is used to dump socket statistics. It allows showing information similar
to
.IR netstat .
-It can display more TCP and state informations than other tools.
+It can display more TCP and state information than other tools.
.SH OPTIONS
-When no option is used ss displays a list of
-open non-listening sockets (e.g. TCP/UNIX/UDP) that have established connection.
+When no option is used ss displays a list of open non-listening
+sockets (e.g. TCP/UNIX/UDP) that have established connection.
.TP
.B \-h, \-\-help
Show summary of options.
.B \-V, \-\-version
Output version information.
.TP
+.B \-H, \-\-no-header
+Suppress header line.
+.TP
+.B \-O, \-\-oneline
+Print each socket's data on a single line.
+.TP
.B \-n, \-\-numeric
Do not try to resolve service names.
.TP
Try to resolve numeric address/ports.
.TP
.B \-a, \-\-all
-Display both listening and non-listening (for TCP this means established connections) sockets.
+Display both listening and non-listening (for TCP this means
+established connections) sockets.
.TP
.B \-l, \-\-listening
Display only listening sockets (these are omitted by default).
.TP
.B \-o, \-\-options
-Show timer information.
+Show timer information. For TCP protocol, the output format is:
+.RS
+.P
+timer:(<timer_name>,<expire_time>,<retrans>)
+.P
+.TP
+.B <timer_name>
+the name of the timer, there are five kind of timer names:
+.RS
+.P
+.B on
+: means one of these timers: TCP retrans timer, TCP early retrans
+timer and tail loss probe timer
+.P
+.BR keepalive ": tcp keep alive timer"
+.P
+.BR timewait ": timewait stage timer"
+.P
+.BR persist ": zero window probe timer"
+.P
+.BR unknown ": none of the above timers"
+.RE
+.TP
+.B <expire_time>
+how long time the timer will expire
+.P
+.TP
+.B <retrans>
+how many times the retransmission occured
+.RE
.TP
.B \-e, \-\-extended
-Show detailed socket information
+Show detailed socket information. The output format is:
+.RS
+.P
+uid:<uid_number> ino:<inode_number> sk:<cookie>
+.P
+.TP
+.B <uid_number>
+the user id the socket belongs to
+.P
+.TP
+.B <inode_number>
+the socket's inode number in VFS
+.P
+.TP
+.B <cookie>
+an uuid of the socket
+.RE
.TP
.B \-m, \-\-memory
-Show socket memory usage.
+Show socket memory usage. The output format is:
+.RS
+.P
+skmem:(r<rmem_alloc>,rb<rcv_buf>,t<wmem_alloc>,tb<snd_buf>,
+.br
+.RS
+.RS
+f<fwd_alloc>,w<wmem_queued>,
+.RE
+.RE
+.br
+.RS
+.RS
+o<opt_mem>,bl<back_log>)
+.RE
+.RE
+.P
+.TP
+.B <rmem_alloc>
+the memory allocated for receiving packet
+.P
+.TP
+.B <rcv_buf>
+the total memory can be allocated for receiving packet
+.P
+.TP
+.B <wmem_alloc>
+the memory used for sending packet (which has been sent to layer 3)
+.P
+.TP
+.B <snd_buf>
+the total memory can be allocated for sending packet
+.P
+.TP
+.B <fwd_alloc>
+the memory allocated by the socket as cache, but not used for
+receiving/sending packet yet. If need memory to send/receive packet,
+the memory in this cache will be used before allocate additional
+memory.
+.P
+.TP
+.B <wmem_queued>
+The memory allocated for sending packet (which has not been sent to layer 3)
+.P
+.TP
+.B <ropt_mem>
+The memory used for storing socket option, e.g., the key for TCP MD5 signature
+.P
+.TP
+.B <back_log>
+The memory used for the sk backlog queue. On a process context, if the
+process is receiving packet, and a new packet is received, it will be
+put into the sk backlog queue, so it can be received by the process
+immediately
+.RE
.TP
.B \-p, \-\-processes
Show process using socket.
.TP
.B \-i, \-\-info
-Show internal TCP information.
+Show internal TCP information. Below fields may appear:
+.RS
+.P
+.TP
+.B ts
+show string "ts" if the timestamp option is set
+.P
+.TP
+.B sack
+show string "sack" if the sack option is set
+.P
+.TP
+.B ecn
+show string "ecn" if the explicit congestion notification option is set
+.P
+.TP
+.B ecnseen
+show string "ecnseen" if the saw ecn flag is found in received packets
+.P
+.TP
+.B fastopen
+show string "fastopen" if the fastopen option is set
+.P
+.TP
+.B cong_alg
+the congestion algorithm name, the default congestion algorithm is "cubic"
+.P
+.TP
+.B wscale:<snd_wscale>:<rcv_wscale>
+if window scale option is used, this field shows the send scale factor
+and receive scale factor
+.P
+.TP
+.B rto:<icsk_rto>
+tcp re-transmission timeout value, the unit is millisecond
+.P
+.TP
+.B backoff:<icsk_backoff>
+used for exponential backoff re-transmission, the actual
+re-transmission timeout value is icsk_rto << icsk_backoff
+.P
+.TP
+.B rtt:<rtt>/<rttvar>
+rtt is the average round trip time, rttvar is the mean deviation of
+rtt, their units are millisecond
+.P
+.TP
+.B ato:<ato>
+ack timeout, unit is millisecond, used for delay ack mode
+.P
+.TP
+.B mss:<mss>
+max segment size
+.P
+.TP
+.B cwnd:<cwnd>
+congestion window size
+.P
+.TP
+.B pmtu:<pmtu>
+path MTU value
+.P
+.TP
+.B ssthresh:<ssthresh>
+tcp congestion window slow start threshold
+.P
+.TP
+.B bytes_acked:<bytes_acked>
+bytes acked
+.P
+.TP
+.B bytes_received:<bytes_received>
+bytes received
+.P
+.TP
+.B segs_out:<segs_out>
+segments sent out
+.P
+.TP
+.B segs_in:<segs_in>
+segments received
+.P
+.TP
+.B send <send_bps>bps
+egress bps
+.P
+.TP
+.B lastsnd:<lastsnd>
+how long time since the last packet sent, the unit is millisecond
+.P
+.TP
+.B lastrcv:<lastrcv>
+how long time since the last packet received, the unit is millisecond
+.P
+.TP
+.B lastack:<lastack>
+how long time since the last ack received, the unit is millisecond
+.P
+.TP
+.B pacing_rate <pacing_rate>bps/<max_pacing_rate>bps
+the pacing rate and max pacing rate
+.P
+.TP
+.B rcv_space:<rcv_space>
+a helper variable for TCP internal auto tuning socket receive buffer
+.RE
+.TP
+.B \-\-tos
+Show ToS and priority information. Below fields may appear:
+.RS
+.P
+.TP
+.B tos
+IPv4 Type-of-Service byte
+.P
+.TP
+.B tclass
+IPv6 Traffic Class byte
+.P
+.TP
+.B class_id
+Class id set by net_cls cgroup. If class is zero this shows priority
+set by SO_PRIORITY.
+.RE
.TP
.B \-K, \-\-kill
Attempts to forcibly close sockets. This option displays sockets that are
summary from various sources. It is useful when amount of sockets is so huge
that parsing /proc/net/tcp is painful.
.TP
+.B \-E, \-\-events
+Continually display sockets as they are destroyed
+.TP
.B \-Z, \-\-context
As the
.B \-p
Switch to the specified network namespace name.
.TP
.B \-b, \-\-bpf
-Show socket BPF filters (only administrators are allowed to get these information).
+Show socket BPF filters (only administrators are allowed to get these
+information).
.TP
.B \-4, \-\-ipv4
Display only IP version 4 sockets (alias for -f inet).
.B \-x, \-\-unix
Display Unix domain sockets (alias for -f unix).
.TP
+.B \-S, \-\-sctp
+Display SCTP sockets.
+.TP
+.B \-\-vsock
+Display vsock sockets (alias for -f vsock).
+.TP
+.B \-\-xdp
+Display XDP sockets (alias for -f xdp).
+.TP
.B \-f FAMILY, \-\-family=FAMILY
-Display sockets of type FAMILY.
-Currently the following families are supported: unix, inet, inet6, link, netlink.
+Display sockets of type FAMILY. Currently the following families are
+supported: unix, inet, inet6, link, netlink, vsock, xdp.
.TP
.B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY
List of socket tables to dump, separated by commas. The following identifiers
are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram,
-unix_stream, unix_seqpacket, packet_raw, packet_dgram.
+unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp,
+vsock_stream, vsock_dgram, xdp Any item in the list may optionally be
+prefixed by an exclamation mark
+.RB ( ! )
+to exclude that socket table from being dumped.
.TP
.B \-D FILE, \-\-diag=FILE
-Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used.
+Do not display anything, just dump raw information about TCP sockets
+to FILE after applying filters. If FILE is - stdout is used.
.TP
.B \-F FILE, \-\-filter=FILE
-Read filter information from FILE.
-Each line of FILE is interpreted like single command line option. If FILE is - stdin is used.
+Read filter information from FILE. Each line of FILE is interpreted
+like single command line option. If FILE is - stdin is used.
.TP
.B FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
-Please take a look at the official documentation (Debian package iproute-doc) for details regarding filters.
+Please take a look at the official documentation for details regarding filters.
.SH STATE-FILTER
.B STATE-FILTER
-allows to construct arbitrary set of states to match. Its syntax is sequence of keywords state and exclude followed by identifier of state.
+allows to construct arbitrary set of states to match. Its syntax is
+sequence of keywords state and exclude followed by identifier of
+state.
.TP
Available identifiers are:
All standard TCP states:
.BR established ", " syn-sent ", " syn-recv ", " fin-wait-1 ", " fin-wait-2 ", " time-wait ", " closed ", " close-wait ", " last-ack ", "
-.BR listen " and " closing.
+.BR listening " and " closing.
.B all
- for all the states
.B connected
- all the states except for
-.BR listen " and " closed
+.BR listening " and " closed
.B synchronized
- all the
Find all local processes connected to X server.
.TP
.B ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24
-List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7/24 and look at their timers.
+List all the tcp sockets in state FIN-WAIT-1 for our apache to network
+193.233.7/24 and look at their timers.
+.TP
+.B ss -a -A 'all,!tcp'
+List sockets in all states from all socket tables but TCP.
.SH SEE ALSO
.BR ip (8),
-.BR /usr/share/doc/iproute-doc/ss.html " (package iprouteĀdoc)",
.br
.BR RFC " 793 "
- https://tools.ietf.org/rfc/rfc793.txt (TCP states)