Using SS to monitor connections in GNU/Linux for new users

The ever popular Netstat tool, has been depricated for quite a few years now, and newer tools have been developed for the command line to replace it; namely, ss.

Using ss is extremely simple, given the power behind the command, and the amount of information you can obtain while using it, such as information for TCP, UDP, PACKET, RAW, DCCP and UNIX Sockets.

Using ss


As stated, using ss is relatively easy when it comes to command line utilities. The man pages are well documented as well for anyone who has issues.

Basic usage of ss

Simply typing ss will give you a list of all sockets that currently have connections.

To list only currently listening sockets: ss -l

But what if we want to filter out certain types of connections, and only list certain others, like only showing TCP, or UDP or UNIX connections?

  • Use ss -t for TCP connections
  • Use ss -u for UDP connections
  • Use ss -x for UNIX connections

However, be aware that when using the above commands, you will only be shown connections that are currently totally established, and must also add the -a option, if you want to list both established and listening sockets.

The -n option, disables hostname resolution, so you’ll only see IP addresses, which can speed things up a little bit if you don’t really care to see the hostname.

Another handy way to utilize ss, is through the use of states. This allows you to specifically use ss to target only sockets in the exact state you are looking for.

State Filtering

The usage for ss with state filtering is: ss [ options ] [ state ] [ filter ]

According to the man pages, the available filters / identifiers is:

All standard TCP states: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing.

  • all – for all the states
  • connected – all the states except for listen and closed
  • synchronized – all the connected states except for syn-sent
  • bucket – states, which are maintained as minisockets, i.e. time-wait and syn-recv
  • big – opposite to bucket

Some simple examples of using states:

  • ss -t state time-wait
  • ss -t state established

You can also filter IPv4 and IPv6:

  • ss -4
  • ss -6

or combine them:

  • ss -t4 state bucket

Granted, you may not find a huge use for using ss to watch certain states, as catching the specific timing of when a socket is sending or receiving data can be tedious, and its better to use the ‘watch’ command for this purpose:

  • watch -n 1 “ss -t4 state syn-received”

This command will show you a one second-refreshing report, on TCP IPv4 sockets as they receive their data.

Closing words

Using ss is incredibly simple once you get the hang of it, and for users who want to delve into networking, servers, or even just simple game hosting, it can be useful to learn!

The post Using SS to monitor connections in GNU/Linux for new users appeared first on gHacks Technology News.

Related Post

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.