]>
Commit | Line | Data |
---|---|---|
d7eeca84 SH |
1 | .TH SS 8 |
2 | .SH NAME | |
3 | ss \- another utility to investigate sockets | |
4 | .SH SYNOPSIS | |
5 | .B ss | |
6 | .RI [ options ] " [ FILTER ]" | |
7 | .SH DESCRIPTION | |
8 | .B ss | |
9 | is used to dump socket statistics. It allows showing information similar | |
10 | to | |
11 | .IR netstat . | |
b096fa5f | 12 | It can display more TCP and state informations than other tools. |
d7eeca84 SH |
13 | |
14 | .SH OPTIONS | |
5d805635 PS |
15 | When no option is used ss displays a list of |
16 | open non-listening TCP sockets that have established connection. | |
d7eeca84 SH |
17 | .TP |
18 | .B \-h, \-\-help | |
19 | Show summary of options. | |
20 | .TP | |
21 | .B \-V, \-\-version | |
22 | Output version information. | |
23 | .TP | |
24 | .B \-n, \-\-numeric | |
d98e300c | 25 | Do not try to resolve service names. |
d7eeca84 SH |
26 | .TP |
27 | .B \-r, \-\-resolve | |
28 | Try to resolve numeric address/ports. | |
29 | .TP | |
30 | .B \-a, \-\-all | |
5d805635 | 31 | Display both listening and non-listening (for TCP this means established connections) sockets. |
d7eeca84 SH |
32 | .TP |
33 | .B \-l, \-\-listening | |
5d805635 | 34 | Display only listening sockets (these are omitted by default). |
d7eeca84 SH |
35 | .TP |
36 | .B \-o, \-\-options | |
37 | Show timer information. | |
38 | .TP | |
39 | .B \-e, \-\-extended | |
40 | Show detailed socket information | |
41 | .TP | |
42 | .B \-m, \-\-memory | |
43 | Show socket memory usage. | |
44 | .TP | |
45 | .B \-p, \-\-processes | |
46 | Show process using socket. | |
47 | .TP | |
48 | .B \-i, \-\-info | |
49 | Show internal TCP information. | |
50 | .TP | |
51 | .B \-s, \-\-summary | |
52 | Print summary statistics. This option does not parse socket lists obtaining | |
53 | summary from various sources. It is useful when amount of sockets is so huge | |
54 | that parsing /proc/net/tcp is painful. | |
55 | .TP | |
116ac927 RH |
56 | .B \-Z, \-\-context |
57 | As the | |
58 | .B \-p | |
59 | option but also shows process security context. | |
60 | .sp | |
61 | For | |
62 | .BR netlink (7) | |
63 | sockets the initiating process context is displayed as follows: | |
64 | .RS | |
65 | .RS | |
66 | .IP "1." 4 | |
67 | If valid pid show the process context. | |
68 | .IP "2." 4 | |
69 | If destination is kernel (pid = 0) show kernel initial context. | |
70 | .IP "3." 4 | |
71 | If a unique identifier has been allocated by the kernel or netlink user, | |
72 | show context as "unavailable". This will generally indicate that a | |
73 | process has more than one netlink socket active. | |
74 | .RE | |
75 | .RE | |
76 | .TP | |
77 | .B \-z, \-\-contexts | |
78 | As the | |
79 | .B \-Z | |
80 | option but also shows the socket context. The socket context is | |
81 | taken from the associated inode and is not the actual socket | |
82 | context held by the kernel. Sockets are typically labeled with the | |
83 | context of the creating process, however the context shown will reflect | |
84 | any policy role, type and/or range transition rules applied, | |
85 | and is therefore a useful reference. | |
86 | .TP | |
f3c2f91e ND |
87 | .B \-b, \-\-bpf |
88 | Show socket BPF filters (only administrators are allowed to get these information). | |
89 | .TP | |
d7eeca84 SH |
90 | .B \-4, \-\-ipv4 |
91 | Display only IP version 4 sockets (alias for -f inet). | |
92 | .TP | |
93 | .B \-6, \-\-ipv6 | |
94 | Display only IP version 6 sockets (alias for -f inet6). | |
95 | .TP | |
96 | .B \-0, \-\-packet | |
5d805635 | 97 | Display PACKET sockets (alias for -f link). |
d7eeca84 SH |
98 | .TP |
99 | .B \-t, \-\-tcp | |
5d805635 | 100 | Display TCP sockets. |
d7eeca84 SH |
101 | .TP |
102 | .B \-u, \-\-udp | |
5d805635 | 103 | Display UDP sockets. |
d7eeca84 SH |
104 | .TP |
105 | .B \-d, \-\-dccp | |
5d805635 | 106 | Display DCCP sockets. |
d7eeca84 SH |
107 | .TP |
108 | .B \-w, \-\-raw | |
5d805635 | 109 | Display RAW sockets. |
d7eeca84 SH |
110 | .TP |
111 | .B \-x, \-\-unix | |
5d805635 | 112 | Display Unix domain sockets (alias for -f unix). |
d7eeca84 SH |
113 | .TP |
114 | .B \-f FAMILY, \-\-family=FAMILY | |
115 | Display sockets of type FAMILY. | |
116 | Currently the following families are supported: unix, inet, inet6, link, netlink. | |
117 | .TP | |
583de149 | 118 | .B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY |
d7eeca84 SH |
119 | List of socket tables to dump, separated by commas. The following identifiers |
120 | are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, | |
56dee73e | 121 | unix_stream, unix_seqpacket, packet_raw, packet_dgram. |
d7eeca84 | 122 | .TP |
583de149 | 123 | .B \-D FILE, \-\-diag=FILE |
d7eeca84 SH |
124 | Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used. |
125 | .TP | |
126 | .B \-F FILE, \-\-filter=FILE | |
127 | Read filter information from FILE. | |
128 | Each line of FILE is interpreted like single command line option. If FILE is - stdin is used. | |
129 | .TP | |
b93fe578 | 130 | .B FILTER := [ state STATE-FILTER ] [ EXPRESSION ] |
d7eeca84 | 131 | Please take a look at the official documentation (Debian package iproute-doc) for details regarding filters. |
b93fe578 VK |
132 | |
133 | .SH STATE-FILTER | |
134 | ||
135 | .B STATE-FILTER | |
136 | allows to construct arbitrary set of states to match. Its syntax is sequence of keywords state and exclude followed by identifier of state. | |
137 | .TP | |
138 | Available identifiers are: | |
139 | ||
140 | All standard TCP states: | |
141 | .BR established ", " syn-sent ", " syn-recv ", " fin-wait-1 ", " fin-wait-2 ", " time-wait ", " closed ", " close-wait ", " last-ack ", " | |
142 | .BR listen " and " closing. | |
143 | ||
144 | .B all | |
145 | - for all the states | |
146 | ||
147 | .B connected | |
148 | - all the states except for | |
149 | .BR listen " and " closed | |
150 | ||
151 | .B synchronized | |
152 | - all the | |
153 | .B connected | |
154 | states except for | |
155 | .B syn-sent | |
156 | ||
157 | .B bucket | |
158 | - states, which are maintained as minisockets, i.e. | |
159 | .BR time-wait " and " syn-recv | |
160 | ||
161 | .B big | |
162 | - opposite to | |
163 | .B bucket | |
164 | ||
d7eeca84 SH |
165 | .SH USAGE EXAMPLES |
166 | .TP | |
167 | .B ss -t -a | |
168 | Display all TCP sockets. | |
169 | .TP | |
116ac927 RH |
170 | .B ss -t -a -Z |
171 | Display all TCP sockets with process SELinux security contexts. | |
172 | .TP | |
d7eeca84 SH |
173 | .B ss -u -a |
174 | Display all UDP sockets. | |
175 | .TP | |
176 | .B ss -o state established '( dport = :ssh or sport = :ssh )' | |
177 | Display all established ssh connections. | |
178 | .TP | |
ea5dd59c | 179 | .B ss -x src /tmp/.X11-unix/* |
d7eeca84 SH |
180 | Find all local processes connected to X server. |
181 | .TP | |
182 | .B ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24 | |
183 | List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7/24 and look at their timers. | |
184 | .SH SEE ALSO | |
185 | .BR ip (8), | |
b93fe578 VK |
186 |