The "ss" command in Linux is a powerful tool for investigating network connections and sockets. As an expert Linux system administrator and network engineer, I often rely on "ss" for troubleshooting complex connectivity issues.
In this comprehensive guide, I will provide a variety of practical "ss" command examples for analyzing network connections in Linux systems. Whether you are a beginner looking to understand the basics or a seasoned admin hoping to expand your ss skills, this article has something for you.
1. Listing All Sockets with ss
The most basic invocation of ss lists all sockets, both listening and established:
# ss
This provides a summary of every connection, similar to netstat. The output contains the socket type (e.g. TCP, UDP), local and remote addresses, socket state, process using the socket, and more.
While basic, this one-line ss command gives you a quick overview of all networking activity happening on the system.
2. Filtering by Socket Type
To filter sockets by type, use the "-t" or "-u" arguments:
# ss -t # ss -u
"-t" shows only TCP sockets, while "-u" displays UDP. This lets you separate the two protocols to focus on diagnosing issues with one or the other.
You can combine these with other filters like "-l" (listening) or "-s" (socket summary):
# ss -tl # ss -us
Now you have precise control to narrow your analysis.
3. Finding a Process by Port
To identify the process utilizing a given port, use "-p" and "-n" for resolving port numbers:
# ss -nptl sport = :80
This displays only listening TCP sockets on port 80, mapping the sockets back to owning processes.
Modify the filters to locate processes bound to any port for targeted troubleshooting.
4. Checking Established Connections
While "-l" shows listening sockets, "-a" includes established connections:
# ss -at
Adding in "-e" gives more details about each connected socket:
# ss -aet
This lets you inspect active connections to identify client/server communication issues.
5. Getting Socket Summary Statistics
For analyzing overall connection usage, "-s" provides a quick statistical overview:
# ss -s
It totals up sockets and memory consumption by each socket type. You can pair it with other filters too:
# ss -ts # ss -us
These specialized summaries help track down high-level bottlenecks in TCP vs UDP traffic.
6. Going Beyond the Basics
While I have covered the most common use cases here, ss supports even more advanced functionality via additional filters like "-f", "-e", "-0", and "-4" amongst others. The ss man page documents these specialty options for when you are hunting down obscure network issues.
ss becomes an incredibly versatile tool if you take the time to learn and apply these advanced filters for drilling down into Linux networking troubles.
Key Takeaways
The ss command offers immense flexibility and analytical power for diagnosing network problems in Linux systems. Key takeaways include:
- View a summary of all sockets with basic ss invocation
- Filter by TCP/UDP socket type using the "-t" and "-u" qualifiers
- Identify processes bound to ports via the "-p" and "-n" switches
- Inspect active connections with "-a" instead of just listening sockets
- See high-level socket statistics using the "-s" flag
- Extend ss capabilities further with advanced filtering
Mastering the many variations of ss allows a Linux administrator to dissect network issues quickly and efficiently. Add these ss examples to your troubleshooting toolbox today.
