[mirror_iproute2.git] / man / man8 / ss.8

.TH SS 8
.SH NAME
ss \- another utility to investigate sockets
.SH SYNOPSIS
.B ss
.RI [ options ] " [ FILTER ]"
.SH DESCRIPTION
.B ss
is used to dump socket statistics. It allows showing information similar
to
.IR netstat .
It can display more TCP and state informations than other tools.

.SH OPTIONS
When no option is used ss displays a list of 
open non-listening TCP sockets that have established connection.
.TP
.B \-h, \-\-help
Show summary of options.
.TP
.B \-V, \-\-version
Output version information.
.TP
.B \-n, \-\-numeric
Do not try to resolve service names.
.TP
.B \-r, \-\-resolve
Try to resolve numeric address/ports.
.TP
.B \-a, \-\-all
Display both listening and non-listening (for TCP this means established connections) sockets.
.TP
.B \-l, \-\-listening
Display only listening sockets (these are omitted by default).
.TP
.B \-o, \-\-options
Show timer information.
.TP
.B \-e, \-\-extended
Show detailed socket information
.TP
.B \-m, \-\-memory
Show socket memory usage.
.TP
.B \-p, \-\-processes
Show process using socket.
.TP
.B \-i, \-\-info
Show internal TCP information.
.TP
.B \-s, \-\-summary
Print summary statistics. This option does not parse socket lists obtaining
summary from various sources. It is useful when amount of sockets is so huge
that parsing /proc/net/tcp is painful.
.TP
.B \-Z, \-\-context
As the
.B \-p
option but also shows process security context.
.sp
For
.BR netlink (7)
sockets the initiating process context is displayed as follows:
.RS
.RS
.IP "1." 4
If valid pid show the process context.
.IP "2." 4
If destination is kernel (pid = 0) show kernel initial context.
.IP "3." 4
If a unique identifier has been allocated by the kernel or netlink user,
show context as "unavailable". This will generally indicate that a
process has more than one netlink socket active.
.RE
.RE
.TP
.B \-z, \-\-contexts
As the
.B \-Z
option but also shows the socket context. The socket context is
taken from the associated inode and is not the actual socket
context held by the kernel. Sockets are typically labeled with the
context of the creating process, however the context shown will reflect
any policy role, type and/or range transition rules applied,
and is therefore a useful reference.
.TP
.B \-b, \-\-bpf
Show socket BPF filters (only administrators are allowed to get these information).
.TP
.B \-4, \-\-ipv4
Display only IP version 4 sockets (alias for -f inet).
.TP
.B \-6, \-\-ipv6
Display only IP version 6 sockets (alias for -f inet6).
.TP
.B \-0, \-\-packet
Display PACKET sockets (alias for -f link).
.TP
.B \-t, \-\-tcp
Display TCP sockets.
.TP
.B \-u, \-\-udp
Display UDP sockets.
.TP
.B \-d, \-\-dccp
Display DCCP sockets.
.TP
.B \-w, \-\-raw
Display RAW sockets.
.TP
.B \-x, \-\-unix
Display Unix domain sockets (alias for -f unix).
.TP
.B \-f FAMILY, \-\-family=FAMILY
Display sockets of type FAMILY.
Currently the following families are supported: unix, inet, inet6, link, netlink.
.TP
.B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY
List of socket tables to dump, separated by commas. The following identifiers
are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram,
unix_stream, unix_seqpacket, packet_raw, packet_dgram.
.TP
.B \-D FILE, \-\-diag=FILE
Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used.
.TP
.B \-F FILE, \-\-filter=FILE
Read filter information from FILE.
Each line of FILE is interpreted like single command line option. If FILE is - stdin is used.
.TP
.B FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
Please take a look at the official documentation (Debian package iproute-doc) for details regarding filters.

.SH STATE-FILTER

.B STATE-FILTER
allows to construct arbitrary set of states to match. Its syntax is sequence of keywords state and exclude followed by identifier of state.
.TP
Available identifiers are:

All standard TCP states:
.BR established ", " syn-sent ", " syn-recv ", " fin-wait-1 ", " fin-wait-2 ", " time-wait ", " closed ", " close-wait ", " last-ack ", "
.BR  listen " and " closing.

.B all
- for all the states

.B connected
- all the states except for
.BR listen " and " closed

.B synchronized
- all the
.B connected
states except for
.B syn-sent

.B bucket
- states, which are maintained as minisockets, i.e.
.BR time-wait " and " syn-recv

.B big
- opposite to
.B bucket

.SH USAGE EXAMPLES
.TP
.B ss -t -a
Display all TCP sockets.
.TP
.B ss -t -a -Z
Display all TCP sockets with process SELinux security contexts.
.TP
.B ss -u -a
Display all UDP sockets.
.TP
.B ss -o state established '( dport = :ssh or sport = :ssh )'
Display all established ssh connections.
.TP
.B ss -x src /tmp/.X11-unix/*
Find all local processes connected to X server.
.TP
.B ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24
List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7/24 and look at their timers.
.SH SEE ALSO
.BR ip (8),
Commit	Line	Data
d7eeca84 SH	1	.TH SS 8
	2	.SH NAME
	3	ss \- another utility to investigate sockets
	4	.SH SYNOPSIS
	5	.B ss
	6	.RI [ options ] " [ FILTER ]"
	7	.SH DESCRIPTION
	8	.B ss
	9	is used to dump socket statistics. It allows showing information similar
	10	to
	11	.IR netstat .
b096fa5f	12	It can display more TCP and state informations than other tools.
d7eeca84 SH	13
d7eeca84 SH	14	.SH OPTIONS
5d805635 PS	15	When no option is used ss displays a list of
5d805635 PS	16	open non-listening TCP sockets that have established connection.
d7eeca84 SH	17	.TP
	18	.B \-h, \-\-help
	19	Show summary of options.
	20	.TP
	21	.B \-V, \-\-version
	22	Output version information.
	23	.TP
	24	.B \-n, \-\-numeric
d98e300c	25	Do not try to resolve service names.
d7eeca84 SH	26	.TP
	27	.B \-r, \-\-resolve
	28	Try to resolve numeric address/ports.
	29	.TP
	30	.B \-a, \-\-all
5d805635	31	Display both listening and non-listening (for TCP this means established connections) sockets.
d7eeca84 SH	32	.TP
d7eeca84 SH	33	.B \-l, \-\-listening
5d805635	34	Display only listening sockets (these are omitted by default).
d7eeca84 SH	35	.TP
	36	.B \-o, \-\-options
	37	Show timer information.
	38	.TP
	39	.B \-e, \-\-extended
	40	Show detailed socket information
	41	.TP
	42	.B \-m, \-\-memory
	43	Show socket memory usage.
	44	.TP
	45	.B \-p, \-\-processes
	46	Show process using socket.
	47	.TP
	48	.B \-i, \-\-info
	49	Show internal TCP information.
	50	.TP
	51	.B \-s, \-\-summary
	52	Print summary statistics. This option does not parse socket lists obtaining
	53	summary from various sources. It is useful when amount of sockets is so huge
	54	that parsing /proc/net/tcp is painful.
	55	.TP
116ac927 RH	56	.B \-Z, \-\-context
	57	As the
	58	.B \-p
	59	option but also shows process security context.
	60	.sp
	61	For
	62	.BR netlink (7)
	63	sockets the initiating process context is displayed as follows:
	64	.RS
	65	.RS
	66	.IP "1." 4
	67	If valid pid show the process context.
	68	.IP "2." 4
	69	If destination is kernel (pid = 0) show kernel initial context.
	70	.IP "3." 4
	71	If a unique identifier has been allocated by the kernel or netlink user,
	72	show context as "unavailable". This will generally indicate that a
	73	process has more than one netlink socket active.
	74	.RE
	75	.RE
	76	.TP
	77	.B \-z, \-\-contexts
	78	As the
	79	.B \-Z
	80	option but also shows the socket context. The socket context is
	81	taken from the associated inode and is not the actual socket
	82	context held by the kernel. Sockets are typically labeled with the
	83	context of the creating process, however the context shown will reflect
	84	any policy role, type and/or range transition rules applied,
	85	and is therefore a useful reference.
	86	.TP
f3c2f91e ND	87	.B \-b, \-\-bpf
	88	Show socket BPF filters (only administrators are allowed to get these information).
	89	.TP
d7eeca84 SH	90	.B \-4, \-\-ipv4
	91	Display only IP version 4 sockets (alias for -f inet).
	92	.TP
	93	.B \-6, \-\-ipv6
	94	Display only IP version 6 sockets (alias for -f inet6).
	95	.TP
	96	.B \-0, \-\-packet
5d805635	97	Display PACKET sockets (alias for -f link).
d7eeca84 SH	98	.TP
d7eeca84 SH	99	.B \-t, \-\-tcp
5d805635	100	Display TCP sockets.
d7eeca84 SH	101	.TP
d7eeca84 SH	102	.B \-u, \-\-udp
5d805635	103	Display UDP sockets.
d7eeca84 SH	104	.TP
d7eeca84 SH	105	.B \-d, \-\-dccp
5d805635	106	Display DCCP sockets.
d7eeca84 SH	107	.TP
d7eeca84 SH	108	.B \-w, \-\-raw
5d805635	109	Display RAW sockets.
d7eeca84 SH	110	.TP
d7eeca84 SH	111	.B \-x, \-\-unix
5d805635	112	Display Unix domain sockets (alias for -f unix).
d7eeca84 SH	113	.TP
	114	.B \-f FAMILY, \-\-family=FAMILY
	115	Display sockets of type FAMILY.
	116	Currently the following families are supported: unix, inet, inet6, link, netlink.
	117	.TP
583de149	118	.B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY
d7eeca84 SH	119	List of socket tables to dump, separated by commas. The following identifiers
d7eeca84 SH	120	are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram,
56dee73e	121	unix_stream, unix_seqpacket, packet_raw, packet_dgram.
d7eeca84	122	.TP
583de149	123	.B \-D FILE, \-\-diag=FILE
d7eeca84 SH	124	Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used.
	125	.TP
	126	.B \-F FILE, \-\-filter=FILE
	127	Read filter information from FILE.
	128	Each line of FILE is interpreted like single command line option. If FILE is - stdin is used.
	129	.TP
b93fe578	130	.B FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
d7eeca84	131	Please take a look at the official documentation (Debian package iproute-doc) for details regarding filters.
b93fe578 VK	132
	133	.SH STATE-FILTER
	134
	135	.B STATE-FILTER
	136	allows to construct arbitrary set of states to match. Its syntax is sequence of keywords state and exclude followed by identifier of state.
	137	.TP
	138	Available identifiers are:
	139
	140	All standard TCP states:
	141	.BR established ", " syn-sent ", " syn-recv ", " fin-wait-1 ", " fin-wait-2 ", " time-wait ", " closed ", " close-wait ", " last-ack ", "
	142	.BR listen " and " closing.
	143
	144	.B all
	145	- for all the states
	146
	147	.B connected
	148	- all the states except for
	149	.BR listen " and " closed
	150
	151	.B synchronized
	152	- all the
	153	.B connected
	154	states except for
	155	.B syn-sent
	156
	157	.B bucket
	158	- states, which are maintained as minisockets, i.e.
	159	.BR time-wait " and " syn-recv
	160
	161	.B big
	162	- opposite to
	163	.B bucket
	164
d7eeca84 SH	165	.SH USAGE EXAMPLES
	166	.TP
	167	.B ss -t -a
	168	Display all TCP sockets.
	169	.TP
116ac927 RH	170	.B ss -t -a -Z
	171	Display all TCP sockets with process SELinux security contexts.
	172	.TP
d7eeca84 SH	173	.B ss -u -a
	174	Display all UDP sockets.
	175	.TP
	176	.B ss -o state established '( dport = :ssh or sport = :ssh )'
	177	Display all established ssh connections.
	178	.TP
ea5dd59c	179	.B ss -x src /tmp/.X11-unix/*
d7eeca84 SH	180	Find all local processes connected to X server.
	181	.TP
	182	.B ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24
	183	List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7/24 and look at their timers.
	184	.SH SEE ALSO
	185	.BR ip (8),
b93fe578 VK	186