0 votes
in Linux by
The ss command is used to show socket statistics
SS can provide information about:
All TCP sockets.
All UDP sockets.
All established ssh / ftp / http / https connections.
All local processes connected to X server.
Filtering by state (such as connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), addresses and ports.
All the tcp sockets in state FIN-WAIT-1 and much more.

Task: Display Sockets Summary
List currently established, closed, orphaned and waiting TCP sockets, enter:
# ss -s

Task: Display All Open Network Ports
# ss -l

Task: Display All TCP Sockets
# ss -t -a

Task: Display All UDP Sockets
# ss -u -a

Task: Display All Established SMTP Connections
# ss -o state established '( dport = :smtp or sport = :smtp )'

Task: Display All Established HTTP Connections
# ss -o state established '( dport = :http or sport = :http )'

Task: Find All Local Processes Connected To X Server
# ss -x src /tmp/.X11-unix/*

Task: List All The Tcp Sockets in State FIN-WAIT-1
List all the TCP sockets in state -FIN-WAIT-1 for our httpd to network 202.54.1/24 and look at their timers:
# ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 202.54.1/24

How Do I Filter Sockets Using TCP States?
The syntax is as follows:
## tcp ipv4 ##

ss -4 state FILTER-NAME-HERE
## tcp ipv6 ##

ss -6 state FILTER-NAME-HERE
Where FILTER-NAME-HERE can be any one of the following,
established
syn-sent
syn-recv
fin-wait-1
fin-wait-2
time-wait
closed
close-wait
last-ack
listen
closing

all : All of the above states
connected : All the states except for listen and closed
synchronized : All the connected states except for syn-sent
bucket : Show states, which are maintained as minisockets, i.e. time-wait and syn-recv.
big : Opposite to bucket state.

Examples
Type the following command to see closing sockets:
ss -4 state closing

How Do I Matches Remote Address And Port Numbers?
Use the following syntax:
ss dst ADDRESS_PATTERN
## Show all ports connected from remote 192.168.1.5##

ss dst 192.168.1.5
## show all ports connected from remote 192.168.1.5:http port##
ss dst 192.168.1.5:http
ss dst 192.168.1.5:smtp
ss dst 192.168.1.5:443
 

Find out connection made by remote 123.1.2.100:http to our local virtual servers:
# ss dst 123.1.2.100:http

How Do I Matches Local Address And Port Numbers?
ss src ADDRESS_PATTERN
### find out all ips connected to nixcraft.com ip address 75.126.153.214 ###
## Show all ports connected to local 75.126.153.214##
ss src 75.126.153.214
 
## http (80) port only ##
ss src 75.126.153.214:http
ss src 75.126.153.214:80
 
## smtp (25) port only ##
ss src 75.126.153.214:smtp
ss src 75.126.153.214:25

How Do I Compare Local and/or Remote Port To A Number?
Use the following syntax:

 
## Compares remote port to a number ##
ss dport OP PORT
 
## Compares local port to a number ##
sport OP PORT
Where OP can be one of the following:
<= or le : Less than or equal to port
>= or ge : Greater than or equal to port
== or eq : Equal to port
!= or ne : Not equal to port
< or gt : Less than to port
> or lt : Greater than to port
Note: le, gt, eq, ne etc. are use in unix shell and are accepted as well.

ss vs netstat Speed
Use the time command to run both programs and summarize system resource usage. Type the netstat command as follows:
# time netstat -at

Please log in or register to answer this question.

Welcome to My QtoA, where you can ask questions and receive answers from other members of the community.
...