The ever popular Netstat tool, has been depricated for quite a few years now, and newer tools have been developed for the command line to replace it; namely, ss.
Using ss is extremely simple, given the power behind the command, and the amount of information you can obtain while using it, such as information for TCP, UDP, PACKET, RAW, DCCP and UNIX Sockets.
As stated, using ss is relatively easy when it comes to command line utilities. The man pages are well documented as well for anyone who has issues.
Basic usage of ss
Simply typing ss will give you a list of all sockets that currently have connections.
To list only currently listening sockets: ss -l
But what if we want to filter out certain types of connections, and only list certain others, like only showing TCP, or UDP or UNIX connections?
However, be aware that when using the above commands, you will only be shown connections that are currently totally established, and must also add the -a option, if you want to list both established and listening sockets.
The -n option, disables hostname resolution, so you’ll only see IP addresses, which can speed things up a little bit if you don’t really care to see the hostname.
Another handy way to utilize ss, is through the use of states. This allows you to specifically use ss to target only sockets in the exact state you are looking for.
The usage for ss with state filtering is: ss [ options ] [ state ] [ filter ]
According to the man pages, the available filters / identifiers is:
All standard TCP states: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing.
Some simple examples of using states:
You can also filter IPv4 and IPv6:
or combine them:
Granted, you may not find a huge use for using ss to watch certain states, as catching the specific timing of when a socket is sending or receiving data can be tedious, and its better to use the 'watch' command for this purpose:
This command will show you a one second-refreshing report, on TCP IPv4 sockets as they receive their data.
Using ss is incredibly simple once you get the hang of it, and for users who want to delve into networking, servers, or even just simple game hosting, it can be useful to learn!Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.