Using SS to monitor connections in GNU/Linux for new users
The ever popular Netstat tool, has been depricated for quite a few years now, and newer tools have been developed for the command line to replace it; namely, ss.
Using ss is extremely simple, given the power behind the command, and the amount of information you can obtain while using it, such as information for TCP, UDP, PACKET, RAW, DCCP and UNIX Sockets.
Using ss
As stated, using ss is relatively easy when it comes to command line utilities. The man pages are well documented as well for anyone who has issues.
Basic usage of ss
Simply typing ss will give you a list of all sockets that currently have connections.
To list only currently listening sockets: ss -l
But what if we want to filter out certain types of connections, and only list certain others, like only showing TCP, or UDP or UNIX connections?
- Use ss -t for TCP connections
- Use ss -u for UDP connections
- Use ss -x for UNIX connections
However, be aware that when using the above commands, you will only be shown connections that are currently totally established, and must also add the -a option, if you want to list both established and listening sockets.
The -n option, disables hostname resolution, so you’ll only see IP addresses, which can speed things up a little bit if you don’t really care to see the hostname.
Another handy way to utilize ss, is through the use of states. This allows you to specifically use ss to target only sockets in the exact state you are looking for.
State Filtering
The usage for ss with state filtering is: ss [ options ] [ state ] [ filter ]
According to the man pages, the available filters / identifiers is:
All standard TCP states: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing.
- all - for all the states
- connected - all the states except for listen and closed
- synchronized - all the connected states except for syn-sent
- bucket - states, which are maintained as minisockets, i.e. time-wait and syn-recv
- big - opposite to bucket
Some simple examples of using states:
- ss -t state time-wait
- ss -t state established
You can also filter IPv4 and IPv6:
- ss -4
- ss -6
or combine them:
- ss -t4 state bucket
Granted, you may not find a huge use for using ss to watch certain states, as catching the specific timing of when a socket is sending or receiving data can be tedious, and its better to use the 'watch' command for this purpose:
- watch -n 1 "ss -t4 state syn-received"
This command will show you a one second-refreshing report, on TCP IPv4 sockets as they receive their data.
Closing words
Using ss is incredibly simple once you get the hang of it, and for users who want to delve into networking, servers, or even just simple game hosting, it can be useful to learn!
@Mahi: Sauf quun proxy Socks5 ne prend pas en charge lUDP. Par conséqudent tout ce qui est UDP sera ou bien bloqué par le proxy (et dans ce cas, ça ne sert à rien dactiver ces fonctions), ou bien contournera le proxy (et alors, il vaut mieux ne pas activer ces fonctions). Dans ce dernier cas en effet, les connexions de pair à pair obtenues via PeX ou DHT,(ou bien les connexions au tracker, sil est udp) seffectuent directement via lIP FAI de lutilisateur, et la Hadopi est très contente.
Is there a way to see only the connections for a specific application?
“ss -tp” will show which processes are making network connections. You can add the “watch” command if you want to monitor connections.
Hello,
Thanks Mike for your Linux articles. Can I make a suggestion? Whenever your article deals with terminal stuff, could you include alternative way in some GUI application? For example, I personally would like to use GUI app for checking out network connections. Sometimes terminal is better and faster to do something, but not always. Thanks.