Using SS to monitor connections in GNU/Linux for new users
The ever popular Netstat tool, has been depricated for quite a few years now, and newer tools have been developed for the command line to replace it; namely, ss.
Using ss is extremely simple, given the power behind the command, and the amount of information you can obtain while using it, such as information for TCP, UDP, PACKET, RAW, DCCP and UNIX Sockets.
As stated, using ss is relatively easy when it comes to command line utilities. The man pages are well documented as well for anyone who has issues.
Basic usage of ss
Simply typing ss will give you a list of all sockets that currently have connections.
To list only currently listening sockets: ss -l
But what if we want to filter out certain types of connections, and only list certain others, like only showing TCP, or UDP or UNIX connections?
- Use ss -t for TCP connections
- Use ss -u for UDP connections
- Use ss -x for UNIX connections
However, be aware that when using the above commands, you will only be shown connections that are currently totally established, and must also add the -a option, if you want to list both established and listening sockets.
The -n option, disables hostname resolution, so youâ€™ll only see IP addresses, which can speed things up a little bit if you donâ€™t really care to see the hostname.
Another handy way to utilize ss, is through the use of states. This allows you to specifically use ss to target only sockets in the exact state you are looking for.
The usage for ss with state filtering is: ss [ options ] [ state ] [ filter ]
According to the man pages, the available filters / identifiers is:
All standard TCP states: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing.
- all - for all the states
- connected - all the states except for listen and closed
- synchronized - all the connected states except for syn-sent
- bucket - states, which are maintained as minisockets, i.e. time-wait and syn-recv
- big - opposite to bucket
Some simple examples of using states:
- ss -t state time-wait
- ss -t state established
You can also filter IPv4 and IPv6:
- ss -4
- ss -6
or combine them:
- ss -t4 state bucket
Granted, you may not find a huge use for using ss to watch certain states, as catching the specific timing of when a socket is sending or receiving data can be tedious, and its better to use the 'watch' command for this purpose:
- watch -n 1 "ss -t4 state syn-received"
This command will show you a one second-refreshing report, on TCP IPv4 sockets as they receive their data.
Using ss is incredibly simple once you get the hang of it, and for users who want to delve into networking, servers, or even just simple game hosting, it can be useful to learn!Advertisement