Linux commands for system administrators

ss Command

| ss |

1. What Is ss?

ss stands for "socket statistics" and is a command-line utility for displaying socket and network connection information in Linux. It shows protocol type, state, IP address, ports, and associated processes—quickly and in detail.

2. Installing ss

ss is typically preinstalled on modern Linux systems as part of iproute2. If needed:

sudo apt install iproute2        # Debian / Ubuntu

sudo yum install iproute         # CentOS / RHEL

3. Basic Usage

To list all listening TCP/UDP sockets without resolving hostnames:

ss -tuln

4. Common ss Options

Option	Example
-t	Show TCP sockets	`ss -t`
-u	Show UDP sockets	`ss -u`
-l	Show listening sockets only	`ss -l`
-n	Disable hostname resolution	`ss -n`
-p	Show process IDs and names	`sudo ss -p`
-a	Display all sockets	`ss -a`
-s	Display socket summary stats	`ss -s`

5. View Sockets by Process

Find sockets associated with a specific process (e.g., Apache):

ss -lptn | grep apache

6. Analyze Established Connections

List currently active connections:

ss -t -o state established

Check ports listening on localhost:

ss -lt src 127.0.0.1

7. Comparison: ss vs netstat

Feature	netstat	ss
Speed and low resource usage	❌	✅
IPv6 socket support	✅	✅
Process (PID/program) display	✅	✅
Default in modern distros	❌	✅

8. Security and Practical Tips

Use sudo ss -p to see processes bound to ports
Combine with grep to filter specific services
Helpful for detecting open ports, firewall rules, and unknown listeners

9. Conclusion

ss is a fast, modern, and versatile tool for monitoring sockets, listening ports, and active connections in Linux. Its real-time performance, precision, and scripting flexibility make it a must-have for system diagnostics and security audits.