If you are a linux user or a linux system admin then you face the sockets related problems almost daily while configuring your linux servers or during monitoring running services in your linux machine.In this article i am going to write how to know detail information about linux sockets running on your Linux server or computer.In this tutorial you will learn how to display raw sockets,unix sockets,udp sockets,tcp sockets,ipv4 sockets,ipv6 sockets,listening sockets.We will also learn how to see socket memory usage,process using socket and to see intenal tcp information using ss command in Linux.
(Note:I have tested all these commands on Redhat Enterprise Linux)
Display socket summary.
[root@localhost ~]# ss
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:42125 173.194.36.8:http
ESTAB 0 0 10.0.2.15:50247 216.58.220.14:http
ESTAB 0 0 10.0.2.15:52855 173.194.36.22:https
ESTAB 0 0 10.0.2.15:52850 173.194.36.22:https
ESTAB 0 0 10.0.2.15:52851 173.194.36.22:https
ESTAB 0 0 10.0.2.15:37351 63.245.216.132:https
ESTAB 0 0 10.0.2.15:52987 173.194.36.53:https
Display only Listening sockets.
[root@localhost ~]# ss -l
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 127.0.0.1:2208 *:*
0 0 *:sunrpc *:*
0 0 127.0.0.1:ipp *:*
0 0 *:951 *:*
0 0 127.0.0.1:smtp *:*
0 0 127.0.0.1:2207 *:*
0 0 :::ssh :::*
In above output you have seen ssh is running,let’s see what happen when we stop ssh service.
[root@localhost ~]# service sshd stop
Stopping sshd: [ OK ]
[root@localhost ~]# ss -l
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 127.0.0.1:2208 *:*
0 0 *:sunrpc *:*
0 0 127.0.0.1:ipp *:*
0 0 *:951 *:*
0 0 127.0.0.1:smtp *:*
0 0 127.0.0.1:2207
Now you can see ssh have been removed from listening socket output,because ssh service has been stoped.
Show processes using socket.
[root@localhost ~]# ss -p
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:42125
173.194.36.8:http users:((“firefox”,3967,50))
ESTAB 0 0 10.0.2.15:40976
173.194.36.34:http users:((“firefox”,3967,31))
ESTAB 0 0 10.0.2.15:50247
216.58.220.14:http users:((“firefox”,3967,41))
ESTAB 0 0 10.0.2.15:52855
173.194.36.22:https users:((“firefox”,3967,52))
ESTAB 0 0 10.0.2.15:52850
173.194.36.22:https users:((“firefox”,3967,42))
ESTAB 0 0 10.0.2.15:52851
173.194.36.22:https users:((“firefox”,3967,44))
ESTAB 0 0 10.0.2.15:37351
63.245.216.132:https users:((“firefox”,3967,40))
ESTAB 0 0 10.0.2.15:52987
173.194.36.53:https users:((“firefox”,3967,49))
ESTAB 0 0 10.0.2.15:39687
23.35.43.27:http users:((“firefox”,3967,51))
Show socket having a established connection.
[root@localhost ~]# ss -e
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:42125
173.194.36.8:http ino:14447 sk:f3ec2040
ESTAB 0 0 10.0.2.15:40976
173.194.36.34:http ino:14352 sk:f42a9240
ESTAB 0 0 10.0.2.15:50247
216.58.220.14:http ino:14359 sk:f42a9b40
ESTAB 0 0 10.0.2.15:52855
173.194.36.22:https ino:14451 sk:e8a65b40
ESTAB 0 0 10.0.2.15:52850
173.194.36.22:https ino:14422 sk:f42a96c0
ESTAB 0 0 10.0.2.15:52851
173.194.36.22:https ino:14424 sk:f3ec2dc0
ESTAB 0 0 10.0.2.15:37351
63.245.216.132:https ino:14100 sk:f3ec2940
ESTAB 0 0 10.0.2.15:52987
173.194.36.53:https ino:14431 sk:f3ec3240
ESTAB 0 0 10.0.2.15:39687
23.35.43.27:http ino:14450 sk:f3ec24c0
Show socket memory usage.
[root@localhost ~]# ss -e -m
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:42125
173.194.36.8:http ino:14447 sk:f3ec2040
CLOSE-WAIT 1 0 10.0.2.15:40976
173.194.36.34:http ino:14352 sk:f42a9240
ESTAB 0 0 10.0.2.15:50247
216.58.220.14:http ino:14359 sk:f42a9b40
ESTAB 0 0 10.0.2.15:52855
173.194.36.22:https ino:14451 sk:e8a65b40
ESTAB 0 0 10.0.2.15:52850
173.194.36.22:https ino:14422 sk:f42a96c0
ESTAB 0 0 10.0.2.15:52851
173.194.36.22:https ino:14424 sk:f3ec2dc0
ESTAB 0 0 10.0.2.15:37351
63.245.216.132:https ino:14100 sk:f3ec2940
ESTAB 0 0 10.0.2.15:52987
173.194.36.53:https ino:14431 sk:f3ec3240
CLOSE-WAIT 1 0 10.0.2.15:39687
23.35.43.27:http ino:14450 sk:f3ec24c0
Display summarized all of sockets status.
[root@localhost ~]# ss -s
Total: 424 (kernel 440)
TCP: 13 (estab 7, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 13
Transport Total IP IPv6
* 440 – –
RAW 0 0 0
UDP 9 7 2
TCP 13 13 0
INET 22 20 2
FRAG 0 0 0
Show timer information.
[root@localhost ~]# ss –options
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:37351 63.245.216.132:https
[root@localhost ~]#
Display only RAW Sockets.
[root@localhost ~]# ss –raw
State Recv-Q Send-Q Local Address:Port Peer Address:Port
Display only UNIX SOCKETS.
[root@localhost ~]# ss –unix
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 6985 * 0
u_str ESTAB 0 0 * 6986 * 0
u_str ESTAB 0 0 * 7338 * 0
u_str ESTAB 0 0 * 7339 * 0
u_str ESTAB 0 0 * 7399 * 0
u_str ESTAB 0 0 * 7400 * 0
u_str ESTAB 0 0 * 7510 * 0
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 7511
* 0
DISPLAY ONLY IPv4 SOCKETS.
[root@localhost ~]# ss –ipv4
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:37351 63.245.216.132:https
Display only IPv6 Sockets.
[root@localhost ~]# ss –ipv6
State Recv-Q Send-Q Local Address:Port Peer Address:Port
Display only PACKETS SOCKETS.
[root@localhost ~]# ss –packet
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
RESOLVE HOSTNAME
[root@localhost ~]# ss -r
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:37351
addons-mozilla-org.mktns.services.phx1.mozilla.net:https
Don’t Resolve service name.
[root@localhost ~]# ss -n
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:37351 63.245.216.132:443
Display all sockets.
[root@localhost ~]# ss -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 0 127.0.0.1:2208 *:*
LISTEN 0 0 *:sunrpc *:*
LISTEN 0 0 127.0.0.1:ipp *:*
LISTEN 0 0 *:951 *:*
LISTEN 0 0 127.0.0.1:smtp *:*
LISTEN 0 0 127.0.0.1:2207 *:*
TIME-WAIT 0 0 127.0.0.1:mrm 127.0.0.1:sunrpc
ESTAB 0 0 10.0.2.15:37351 63.245.216.132:https
Show internal TCP INFORMATION.
[root@localhost ~]# ss -i
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:37351
63.245.216.132:https rto:0.201 ssthresh:100
DISPLAY ONLY TCP SOCKETS
[root@localhost ~]# ss –tcp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:37351 63.245.216.132:https
DISPLAY ONLY UDP SOCKETS
[root@localhost ~]# ss –udp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
Show sockets memory usage.
[root@localhost ~]# ss -m
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.0.2.15:37351 63.245.216.132:https
[root@localhost ~]#
Learn Linux CCNA CEH IPv6 Cyber-Security Online 
I blog frequently and I really appreciate your content. This great article has really peaked my interest. I am going to bookmark your website and keep checking for new information about once a week. I subscribed to your Feed too.
LikeLike
This is the right webpage for anybody who really wants to understand this topic. You understand a whole lot its almost hard to argue with you (not that I actually will need to…HaHa). You certainly put a new spin on a subject which has been written about for a long time. Great stuff, just excellent!
LikeLike
This site was… how do I say it? Relevant!! Finally I’ve found something that helped me. Thanks!
LikeLike