Skip to main content

SS command in Linux - more powerful than netstat

Today i want to share a command ss (Socket statistics) to investigate network and debug tcp connections.
ss  is  used to dump socket statistics. It allows showing information similar to netstat.  It can display more TCP and state information than other tools.
It is present in most of our Linux machines.

ss commands has lot of options. To get all options: ss -help

Few commands and outputs worth trying are as below:
  1. ss -t ->stands for tcp. Gives information about tcp connections that are available on the system
#ss -t
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
ESTAB       0      352                                   172.19.79.104:ssh                                                172.29.155.168:64045
ESTAB       0      0                                     172.19.79.104:54550                                               172.19.79.105:pcsync-https
ESTAB       0      0                              ::ffff:172.19.79.104:10250                                        ::ffff:172.19.79.105:47578

  1. ss -ta ->a stands for all. Displays all tcp connections
#ss -ta
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
LISTEN      0      128                                               *:sunrpc                                                          *:*
LISTEN      0      128                                       127.0.0.1:domain                                                          *:*
LISTEN      0      5                                       10.104.10.1:domain                                                          *:*
LISTEN      0      5                                        172.18.0.1:domain                                                          *:*
LISTEN      0      5                                     192.168.122.1:domain                                                          *:*
LISTEN      0      5                                     172.19.79.104:domain                                                          *:*
LISTEN      0      128                                               *:ssh                                                             *:*
LISTEN      0      128                                       127.0.0.1:ipp                                                             *:*
LISTEN      0      100                                       127.0.0.1:smtp                                                            *:*
ESTAB       0      128                                   172.19.79.104:ssh                                                172.29.155.168:64045
ESTAB       0      0                                     172.19.79.104:54550                                               172.19.79.105:pcsync-https

Few other arguments are as below:

   -t, --tcp           display only TCP sockets
   -S, --sctp          display only SCTP sockets
   -u, --udp           display only UDP sockets
   -d, --dccp          display only DCCP sockets
   -w, --raw           display only RAW sockets
   -x, --unix          display only Unix domain sockets

Few  important commands to try:
  1. ss -tp  -->processes     show process using socket
E.g Output:
tcp   ESTAB      0      0                                   172.19.79.105:http                                              172.19.48.200:31271                 users:(("haproxy",pid=80305,fd=474))

It tells the service, processid and file-descriptor of the service that is using the socket.


  1. ss -t4 -> to show only IPV4 sockets
   -4, --ipv4          display only IP version 4 sockets
   -6, --ipv6          display only IP version 6 sockets

  1. ss -n --> numeric       don't resolve service names
Example as below: 1433 port resolved as ms-sql-s port
# ss -tn
State       Recv-Q Send-Q                                  Local Address:Port                                                 Peer Address:Port
ESTAB       0      0                                ::ffff:172.19.79.190:58096                                         ::ffff:172.19.76.75:1433
# ss -t
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
ESTAB       0      0                              ::ffff:172.19.79.190:58096                                         ::ffff:172.19.76.75:ms-sql-s

  1. ss -lt -->listening     display listening sockets
# ss -lt
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
LISTEN      0      128                                               *:https                                                           *:*
LISTEN      0      128                                               *:pcsync-https                                                    *:*
LISTEN      0      128                                               *:pcsync-http                                                     *:*
LISTEN      0      128                                       127.0.0.1:10443                                                           *:*
LISTEN      0      128                                   172.19.79.105:2379                                                            *:*


  1. # ss -ot
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
ESTAB       0      0                                     172.19.79.105:2379                                                172.19.79.105:33464                 timer:(keepalive,16sec,0)
ESTAB       0      0                                     172.19.79.105:http                                                172.19.48.200:37659
ESTAB       0      0                                     172.19.79.105:http                                                172.19.48.200:12295
ESTAB       0      0                                     172.19.79.105:pcsync-https                                         10.104.12.26:45382                 timer:(keepalive,2min8sec,0)

To get timer information about tcp connection.


  1. Filtering with source or destination port
#ss -ot src :22
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
ESTAB       0      0                                     172.19.79.105:ssh                                                172.29.155.168:65332                 timer:(keepalive,111min,0)
ESTAB       0      80                                    172.19.79.105:ssh                                                172.29.155.168:64465                 timer:(on,1min28sec,10)
ESTAB       0      64                                    172.19.79.105:ssh                                                172.29.155.168:63503                 timer:(on,594ms,0)

# ss -ot dst :443
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
ESTAB       0      0                                       10.104.12.1:53458                                              10.104.202.160:https                 timer:(keepalive,17sec,0)
ESTAB       0      0                                       10.104.12.1:49912                                              10.104.208.141:https                 timer:(keepalive,22sec,0)
ESTAB       0      0                                       10.104.12.1:38150                                                10.104.128.1:https                 timer:(keepalive,13sec,0)


  1. ss -s ->show socket usage summary with breakdown
# ss -s
Total: 2829 (kernel 3087)
TCP:   2221 (estab 2086, closed 82, orphaned 0, synrecv 0, timewait 37/0), ports 0

Transport Total     IP        IPv6
*         3087      -         -
RAW       0         0         0
UDP       27        14        13
TCP       2139      2103      36
INET      2166      2117      49

FRAG      0         0         0

Comments

  1. It is very helpful blog information
    Sanjary Academy is the best Piping Design institute in Hyderabad, Telangana. It is the best Piping design Course in India and we have offer professional Engineering Courses like Piping design Course, QA/QC Course, document controller course, Pressure Vessel Design Course, Welding Inspector Course, Quality Management Course and Safety Officer Course.
    Piping Design Course in Hyderabad ­

    ReplyDelete
  2. Thanks for sharing information
    We are the best piping design course in Hyderabad, India. Sanjary academy Offers Piping Design Course and Best Piping Design Training Institute in Hyderabad. Piping Design Institute in India Piping Design Engineering.
    Piping Design Course
    Piping Design Course in india
    Piping Design Course in hyderabad

    ReplyDelete
  3. Nice Information for this blog
    "Sanjary Academy provides excellent training for Piping design course. Best Piping Design Training Institute in Hyderabad,
    Telangana. We have offer professional Engineering Course like Piping Design Course,QA / QC Course,document Controller
    course,pressure Vessel Design Course, Welding Inspector Course, Quality Management Course, #Safety officer course."
    Piping Design Course
    Piping Design Course in India­
    Piping Design Course in Hyderabad
    QA / QC Course
    QA / QC Course in india
    QA / QC Course in Hyderabad
    Document Controller course
    Pressure Vessel Design Course
    Welding Inspector Course
    Quality Management Course
    Quality Management Course in india
    Safety officer course

    ReplyDelete

Post a Comment

Popular posts from this blog

Steps to Analyze AWR Report in Oracle

Steps to Analyze AWR Report in Oracle
AWR -Automaticworkload repository is a collection of persistentsystem performancestatisticsowned by SYS. It resides in SYSAUXtablespace. Bydefault snapshot are generated once every 60 min and maintained for 7 days. Each snapshot has a unique ID know as "snap_id". Snapshot detail can be found in "dba_hist_snapshot" view.
If we have Database performance issue and not the Database machine, then AWR Report is the place to look at. AWR is not used for real-time performance monitoring like the v$ tables. It is used for historical analysis of performance. AWR complements, but doesnot replace real-time monitoring.
Once AWR Report is generated in Oracle, the next task is to analyze it. By going through the AWR Report we can easily solve issues like slow database, high wait events, slow query and many more issues. Even though the report is lengthy, Analyzing or Reading relevant part of AWR Report can help to troubleshoot issues in easy and …

Using SQL Developer to create and view Tablespaces

Below are the steps Create and View Table Spaces settings using SQL Developer.
Required SQL developer version is version 3.0
To Create TableSpace :
Click on Menu View/DBA - DBA navigator window will appear.
In the DBA window add a new connection to the DB, and click connect. Then under storage option right click on Tablespaces and choose New Tablespace to create new one. Fill the Details as shown below:


To View the created table spaces: Under Storage, Select Data Files:
It will display the below: