Using SS to monitor connections in GNU/Linux for new users - gHacks Tech News

Using SS to monitor connections in GNU/Linux for new users

The ever popular Netstat tool, has been depricated for quite a few years now, and newer tools have been developed for the command line to replace it; namely, ss.

Using ss is extremely simple, given the power behind the command, and the amount of information you can obtain while using it, such as information for TCP, UDP, PACKET, RAW, DCCP and UNIX Sockets.

Using ss

ss

As stated, using ss is relatively easy when it comes to command line utilities. The man pages are well documented as well for anyone who has issues.

Basic usage of ss

Simply typing ss will give you a list of all sockets that currently have connections.

To list only currently listening sockets: ss -l

But what if we want to filter out certain types of connections, and only list certain others, like only showing TCP, or UDP or UNIX connections?

  • Use ss -t for TCP connections
  • Use ss -u for UDP connections
  • Use ss -x for UNIX connections

However, be aware that when using the above commands, you will only be shown connections that are currently totally established, and must also add the -a option, if you want to list both established and listening sockets.

The -n option, disables hostname resolution, so you’ll only see IP addresses, which can speed things up a little bit if you don’t really care to see the hostname.

Another handy way to utilize ss, is through the use of states. This allows you to specifically use ss to target only sockets in the exact state you are looking for.

State Filtering

The usage for ss with state filtering is: ss [ options ] [ state ] [ filter ]

According to the man pages, the available filters / identifiers is:

All standard TCP states: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing.

  • all - for all the states
  • connected - all the states except for listen and closed
  • synchronized - all the connected states except for syn-sent
  • bucket - states, which are maintained as minisockets, i.e. time-wait and syn-recv
  • big - opposite to bucket

Some simple examples of using states:

  • ss -t state time-wait
  • ss -t state established

You can also filter IPv4 and IPv6:

  • ss -4
  • ss -6

or combine them:

  • ss -t4 state bucket

Granted, you may not find a huge use for using ss to watch certain states, as catching the specific timing of when a socket is sending or receiving data can be tedious, and its better to use the 'watch' command for this purpose:

  • watch -n 1 "ss -t4 state syn-received"

This command will show you a one second-refreshing report, on TCP IPv4 sockets as they receive their data.

Closing words

Using ss is incredibly simple once you get the hang of it, and for users who want to delve into networking, servers, or even just simple game hosting, it can be useful to learn!

Summary
Using SS to monitor connections in GNU/Linux for new users
Article Name
Using SS to monitor connections in GNU/Linux for new users
Description
The ever popular Netstat tool, has been depricated for quite a few years now, and newer tools have been developed for the command line to replace it; namely, ss.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Another Mike said on April 7, 2018 at 1:12 pm
    Reply

    Hello,

    Thanks Mike for your Linux articles. Can I make a suggestion? Whenever your article deals with terminal stuff, could you include alternative way in some GUI application? For example, I personally would like to use GUI app for checking out network connections. Sometimes terminal is better and faster to do something, but not always. Thanks.

  2. iponymous said on April 7, 2018 at 8:30 pm
    Reply

    Is there a way to see only the connections for a specific application?

    1. Gerard said on April 8, 2018 at 2:27 pm
      Reply

      “ss -tp” will show which processes are making network connections. You can add the “watch” command if you want to monitor connections.

  3. perUnaltracitta said on April 10, 2018 at 12:50 am
    Reply

    @Mahi: Sauf quun proxy Socks5 ne prend pas en charge lUDP. Par conséqudent tout ce qui est UDP sera ou bien bloqué par le proxy (et dans ce cas, ça ne sert à rien dactiver ces fonctions), ou bien contournera le proxy (et alors, il vaut mieux ne pas activer ces fonctions). Dans ce dernier cas en effet, les connexions de pair à pair obtenues via PeX ou DHT,(ou bien les connexions au tracker, sil est udp) seffectuent directement via lIP FAI de lutilisateur, et la Hadopi est très contente.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.