Note

ss is the replacement program, replacing deprecated netstat (similar to ip replacing ifconfig).

terminology

  • socket: TCP/UDP/UNIX
  • listening:
  • non-listening:

flags

  • -t: TCP
  • -u:: UDP
  • -l: display listening sockets
  • -a: display both listening and non-listening
  • -p: show process name
  • -n: show numeric IP addresses
  • -s: show statistics
  • -c: print continuously
  • -r: print kernel (internal/localhost) routing table
  • -o: show timer information
  • -4: show only IPv4 connections
  • -6: show only IPv6 connections

useful commands

  • ss: by default displays open, non-listening sockets (TCP/UDP/UNIX) that have established connections
  • ss -tulpn: show TCP and UDP with listening ports, process names, and numeric IP addresses
  • ss -co: print default connection information continuously, with timer information
  • netstat -co --protocol=inet,inet6: continuously monitor IPv4 and IPv6 connections with timer information
  • ss -an | grep ssh: find out what port a particular service is using
  • ss -an | grep ':80': find out what service is using a particular port