Linux ss Tool to Identify Sockets / Network Connections with Examples

ss is part of the iproute2 (utilities for controlling TCP/IP networking and traffic) package. iproute2 is intended to replace an entire suite of standard Unix networking tools (often called "net-tools") that were previously used for the tasks of configuring network interfaces, routing tables, and managing the ARP table. The ss utility is used to dump socket statistics, it allows showing information similar to netstat and its able display more TCP and state information. It should also be faster as it gets its information directly from kernel space. The options used with the ss commands are very similar to netstat making it an easy replacement.

Usage and common options

ss is very similar to netstat, by default it will show you a list of open non-listening TCP sockets that have established connection and you can shape the output with the following options:

-n - Do now try to resolve service names.
-r - Try to resolve numeric address/ports.
-a - Display all sockets.
-l - Display listening sockets.
-p - Show process using socket.
-s - Print summary statistics.
-t - Display only TCP sockets.
-u - Display only UDP sockets.
-d - Display only DCCP sockets.
-w - Display only RAW sockets.
-x - Display only Unix domain sockets.
-f FAMILY - Display sockets of type FAMILY. Currently the following families are supported: unix, inet, inet6, link, netlink.
-A QUERY - List of socket tables to dump, separated by commas. The following identifiers are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream, packet_raw, packet_dgram.