The ss command is capable of showing more information than the netstat and is faster. The netstat command reads various /proc files to gather information. However this approach falls weak when there are lots of connections to display. This makes it slower.
The ss command gets its information directly from kernel space. The options used with the ss commands are very similar to netstat making it an easy replacement.
So in this tutorial we are going to see few examples of how to use the ss command to check the network.
The simplest command is to list out all connections.
#ss | less
To view only tcp or udp or unix connections use the t, u or x option.
List all udp connections
To get the output faster, use the “n” option to prevent ss from resolving ip addresses to hostnames. But this will prevent resolution of port numbers as well.
Show only listening sockets
To print out the process name/pid which owns the connection use the ‘p’ option.
Print summary statistics,The “s” option prints out the statistics.
Display timer information,With the ‘-o’ option, the time information of each connection would be displayed.
#ss -tn -o
Filtering connections by tcp state
This command counts the number of established inbound connections.
ss -o state established \( sport = :XXXX or sport = :XXXX or sport = :XXXX \) \ dst 0.0.0.0/0 | egrep -v Recv-Q | wc -l
This command counts the number of queued inbound connections.
ss -o state established \( sport = :XXXX or sport = :XXXX or sport = :XXXX \) \ dst 0.0.0.0/0 | grep -v ^0 | egrep -v Recv-Q | wc -l
This command counts the number of outbound connections.
ss -o state established \( dport = :http or dport = :https \) \ dst 0.0.0.0/0 | egrep -v Recv-Q | wc -l