Your submission was sent successfully! Close

  1. Blog
  2. Article

Mathieu Trudel-Lapierre
on 25 July 2017

ss: another way to get socket statistics

In an earlier blog post I mentioned ss, another tool that comes with the iproute2 package and allows you to query statistics about sockets. The same thing that can be done with netstat, with the added benefit that it is typically a little bit faster, and shorter to type.

Just ss by default will display much the same thing as netstat, and can be similarly passed options to limit the output to just what you want. For instance:

$ ss -t
State       Recv-Q Send-Q       Local Address:Port                        Peer Address:Port
ESTAB       0      0                 
ESTAB       0      0              
ESTAB       0      0             


ss -t shows just TCP connections. ss -u can be used to show UDP connections, -l will show only listening ports, and things can be further filtered to just the information you want.

I have not tested all the possible options, but you can even forcibly close sockets with -K.

One place where ss really shines though is in its filtering capabilities. Let’s list all connections with a source port of 22 (ssh):

$ ss state all sport = :ssh
Netid State      Recv-Q Send-Q     Local Address:Port                      Peer Address:Port
tcp   LISTEN     0      128                    *:ssh                                  *:*
tcp   ESTAB      0      0            
tcp   LISTEN     0      128                   :::ssh                                 :::*

And if I want to show only connected sockets (everything but listening or closed):

$ ss state connected sport = :ssh
Netid State      Recv-Q Send-Q     Local Address:Port                      Peer Address:Port
tcp   ESTAB      0      0            

Similarly, you can have it list all connections to a specific host or range; in this case, using the subnet, which apparently belongs to Google:

$ ss state all dst
Netid State      Recv-Q Send-Q     Local Address:Port                      Peer Address:Port
tcp   ESTAB      0      0         
tcp   ESTAB      0      0          
tcp   ESTAB      0      0         

This is very much the same syntax as for iptables, so if you’re familiar with that already, it will be quite easy to pick up. You can also install the iproute2-doc package, and look in /usr/share/doc/iproute2-doc/ss.html for the full documentation.

Try it for yourself! You’ll see how well it works. If anything, I’m glad for the fewer characters this makes me type.

Related posts

Henry Coggill
7 December 2023

Ubuntu 22.04 FIPS 140-3 modules available for preview

FIPS Article

Canonical has been working with our testing lab partner, atsec information security, to prepare the cryptographic modules in Ubuntu 22.04 LTS (Jammy Jellyfish) for certification with NIST under the new FIPS 140-3 standard. The modules passed all of atsec’s algorithm validation tests and are in the queue awaiting NIST’s approval. We can’t ...

Andreea Munteanu
6 December 2023

Highlights of the Canonical AI Roadshow 2023

AI Article

It’s a wrap – Canonical AI Roadshow 2023 has come to an end. From Brazil to the United Arab Emirates, from Europe to the US, we’ve spent an amazing 10 weeks talking with people all over the world about how to innovate at speed with open source artificial intelligence (AI), and how to make enterprise ...

Michelle Anne Tabirao
6 December 2023

Charmed MongoDB: the operator you need for managing your document database

Data Platform Article

Charmed MongoDB primary mission is to simplify the MongoDB experience so it can be an operated database powerhouse. ...