ss (Socket Statistics)

The ss command is a powerful utility used to investigate sockets. It is the modern replacement for the classic netstat command, providing more detailed information and running faster.

Common `ss` Commands

Display Listening Ports & Processes

ss -tlnp

Displays listening TCP ports and the processes using them.

Flag breakdown:

-t → Show only TCP connections.
-l → Show only listening ports.
-n → Do not resolve service names (faster).
-p → Show the process ID (PID) and name.

Show Active TCP Connections

ss -tn

A quick way to see all established TCP connections, without waiting for name resolution.

Show Active UDP Connections

ss -un

Lists all active UDP connections.

Show All Sockets

ss -a

Displays all sockets (both listening and non-listening) for all protocols.

Show Unix Sockets

ss -x

Displays active Unix Domain Sockets, which are used for inter-process communication on the same machine.

Example: Localhost vs Public Interface

Below is an example of ss -ltnp output showing a service listening only on localhost (127.0.0.1 and ::1):

LISTEN 0      511        127.0.0.1:6379       0.0.0.0:*    users:(("redis-server",pid=6789,fd=6))
LISTEN 0      511            [::1]:6379          [::]:*    users:(("redis-server",pid=6789,fd=7))

If a service is listening on a public interface (e.g., 0.0.0.0 or your server's IP), it will look like this:

LISTEN 0      511        0.0.0.0:80           0.0.0.0:*    users:(("nginx",pid=12345,fd=6))
LISTEN 0      511            [::]:80              [::]:*    users:(("nginx",pid=12345,fd=7))