Linux Performance Monitoring – ss

Linux server performance monitoring through the ‘ss’ command provides the monitoring statistics related to network sockets and connections. ‘ss’ stands for ‘Socket Statistics’ and it is a simpler and faster version of the obsolete command ‘netstat’. ‘ss’ utility completely replaces ‘netstat’ in the Linux Performance Monitoring system which provides more advanced features and flexibility. It has a wide range of options and filtering capabilities that allow you to customize the output to your needs. It is typically used to diagnose and troubleshoot network issues, such as identifying open ports, viewing established connections, and monitoring network traffic.

Command Syntex:

$ ss


Linux Performance Monitoring - ss
Figure 01

Field Description

  • Netid: It gives information about the type of socket like
    • icmp6: Internet control message protocol
    • nl: netlink
    • tcp: transmission control protocol (connection-oriented)
    • u_dgr: Unix datagram
    • u_str: Unix stream
    • u_seq: Unix sequence
    • udp: user datagram protocol (connectionless)
  • State: It provides the state of the socket. The possible values are ESTAB (Established), UNCONN (Unconnected), LISTEN (Listening), CLOSE-WAIT and TIME-WAIT.
  • Recv-Q: It shows the number of received packets in the queue.
  • Send-Q: It shows the number of sent packets in the queue.
  • Local address:port: Address of local machine and port.
  • Peer address:port: Address of remote machine and port.
  • Process: It provides a process name; mostly blank response.


-aIt displays all sockets
-bIt shows the bpf filter socket information
-dIt displays only DCCP sockets
-eIt shows detailed socket information
-EIt continually displays sockets as they are destroyed
-hIt shows all the valid options for ‘ss’ command
-iIt shows internal TCP information
-lIt displays all the listening sockets
-mIt shows socket memory usage
-MIt displays only MPTCP sockets
-nIt displays the stats without resolving service names (IP Addresses)
-oIt shows timer information
-p It shows the process used by a socket. Type, Process ID and fd.
-rIt shows the stats by resolving the host names.
-sIt shows the socket usage summary
-SIt displays only SCTP sockets
-tIt displays only TCP socket statistics.
-uIt displays only UDP sockets
-wIt displays only RAW sockets
-xIt displays only Unix domain sockets
-zIt displays process and socket SELinux security contexts
-4It displays only IP version 4 sockets
-6It displays only IP version 6 sockets
-0It displays PACKET sockets

Commonly Used Combinations

Option CombinationsPurpose
ss -t -aTo display all TCP sockets
ss -t -a -ZTo display all TCP sockets with process SELinux security contexts
ss -u -aTo display all UDP sockets
ss -a -A ‘all,!tcp’To list sockets in all states from all socket tables but TCP
ss | wc -lTo count the socket connections that are established on the system 

You may be interested:

Leave a Comment