Linux ss command to monitor network connections

The ss command is capable of showing more information than the netstat and is faster. The netstat command reads various /proc files to gather information. However this approach falls weak when there are lots of connections to display. This makes it slower.

The ss command gets its information directly from kernel space. The options used with the ss commands are very similar to netstat making it an easy replacement.

So in this tutorial we are going to see few examples of how to use the ss command to check the network.

 

The simplest command is to list out all connections.

#ss | less

To view only tcp or udp or unix connections use the t, u or x option.

#ss -t

List all udp connections

#ss -ua

To get the output faster, use the “n” option to prevent ss from resolving ip addresses to hostnames. But this will prevent resolution of port numbers as well.

#ss -nt

 

Show only listening sockets

#ss -ltn

To print out the process name/pid which owns the connection use the ‘p’ option.

#ss -ltp

 

Print summary statistics,The “s” option prints out the statistics.

#ss -s

Display timer information,With the ‘-o’ option, the time information of each connection would be displayed.

#ss -tn -o

Filtering connections by tcp state

This command counts the number of established inbound connections.

ss -o state established \( sport = :XXXX or sport = :XXXX or sport = :XXXX \) \ dst 0.0.0.0/0 | egrep -v Recv-Q | wc -l

This command counts the number of queued inbound connections.

ss -o state established \( sport = :XXXX or sport = :XXXX or sport = :XXXX \) \ dst 0.0.0.0/0 | grep -v ^0 | egrep -v Recv-Q | wc -l 

This command counts the number of outbound connections.

ss -o state established \( dport = :http or dport = :https \) \ dst 0.0.0.0/0 | egrep -v Recv-Q | wc -l

Mohammadreza(Hojjat) Fadaee

 

 

One Comment

Add a Comment

Your email address will not be published. Required fields are marked *