SS command in Linux - more powerful than netstat

-
Today i want to share a command ss (Socket statistics) to investigate network and debug tcp connections.
ss  is  used to dump socket statistics. It allows showing information similar to netstat.  It can display more TCP and state information than other tools.
It is present in most of our Linux machines.

ss commands has lot of options. To get all options: ss -help

Few commands and outputs worth trying are as below:
  1. ss -t ->stands for tcp. Gives information about tcp connections that are available on the system
#ss -t
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
ESTAB       0      352                                   172.19.79.104:ssh                                                172.29.155.168:64045
ESTAB       0      0                                     172.19.79.104:54550                                               172.19.79.105:pcsync-https
ESTAB       0      0                              ::ffff:172.19.79.104:10250                                        ::ffff:172.19.79.105:47578

  1. ss -ta ->a stands for all. Displays all tcp connections
#ss -ta
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
LISTEN      0      128                                               *:sunrpc                                                          *:*
LISTEN      0      128                                       127.0.0.1:domain                                                          *:*
LISTEN      0      5                                       10.104.10.1:domain                                                          *:*
LISTEN      0      5                                        172.18.0.1:domain                                                          *:*
LISTEN      0      5                                     192.168.122.1:domain                                                          *:*
LISTEN      0      5                                     172.19.79.104:domain                                                          *:*
LISTEN      0      128                                               *:ssh                                                             *:*
LISTEN      0      128                                       127.0.0.1:ipp                                                             *:*
LISTEN      0      100                                       127.0.0.1:smtp                                                            *:*
ESTAB       0      128                                   172.19.79.104:ssh                                                172.29.155.168:64045
ESTAB       0      0                                     172.19.79.104:54550                                               172.19.79.105:pcsync-https

Few other arguments are as below:

   -t, --tcp           display only TCP sockets
   -S, --sctp          display only SCTP sockets
   -u, --udp           display only UDP sockets
   -d, --dccp          display only DCCP sockets
   -w, --raw           display only RAW sockets
   -x, --unix          display only Unix domain sockets

Few  important commands to try:
  1. ss -tp  -->processes     show process using socket
E.g Output:
tcp   ESTAB      0      0                                   172.19.79.105:http                                              172.19.48.200:31271                 users:(("haproxy",pid=80305,fd=474))

It tells the service, processid and file-descriptor of the service that is using the socket.


  1. ss -t4 -> to show only IPV4 sockets
   -4, --ipv4          display only IP version 4 sockets
   -6, --ipv6          display only IP version 6 sockets

  1. ss -n --> numeric       don't resolve service names
Example as below: 1433 port resolved as ms-sql-s port
# ss -tn
State       Recv-Q Send-Q                                  Local Address:Port                                                 Peer Address:Port
ESTAB       0      0                                ::ffff:172.19.79.190:58096                                         ::ffff:172.19.76.75:1433
# ss -t
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
ESTAB       0      0                              ::ffff:172.19.79.190:58096                                         ::ffff:172.19.76.75:ms-sql-s

  1. ss -lt -->listening     display listening sockets
# ss -lt
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
LISTEN      0      128                                               *:https                                                           *:*
LISTEN      0      128                                               *:pcsync-https                                                    *:*
LISTEN      0      128                                               *:pcsync-http                                                     *:*
LISTEN      0      128                                       127.0.0.1:10443                                                           *:*
LISTEN      0      128                                   172.19.79.105:2379                                                            *:*


  1. # ss -ot
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
ESTAB       0      0                                     172.19.79.105:2379                                                172.19.79.105:33464                 timer:(keepalive,16sec,0)
ESTAB       0      0                                     172.19.79.105:http                                                172.19.48.200:37659
ESTAB       0      0                                     172.19.79.105:http                                                172.19.48.200:12295
ESTAB       0      0                                     172.19.79.105:pcsync-https                                         10.104.12.26:45382                 timer:(keepalive,2min8sec,0)

To get timer information about tcp connection.


  1. Filtering with source or destination port
#ss -ot src :22
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
ESTAB       0      0                                     172.19.79.105:ssh                                                172.29.155.168:65332                 timer:(keepalive,111min,0)
ESTAB       0      80                                    172.19.79.105:ssh                                                172.29.155.168:64465                 timer:(on,1min28sec,10)
ESTAB       0      64                                    172.19.79.105:ssh                                                172.29.155.168:63503                 timer:(on,594ms,0)

# ss -ot dst :443
State       Recv-Q Send-Q                                Local Address:Port                                                 Peer Address:Port
ESTAB       0      0                                       10.104.12.1:53458                                              10.104.202.160:https                 timer:(keepalive,17sec,0)
ESTAB       0      0                                       10.104.12.1:49912                                              10.104.208.141:https                 timer:(keepalive,22sec,0)
ESTAB       0      0                                       10.104.12.1:38150                                                10.104.128.1:https                 timer:(keepalive,13sec,0)


  1. ss -s ->show socket usage summary with breakdown
# ss -s
Total: 2829 (kernel 3087)
TCP:   2221 (estab 2086, closed 82, orphaned 0, synrecv 0, timewait 37/0), ports 0

Transport Total     IP        IPv6
*         3087      -         -
RAW       0         0         0
UDP       27        14        13
TCP       2139      2103      36
INET      2166      2117      49

FRAG      0         0         0

Comments

  1. kirankumarJuly 13, 2019 at 5:19 PM

    It is very helpful blog information
    Sanjary Academy is the best Piping Design institute in Hyderabad, Telangana. It is the best Piping design Course in India and we have offer professional Engineering Courses like Piping design Course, QA/QC Course, document controller course, Pressure Vessel Design Course, Welding Inspector Course, Quality Management Course and Safety Officer Course.
    Piping Design Course in Hyderabad ­

    ReplyDelete
  2. Chandra Sekhar ReddyDecember 9, 2019 at 11:55 AM

    Nice Information for this blog
    "Sanjary Academy provides excellent training for Piping design course. Best Piping Design Training Institute in Hyderabad,
    Telangana. We have offer professional Engineering Course like Piping Design Course,QA / QC Course,document Controller
    course,pressure Vessel Design Course, Welding Inspector Course, Quality Management Course, #Safety officer course."
    Piping Design Course
    Piping Design Course in India­
    Piping Design Course in Hyderabad
    QA / QC Course
    QA / QC Course in india
    QA / QC Course in Hyderabad
    Document Controller course
    Pressure Vessel Design Course
    Welding Inspector Course
    Quality Management Course
    Quality Management Course in india
    Safety officer course

    ReplyDelete
  3. TNK Design DeskDecember 23, 2019 at 11:45 AM

    Very useful and informative blog. Thank you so much for these kinds of informative blogs.
    who provides seo services and e-commerce development services.
    website designer in noida
    website designers delhi
    website designers in delhi
    website designing agency in delhi
    website designing and development
    website designing companies in delhi
    website designing company delhi
    website designing company in delhi ncr
    website designing company in gurgaon
    website designing company in new delhi
    website designing company in noida
    website designing company list
    website designing company noida
    website designing cost in delhi
    website designing cost in india
    website designing delhi
    website designing firms in delhi
    website designing in delhi
    website designing in delhi ncr
    website designing in gurgaon
    website designing in noida
    website designing services
    website designing services delhi
    website designing services in delhi
    web design development company
    web design development services
    web design in delhi
    web design service
    web design services company
    web design services in delhi
    web designer company
    web designer delhi
    web designer in delhi
    web designers delhi
    web designers in delhi
    web designing & development
    web designing advertisement
    web designing and development
    web designing and development company
    web designing and development services

    ReplyDelete
  4. hasu0gast-guApril 25, 2022 at 5:52 PM

    hasu0gast-gu Mickael Hamby https://wakelet.com/wake/9XTcD4KEBfx_KDDj5-N9K
    ofafusar

    ReplyDelete
  5. UulalterciAugust 26, 2022 at 10:41 PM

    Uulalterci Kathy Johnson Visit
    Link
    Avast Pro Antivirus
    empretarvic

    ReplyDelete

Post a Comment

Popular posts from this blog

Steps to Analyze AWR Report in Oracle

-
Image
Steps to Analyze AWR Report in Oracle AWR -   Automatic   workload repository is a collection of persistent   system performance   statistics   owned by SYS. It resides in SYSAUX   tablespace . By default snapshot are generated once every 60 min and maintained for 7 days . Each snapshot has a unique ID know as "snap_id". Snapshot detail can be found in " dba_hist_snapshot " view.   If we have Database performance issue and not the Database machine, then AWR Report is the place to look at. AWR is not used for real-time performance monitoring like the v$ tables. It is used for historical analysis of performance. AWR complements, but doesnot replace real-time monitoring. Once AWR Report is generated in Oracle, the next task is to analyze it. By going through the AWR Report we can easily solve issues like slow database, high wait events, slow query and many more issues. Even though the report is lengthy, Analyzing or Reading relevant part of AWR Report can
Read more

Vmstat Output explained

-
vmstat : vmstat is a tool in Unix/Linux which is used to Report virtual memory statistics. It shows how much virtual memory there is, how much is free and paging activity. Most important, you can observe page-ins and page-outs as they happen.   vmstat   reports   information about processes, memory, paging, block IO, traps, and cpu activity.   > vmstat procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----   r   b    swpd    free    buff   cache         si    so     bi     bo    in    cs us sy id wa st   0   0   21688 12797396 850716 15372668     0     0      3     35     0     0   1   0 99   0   0   0   0   21688 12789292 850716 15372668     0     0      0   1355   883   744   1   0 99   0   0   1   0   21688 12784648 850716 15372676     0     0      0     15 1934 1292   6   0 93   0   0   2   0   21688 12781356 850716 15372736     0     0      0     16 2222 2094   8   1 92   0   0   0   0   21688 12809992 850716 15376880     0
Read more

Verifications and Error Handling in LoadRunner *Web_reg_find and Web_reg_save_param*

-
Verification's and Error Handling Verification points must be inserted into the scripts to verify the application being tested with the load. Verification function that are used in our application are:  Web_reg_find, web_reg_save_param These verification should be outside towards the end of the transaction. Mandatory verification points: ■          Login – whenever there is a login, verification points must be added to verify that the user logged in correctly. ■          Update Transactions – transactions that update the database must be verified that they are successful. ■          Each page should be verified using Web_reg_find function Using Web _ reg_find for verifications. Example: web_reg_find("Text= Main Package","SaveCount=Verify_Count1",LAST); Verification: if (strcmp(lr_eval_string("{Verify_Count1}"),"0")==0) { lr_end_transaction("AddMainPackage", LR_FAIL);  lr_error_message(&q
Read more