP (-i)