Following up on my blog entry on ip, and still cribbing from Packt's DevOps Automation Cookbook (Michael Duffy, 2015), we're moving on to the ss
command. It's considered a replacement for netstat
, another command I've been using for a very long time (although unlike ifconfig
, my understanding of netstat
was never particularly good).
The good news is that, as an informational command, this appears to be usable by non-root users. Just running ss
raw will give you way, WAY too much information. Limit the output to TCP with -t or to UDP with -u:
$ ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.0.104:44926 178.237.2.88:https
ESTAB 0 0 192.168.0.104:40730 52.84.97.174:https
ESTAB 0 0 192.168.0.104:36846 178.237.2.111:https
ESTAB 0 0 192.168.0.104:45946 178.237.2.105:https
ESTAB 0 0 192.168.0.104:40728 52.84.97.164:https
ESTAB 0 0 192.168.0.104:45168 52.49.210.179:https
ESTAB 0 0 192.168.0.104:50326 122.125.132.129:https
ESTAB 0 0 192.168.0.104:50168 122.125.201.129:https
ESTAB 0 0 192.168.0.104:50332 122.125.132.179:https
ESTAB 0 0 192.168.0.104:36888 178.237.2.111:https
ESTAB 0 0 ::1:ssh ::1:60864
ESTAB 0 0 ::1:60864 ::1:ssh
One command I can see myself using a lot is ss -ltun which is:
- -l show only listening sockets
- -t TCP
- -u UDP
- -n numeric, don't do domain lookups (this is faster but not always desirable)