Linux Commands Examples

A great documentation place for Linux commands


another utility to investigate sockets

see also : ip


ss [options] [ FILTER ]

add an example, a script, a trick and tips

: email address (won't be displayed)
: name

Step 2

Thanks for this example ! - It will be moderated and published shortly.

Feel free to post other examples
Oops ! There is a tiny cockup. A damn 404 cockup. Please contact the loosy team who maintains and develops this wonderful site by clicking in the mighty feedback button on the side of the page. Say what happened. Thanks!


no example yet ...

... Feel free to add your own example above to help other Linux-lovers !


ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state informations than other tools.


When no option is used ss displays a list of open non-listening TCP sockets that have established connection.

These programs follow the usual GNU command line syntax, with long options starting with two dashes (’-’). A summary of options is included below.
-h, --help

Show summary of options.

-V, --version

Output version information.

-n, --numeric

Do not try to resolve service names.

-r, --resolve

Try to resolve numeric address/ports.

-a, --all

Display both listening and non-listening (for TCP this means established connections) sockets.

-l, --listening

Display only listening sockets (these are omitted by default).

-o, --options

Show timer information.

-e, --extended

Show detailed socket information

-m, --memory

Show socket memory usage.

-p, --processes

Show process using socket.

-i, --info

Show internal TCP information.

-s, --summary

Print summary statistics. This option does not parse socket lists obtaining summary from various sources. It is useful when amount of sockets is so huge that parsing /proc/net/tcp is painful.

-4, --ipv4

Display only IP version 4 sockets (alias for -f inet).

-6, --ipv6

Display only IP version 6 sockets (alias for -f inet6).

-0, --packet

Display PACKET sockets (alias for -f link).

-t, --tcp

Display TCP sockets.

-u, --udp

Display UDP sockets.

-d, --dccp

Display DCCP sockets.

-w, --raw

Display RAW sockets.

-x, --unix

Display Unix domain sockets (alias for -f unix).

-f FAMILY, --family=FAMILY

Display sockets of type FAMILY. Currently the following families are supported: unix, inet, inet6, link, netlink.

-A QUERY, --query=QUERY, --socket=QUERY

List of socket tables to dump, separated by commas. The following identifiers are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream, packet_raw, packet_dgram.

-D FILE, --diag=FILE

Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used.

-F FILE, --filter=FILE

Read filter information from FILE. Each line of FILE is interpreted like single command line option. If FILE is - stdin is used.


Please take a look at the official documentation (Debian package iproute-doc) for details regarding filters.

usage examples

ss -t -a

Display all TCP sockets.

ss -u -a

Display all UDP sockets.

ss -o state established ’( dport = :ssh or sport = :ssh )’

Display all established ssh connections.

ss -x src /tmp/.X11-unix/*

Find all local processes connected to X server.

ss -o state fin-wait-1 ’( sport = :http or sport = :https )’ dst

List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7/24 and look at their timers.

see also

ip , /usr/share/doc/iproute-doc/ss.html (package iproutedoc)


ss was written by Alexey Kuznetosv, <kuznet[:at:][:dot:]ru>.

This manual page was written by Michael Prokop <mika[:at:]grml[:dot:]org> for the Debian project (but may be used by others).

How can this site be more helpful to YOU ?

give  feedback