Get TCP or UDP socket information using ss
ss
is an useful Linux command line untility to get detailed information about TCP, UDP sockets and packets. It can display more information compare to netstat
according to man page.
From the man page:
ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state informations than other tools.
To read the man pages: man ss
To read help related content: ss --help
Most of the man pages explain what each flag can do, but let’s explore some of them.
Get the current opened, closed statistics of TCP sockets
ss -s
s = show socket usage summary
Show all TCP sockets
ss -ta
t = display only TCP sockets
a = all
Show all UDP sockets
ss -ua
t = display only UDP sockets
a = all
To show iformation like only IPv4 and unix sockets with a
flag
ss -xa4
x = display only Unix domain sockets
a = all
4 = IPv4
Detail flags
-4, --ipv4 display only IP version 4 sockets
-6, --ipv6 display only IP version 6 sockets
-0, --packet display PACKET sockets
-t, --tcp display only TCP sockets
-u, --udp display only UDP sockets
-d, --dccp display only DCCP sockets
-w, --raw display only RAW sockets
-x, --unix display only Unix domain sockets
-f, --family=FAMILY display sockets of type FAMILY
To show the process with the listening sockets
ss -lp
Lets display http connections
ss -to state established
t = display only TCP sockets
o = show timer information
state is filter = ss [ OPTIONS ] [ FILTER ]
You can even use grep to show some of the information related to only that specific string. Literally you can pipe anything to it like less, grep etc.
ss -lp | grep 2707
l = display listening sockets
p = show process using socket
You can display results by source or port number dport
ss -at '( dport = :ssh )'
ss -at '( dport = :22 )'
ss -at '( dport = :443 )'
If you are interested to learn and find more, checkout the man pages of ss
.