Overview
In this tutorial, you will learn how to use ss to see open ports in Ubuntu, as well as how to list connections.
Up until recently netstat was the go-to tool in Linux for monitoring network connections. It’s duties are slowly being taken over by other, simpler utilities that are written specifically for doing one thing and doing it well.
Features of netstat for getting network link information has been added to the ip command, while socket information can now be performed by the ss command.
We will show how to use the ss command by showing examples of checking sockets states and network connections.
Summary of all Network Sockets on Ubuntu
To view a list of all sockets for each network protocol on your Ubuntu host, use the -s flag. The -s flag instructs ss to generate a summary of sockets.
ss -sThe output will look similar to the example below. From it we can see there are a total of 164 sockets, of which 4 are TCP and 3 are UDP. We can also see that whether those sockets are IPv4 or IPv6.
Total: 164
TCP: 4 (estab 1, closed 0, orphaned 0, timewait 0)
Transport Total IP IPv6
RAW 1 0 1
UDP 3 2 1
TCP 4 3 1
INET 8 5 3
FRAG 0 0 0List all TCP Connections
The ss command can generate a summary list of all TCP connections on Ubuntu. To do, use the -s flag to generate a summary and the -t to specify TCP connections only.
ss -s -tThe output will of the command will provide a summary of all connections, while also providing details about TCP sockets.
Total: 164
TCP: 4 (estab 1, closed 0, orphaned 0, timewait 0)
Transport Total IP IPv6
RAW 1 0 1
UDP 3 2 1
TCP 4 3 1
INET 8 5 3
FRAG 0 0 0
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
ESTAB 0 332 10.0.0.10:ssh 10.0.0.157:56083 In the output above, we can there are 164 total network sockets, while only 4 are TCP. Of the TCP sockets, only one has a connection and it is for an SSH session.
List all UDP Connections
To view a summary list of all UDP sockets on Ubuntu using the ss command, use the -s and -u flags.
ss -s -uThe -s flag outputs a summary of all sockets with a more detailed list of established connections. The -u flag sets ss to list only UDP sockets.
Total: 164
TCP: 4 (estab 1, closed 0, orphaned 0, timewait 0)
Transport Total IP IPv6
RAW 1 0 1
UDP 3 2 1
TCP 4 3 1
INET 8 5 3
FRAG 0 0 0
Recv-Q Send-Q Local Address:Port Peer Address:Port Process In the example above, no UDP sockets had connections.
List all Listening and Non-Listening TCP Sockets
To view a complete list of TCP sockets, both listening and non-listening, you use the -a flag with the -t flag.
ss -a -tIn the output example below we there are four sockets. Three are in the LISTEN state, while one has an established connection.
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:*
LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:*
ESTAB 0 0 10.0.0.10:ssh 10.0.0.157:56083
LISTEN 0 128 [::]:ssh [::]:* List listening and non-listening UDP Sockets
To view a list of all UDP sockets, listening and non-listening, you use the -a flag with ss. The -u flag tells ss to only output UDP sockets.
ss -a -uThe output shows three sockets on the Ubuntu host.
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
UNCONN 0 0 127.0.0.53%lo:domain 0.0.0.0:*
UNCONN 0 0 10.0.0.10%enp0s3:bootpc 0.0.0.0:*
UNCONN 0 0 [fe80::a00:27ff:fe83:8b35]%enp0s3:dhcpv6-client [::]:*