The Linux 'ss' Command - Basics

Following up on my blog entry on ip, and still cribbing from Packt's DevOps Automation Cookbook (Michael Duffy, 2015), we're moving on to the ss command. It's considered a replacement for netstat, another command I've been using for a very long time (although unlike ifconfig, my understanding of netstat was never particularly good).

The good news is that, as an informational command, this appears to be usable by non-root users. Just running ss raw will give you way, WAY too much information. Limit the output to TCP with -t or to UDP with -u:

$ ss -t
State       Recv-Q Send-Q    Local Address:Port               Peer Address:Port
ESTAB       0      0         192.168.0.104:44926              178.237.2.88:https
ESTAB       0      0         192.168.0.104:40730              52.84.97.174:https
ESTAB       0      0         192.168.0.104:36846             178.237.2.111:https
ESTAB       0      0         192.168.0.104:45946             178.237.2.105:https
ESTAB       0      0         192.168.0.104:40728              52.84.97.164:https
ESTAB       0      0         192.168.0.104:45168             52.49.210.179:https
ESTAB       0      0         192.168.0.104:50326           122.125.132.129:https
ESTAB       0      0         192.168.0.104:50168           122.125.201.129:https
ESTAB       0      0         192.168.0.104:50332           122.125.132.179:https
ESTAB       0      0         192.168.0.104:36888             178.237.2.111:https
ESTAB       0      0                   ::1:ssh                         ::1:60864
ESTAB       0      0                   ::1:60864                       ::1:ssh

One command I can see myself using a lot is ss -ltun which is:

  • -l show only listening sockets
  • -t TCP
  • -u UDP
  • -n numeric, don't do domain lookups (this is faster but not always desirable)