~2 min read • Updated Jul 20, 2025
1. What Is ss?
ss stands for "socket statistics" and is a command-line utility for displaying socket and network connection information in Linux. It shows protocol type, state, IP address, ports, and associated processes—quickly and in detail.
2. Installing ss
ss is typically preinstalled on modern Linux systems as part of iproute2. If needed:
sudo apt install iproute2 # Debian / Ubuntusudo yum install iproute # CentOS / RHEL3. Basic Usage
To list all listening TCP/UDP sockets without resolving hostnames:
ss -tuln4. Common ss Options
| Option | Example | |
|---|---|---|
| -t | Show TCP sockets | |
| -u | Show UDP sockets | |
| -l | Show listening sockets only | |
| -n | Disable hostname resolution | |
| -p | Show process IDs and names | |
| -a | Display all sockets | |
| -s | Display socket summary stats | |
5. View Sockets by Process
Find sockets associated with a specific process (e.g., Apache):
ss -lptn | grep apache6. Analyze Established Connections
List currently active connections:
ss -t -o state establishedCheck ports listening on localhost:
ss -lt src 127.0.0.17. Comparison: ss vs netstat
| Feature | netstat | ss |
|---|---|---|
| Speed and low resource usage | ❌ | ✅ |
| IPv6 socket support | ✅ | ✅ |
| Process (PID/program) display | ✅ | ✅ |
| Default in modern distros | ❌ | ✅ |
8. Security and Practical Tips
- Use
sudo ss -pto see processes bound to ports - Combine with
grepto filter specific services - Helpful for detecting open ports, firewall rules, and unknown listeners
9. Conclusion
ss is a fast, modern, and versatile tool for monitoring sockets, listening ports, and active connections in Linux. Its real-time performance, precision, and scripting flexibility make it a must-have for system diagnostics and security audits.
Written & researched by Dr. Shahin Siami