Article

Use SS To Monitor Network Connections On CentOS

Published on: Fri, Jan 22, 2016 at 7:40 am EST
CentOS Linux Guides Server Apps

The ss utility is a useful network status monitoring tool that is part of the iproute2 package. The name ss is an acronym for socket statistics—represents, and is used for displaying all sorts of socket statistics such as TCP, UDP, and Unix Domain sockets.

As a Systems Administrator, these statistics will allow you to analyze and diagnose possible causes for network connectivity issues.

Compared to a more traditional tools such as netstat, ss delivers results much faster, which can be very useful for network administrators who are managing servers with constant high traffic. This is why it is often recommended to use ss instead of netstat.

Prerequisites

  • A CentOS 6.x x64 bit instance.
  • A sudo user.

Install ss if necessary

The ss command is available on most of the recently released Linux distributions. If it is not already installed on your system, you can install it along with some other utilities on RPM-based distribution using the following command:

sudo yum install iproute iproute-doc

Some examples of using ss

In this example, we will list some common examples of using ss as a reference. You can learn more about ss by passing the help parameter: ss --help.

To show socket usage summary:

ss -s

To show listening IPv4 sockets and their corresponding processes, using port numbers instead of service names:

ss -4nlp

The command above is the combination of the following ss -4, ss -n, ss -l, and ss -p. You can also combine other parameters in the same fashion.

Show IPv4 sockets:

ss -4

To show port numbers instead of default service names:

ss -n

Show listening sockets:

ss -l

To show corresponding process names:

ss -p

To show all sockets:

ss -a

Similarly, you can list all TCP, UDP, RAW, or all Unix domain sockets accordingly using the following commands:

ss -at
ss -au
ss -ar
ss -ax

To list the process responsible for opening port 22:

ss -lnp | grep 22

In this example, the -n parameter and the port number 22 must be used at the same time, or you won't be able to find the correct result.

Show sockets connected to a remote machine whose IP address is 123.123.123.123:

ss dst 123.123.123.123

List all sockets matching the local IP address 12.34.56.78 and port 80:

ss src 12.34.56.78:80

Show help for ss:

ss -h

or

ss --help

This concludes our tutorial. Thank you for reading.

Want to contribute ?

You could earn up to $300 by adding new articles