Troubleshooting sockets with ss

Connection State

You can use the --query or -A query addition to dump a sockets table. The magic word autobound checks for ephemeral ports that sockets have attached themselves to. Prepare yourself for screeds of output, even on a quiet system. An abbreviated version of the output is shown in Listing 8.

Listing 8

ss -a -A all autobound


You can also filter by TCP states; for instance, the following command filters for sFTP traffic:

# ss state connected dport = :sftp

Anything treated as "current" in relation to the sFTP port is displayed promptly.

You can complicate the command a little more with a boolean operator:

# ss ( sport = :ftp or dport = :http )

You can even use ss to find connections that are in a specific TCP state, including the established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen, and closing.

The TCP state parameters let you do some very powerful querying. For example, checking for FIN--WAIT--1 states lets you identify whether your application has closed its side of a connection, but a remote host has not closed its side, thus tying up your machine's precious ports:

ss -o state fin-wait-1 '( sport = \
  :ftp or sport = :http )' \

Sso It Ends

The ss utility is a powerful tool that will help you query your network in significant detail. Ss is extremely high performance for both manual and automated queries, and it requires very few keystrokes to execute common commands.

This tiny but heroic tool helps flex the muscles of any sys admin. If you want to increase the power of your admin toolkit, try practicing some of the more complex commands in your day-to-day work.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • User Monitoring

    Linux tracks all the actions that take place on your system, including when your users were active and what they did.

  • Command Line – Port Security

    A few basic commands for working with ports can help you make your small network or standalone system more secure.

  • Nmap Scripting

    Nmap is rolling out a new scripting engine to automatically investigate vulnerabilities that turn up in a security scan. We’ll show you how to protect your network with Nmap and NSE.

  • Command Line: Network Diagnostic Tools

    Linux has the right tools to track down network errors and open the way for data packets.

  • lsof

    In Linux, everything is a file – directories, devices, pipes – so lsof (list open files) reveals what's happening on your system.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs