ss Command in Linux

Introduction to the ss Command in Linux

This lab will guide you on how to effectively utilize the ss command within a Linux environment. You'll learn to investigate network connections, dissect socket statistics, and grasp the states of network sockets. The ss command is a robust tool that delivers in-depth insights into TCP, UDP, and Unix domain sockets, enabling you to resolve network problems and monitor your system's activity as a systemadmin.

We'll commence by exploring the purpose and syntax of the ss command, including its options for filtering and showing socket types. Then, you'll delve into network connections using ss, mastering how to pinpoint active connections, their local and remote addresses, and the associated processes. Finally, you'll analyze socket statistics and states, gaining knowledge of your network connections' performance and behavior.

Understanding the ss Command: Purpose and Syntax

This step will teach you about the purpose and the proper way to use the ss command in Linux. The ss command is a valuable systemadmin utility for displaying network socket data, encompassing TCP, UDP, and Unix domain sockets.

Let's begin with the basic structure of the ss command:

sudo ss [options]

Commonly used options with the ss command include:

• -t: Show TCP sockets
• -u: Show UDP sockets
• -x: Show Unix domain sockets
• -n: Prevent service name resolution
• -a: Show all sockets (both listening and established)
• -l: Show only listening sockets
• -p: Show the processes using each socket

Let's try a few examples to better understand the ss command:

sudo ss -t

Example output:

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      4096   127.0.0.1:6379                   0.0.0.0:*
ESTAB      0      0      172.17.0.2:36578                 172.17.0.1:22

This command reveals details of all TCP sockets, including the connection's state, the count of bytes sent and received, and the local and remote addresses and ports.

sudo ss -u

Example output:

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
UNCONN     0      0      127.0.0.53%lo:53                 0.0.0.0:*
UNCONN     0      0      172.17.0.2:41378                 8.8.8.8:53

This command shows information about all UDP sockets, including the associated local and remote addresses and ports.

sudo ss -x

Example output:

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      4096   /run/dbus/system_bus_socket      *:*
LISTEN     0      4096   /run/systemd/journal/stdout      *:*

This command displays all Unix domain sockets, which facilitate inter-process communication on a system.

With a firm understanding of the ss command's function and syntax, you can effectively troubleshoot and analyze network connections on your Linux system.

Investigating Network Connections with the ss Command

This step will demonstrate how to use the ss command to investigate and analyze network connections on your Linux system.

Let's initiate the process by displaying all active network connections:

sudo ss -a

Example output:

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      4096   127.0.0.1:6379                   0.0.0.0:*
ESTAB      0      0      172.17.0.2:36578                 172.17.0.1:22
UNCONN     0      0      127.0.0.53%lo:53                 0.0.0.0:*
UNCONN     0      0      172.17.0.2:41378                 8.8.8.8:53

This command displays every active socket, including both listening and non-listening ones.

To display only sockets in the listening state, use the -l option:

sudo ss -l

Example output:

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      4096   127.0.0.1:6379                   0.0.0.0:*
LISTEN     0      4096   /run/dbus/system_bus_socket      *:*
LISTEN     0      4096   /run/systemd/journal/stdout      *:*

This command shows the listening sockets on your system, waiting for incoming connections.

To display the process associated with a specific socket, utilize the -p option:

sudo ss -ltp

Example output:

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port                  Process
LISTEN     0      4096   127.0.0.1:6379                   0.0.0.0:*                         users:(("redis-server",pid=520,fd=6))
LISTEN     0      4096   /run/dbus/system_bus_socket      *:*                               users:(("dbus-daemon",pid=518,fd=10))
LISTEN     0      4096   /run/systemd/journal/stdout      *:*                               users:(("systemd-journal",pid=516,fd=13))

This shows the process ID and name for each listening socket's associated process.

By analyzing the output from the ss command, you can gain crucial insights into network connections on Linux, which is helpful for monitoring and troubleshooting tasks.

Analyzing Socket Statistics and States Using ss

This step will teach you how to leverage the ss command to analyze socket statistics and states within a Linux environment.

Start by viewing detailed TCP socket information:

sudo ss -t -i

Example output:

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
ESTAB      0      0      172.17.0.2:36578                 172.17.0.1:22
   cubic wscale:7,7 rto:200 rtt:0.025/0.011 ato:40 mss:1460 pmtu:1500 rcvmss:1460 advmss:1460 cwnd:10 bytes_acked:1392 bytes_received:0 segs_out:18 segs_in:1 send 1.00Mbps rcv_space:29200

LISTEN     0      4096   127.0.0.1:6379                   0.0.0.0:*
   cubic wscale:7,7 rto:200 rtt:0.025/0.011 ato:40 mss:536 pmtu:1500 rcvmss:536 advmss:1460 cwnd:10 bytes_acked:1392 bytes_received:0 segs_out:18 segs_in:1 send 1.00Mbps rcv_space:29200

This command reveals detailed TCP socket data, including socket state, queue sizes, local and remote addresses, and a range of socket stats like congestion control algorithm, window scaling, round-trip time, etc.

To view the state of all sockets, use the ss command with the -o option:

sudo ss -o

Example output:

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port                  Timer
ESTAB      0      0      172.17.0.2:36578                 172.17.0.1:22                     timer:(keepalive,14sec,0)
LISTEN     0      4096   127.0.0.1:6379                   0.0.0.0:*                         timer:(timewait,60.0)
UNCONN     0      0      127.0.0.53%lo:53                 0.0.0.0:*                         timer:(off,0)
UNCONN     0      0      172.17.0.2:41378                 8.8.8.8:53                        timer:(off,0)

This command displays the states of all sockets and their timer information.

By analyzing ss command outputs with -t -i and -o, you can gain a deeper understanding of the network connections on your Linux system, enhancing troubleshooting and performance optimization efforts.

Conclusion

In this lab, you've learned about the Linux ss command. It's a powerful tool used to show information about network sockets like TCP, UDP, and Unix domain sockets. You looked at the command's options like -t for TCP, -u for UDP, and -x for Unix domain sockets. You also learned how to use ss to display detailed info about network connections, including connection state, number of bytes sent and received, and local and remote addresses and ports.

You've also learned how to analyze socket stats and states using the ss command. ss delivers a lot of useful insights into network connections for troubleshooting and monitoring network issues as a systemadmin or Linux user.

Tác giả

Tôi là một chuyên gia System Administrator (SysAdmin) & DevOps Engineer với hơn 10 năm kinh nghiệm trong lĩnh vực quản trị hệ thống, bảo mật mạng, và tối ưu hạ tầng Cloud. Tôi đã từng làm việc tại các tập đoàn công nghệ lớn và tham gia triển khai nhiều hệ thống High Availability (HA), Load Balancing, Database, container và CI/CD giúp doanh nghiệp hoạt động ổn định với hiệu suất cao. Bài này tôi viết với thời gian đọc khoảng 5 phút. I also wrote a Vietnamese version.