Linux server performance monitoring through the ‘ss’ command provides the monitoring statistics related to network sockets and connections. ‘ss’ stands for ‘Socket Statistics’ and it is a simpler and faster version of the obsolete command ‘netstat’. ‘ss’ utility completely replaces ‘netstat’ in the Linux Performance Monitoring system which provides more advanced features and flexibility. It has a wide range of options and filtering capabilities that allow you to customize the output to your needs. It is typically used to diagnose and troubleshoot network issues, such as identifying open ports, viewing established connections, and monitoring network traffic.
Command Syntex:
$ ss
Output
Field Description
- Netid: It gives information about the type of socket like
- icmp6: Internet control message protocol
- nl: netlink
- tcp: transmission control protocol (connection-oriented)
- u_dgr: Unix datagram
- u_str: Unix stream
- u_seq: Unix sequence
- udp: user datagram protocol (connectionless)
- State: It provides the state of the socket. The possible values are ESTAB (Established), UNCONN (Unconnected), LISTEN (Listening), CLOSE-WAIT and TIME-WAIT.
- Recv-Q: It shows the number of received packets in the queue.
- Send-Q: It shows the number of sent packets in the queue.
- Local address:port: Address of local machine and port.
- Peer address:port: Address of remote machine and port.
- Process: It provides a process name; mostly blank response.
Options
| Options | Purpose |
|---|---|
| -a | It displays all sockets |
| -b | It shows the bpf filter socket information |
| -d | It displays only DCCP sockets |
| -e | It shows detailed socket information |
| -E | It continually displays sockets as they are destroyed |
| -h | It shows all the valid options for ‘ss’ command |
| -i | It shows internal TCP information |
| -l | It displays all the listening sockets |
| -m | It shows socket memory usage |
| -M | It displays only MPTCP sockets |
| -n | It displays the stats without resolving service names (IP Addresses) |
| -o | It shows timer information |
| -p | It shows the process used by a socket. Type, Process ID and fd. |
| -r | It shows the stats by resolving the host names. |
| -s | It shows the socket usage summary |
| -S | It displays only SCTP sockets |
| -t | It displays only TCP socket statistics. |
| -u | It displays only UDP sockets |
| -w | It displays only RAW sockets |
| -x | It displays only Unix domain sockets |
| -z | It displays process and socket SELinux security contexts |
| -4 | It displays only IP version 4 sockets |
| -6 | It displays only IP version 6 sockets |
| -0 | It displays PACKET sockets |
Commonly Used Combinations
| Option Combinations | Purpose |
|---|---|
| ss -t -a | To display all TCP sockets |
| ss -t -a -Z | To display all TCP sockets with process SELinux security contexts |
| ss -u -a | To display all UDP sockets |
| ss -a -A ‘all,!tcp’ | To list sockets in all states from all socket tables but TCP |
| ss | wc -l | To count the socket connections that are established on the system |
You may be interested:
- Linux Performance Monitoring – vmstat
- Linux Performance Monitoring – mpstat
- Linux Performance Monitoring – iostat
- Performance Engineering Tutorial
- Important Linux Commands for Performance Testers
- Linux Operating System Performance Counters