ss

ss (“socket statistics”) is a *nix tool for listing socket informaion, e.g., which TCP/UDP ports are in use.

Difference between ss and netstat

ss is a newer and superior version of netstat, and they share many common options. Note that some options may have changed or been removed (see here). Some functionalities from netstat are available in ip (see here).

Common oneliners (may require sudo to see process name and PID):

# View processes listening on TCP ports
ss -plnt # or -tlpn
ss --processes --listening --numeric --tcp
 
# View processes listening on UDP/TCP ports
ss -plnut # or -tulpn
ss -plnt --udp
 
# The same, but with extended socket info
ss -plenut # or -tulpen
ss -plnut --extended
 
# View all UDP/TCP ports in use
ss -naut
ss -ntu --all

Common options:

Filter by listen
- -l,--listening: list listening sockets (i.e., socket being listened on by a process)
- -a,--all: list all sockets
Filter by protocol
- -t,--tcp: list TCP sockets
- -u,--udp: list UDP sockets
- Note that ss -ltu matches sockets on either a TCP or UDP port
Display additional data
- -p,--processes: list PID that is using (listening on) the port
- -e,--extended: show more information about the socket & process
- -n,--numeric: show port as number instead of service
- -r,--resolve: resolve IP address into hostname

Security Memo

Recent Notes

SMART

Bossa Nova

ZFS

post-rock

2024-09-27

ss

Graph View

Backlinks