]>
Commit | Line | Data |
---|---|---|
d7eeca84 SH |
1 | .TH SS 8 |
2 | .SH NAME | |
3 | ss \- another utility to investigate sockets | |
4 | .SH SYNOPSIS | |
5 | .B ss | |
6 | .RI [ options ] " [ FILTER ]" | |
7 | .SH DESCRIPTION | |
8 | .B ss | |
9 | is used to dump socket statistics. It allows showing information similar | |
10 | to | |
11 | .IR netstat . | |
f76ad635 | 12 | It can display more TCP and state information than other tools. |
d7eeca84 SH |
13 | |
14 | .SH OPTIONS | |
f76ad635 SH |
15 | When no option is used ss displays a list of open non-listening |
16 | sockets (e.g. TCP/UNIX/UDP) that have established connection. | |
d7eeca84 SH |
17 | .TP |
18 | .B \-h, \-\-help | |
19 | Show summary of options. | |
20 | .TP | |
21 | .B \-V, \-\-version | |
22 | Output version information. | |
23 | .TP | |
7a4559f6 DA |
24 | .B \-H, \-\-no-header |
25 | Suppress header line. | |
26 | .TP | |
296b5de7 JH |
27 | .B \-O, \-\-oneline |
28 | Print each socket's data on a single line. | |
29 | .TP | |
d7eeca84 | 30 | .B \-n, \-\-numeric |
d791e75d | 31 | Do not try to resolve service names. Show exact bandwidth values, instead of human-readable. |
d7eeca84 SH |
32 | .TP |
33 | .B \-r, \-\-resolve | |
34 | Try to resolve numeric address/ports. | |
35 | .TP | |
36 | .B \-a, \-\-all | |
f76ad635 SH |
37 | Display both listening and non-listening (for TCP this means |
38 | established connections) sockets. | |
d7eeca84 SH |
39 | .TP |
40 | .B \-l, \-\-listening | |
5d805635 | 41 | Display only listening sockets (these are omitted by default). |
d7eeca84 SH |
42 | .TP |
43 | .B \-o, \-\-options | |
f76ad635 | 44 | Show timer information. For TCP protocol, the output format is: |
5a9bca71 | 45 | .RS |
46 | .P | |
47 | timer:(<timer_name>,<expire_time>,<retrans>) | |
48 | .P | |
49 | .TP | |
50 | .B <timer_name> | |
51 | the name of the timer, there are five kind of timer names: | |
52 | .RS | |
53 | .P | |
f76ad635 SH |
54 | .B on |
55 | : means one of these timers: TCP retrans timer, TCP early retrans | |
56 | timer and tail loss probe timer | |
5a9bca71 | 57 | .P |
58 | .BR keepalive ": tcp keep alive timer" | |
59 | .P | |
60 | .BR timewait ": timewait stage timer" | |
61 | .P | |
62 | .BR persist ": zero window probe timer" | |
63 | .P | |
64 | .BR unknown ": none of the above timers" | |
65 | .RE | |
66 | .TP | |
67 | .B <expire_time> | |
68 | how long time the timer will expire | |
69 | .P | |
70 | .TP | |
71 | .B <retrans> | |
f76ad635 | 72 | how many times the retransmission occured |
5a9bca71 | 73 | .RE |
d7eeca84 SH |
74 | .TP |
75 | .B \-e, \-\-extended | |
5a9bca71 | 76 | Show detailed socket information. The output format is: |
77 | .RS | |
78 | .P | |
79 | uid:<uid_number> ino:<inode_number> sk:<cookie> | |
80 | .P | |
81 | .TP | |
82 | .B <uid_number> | |
83 | the user id the socket belongs to | |
84 | .P | |
85 | .TP | |
86 | .B <inode_number> | |
87 | the socket's inode number in VFS | |
88 | .P | |
89 | .TP | |
90 | .B <cookie> | |
91 | an uuid of the socket | |
92 | .RE | |
d7eeca84 SH |
93 | .TP |
94 | .B \-m, \-\-memory | |
5a9bca71 | 95 | Show socket memory usage. The output format is: |
96 | .RS | |
97 | .P | |
cffeeb39 | 98 | skmem:(r<rmem_alloc>,rb<rcv_buf>,t<wmem_alloc>,tb<snd_buf>, |
7f504752 LB |
99 | .br |
100 | .RS | |
101 | .RS | |
6296d518 | 102 | f<fwd_alloc>,w<wmem_queued>,o<opt_mem>, |
cffeeb39 LB |
103 | .RE |
104 | .RE | |
105 | .br | |
106 | .RS | |
107 | .RS | |
6296d518 | 108 | bl<back_log>,d<sock_drop>) |
7f504752 LB |
109 | .RE |
110 | .RE | |
5a9bca71 | 111 | .P |
112 | .TP | |
113 | .B <rmem_alloc> | |
114 | the memory allocated for receiving packet | |
115 | .P | |
116 | .TP | |
117 | .B <rcv_buf> | |
118 | the total memory can be allocated for receiving packet | |
119 | .P | |
120 | .TP | |
121 | .B <wmem_alloc> | |
122 | the memory used for sending packet (which has been sent to layer 3) | |
123 | .P | |
124 | .TP | |
125 | .B <snd_buf> | |
126 | the total memory can be allocated for sending packet | |
127 | .P | |
128 | .TP | |
129 | .B <fwd_alloc> | |
f76ad635 SH |
130 | the memory allocated by the socket as cache, but not used for |
131 | receiving/sending packet yet. If need memory to send/receive packet, | |
132 | the memory in this cache will be used before allocate additional | |
133 | memory. | |
5a9bca71 | 134 | .P |
135 | .TP | |
136 | .B <wmem_queued> | |
137 | The memory allocated for sending packet (which has not been sent to layer 3) | |
138 | .P | |
139 | .TP | |
f76ad635 | 140 | .B <ropt_mem> |
5a9bca71 | 141 | The memory used for storing socket option, e.g., the key for TCP MD5 signature |
142 | .P | |
143 | .TP | |
144 | .B <back_log> | |
f76ad635 SH |
145 | The memory used for the sk backlog queue. On a process context, if the |
146 | process is receiving packet, and a new packet is received, it will be | |
147 | put into the sk backlog queue, so it can be received by the process | |
148 | immediately | |
6296d518 AC |
149 | .P |
150 | .TP | |
151 | .B <sock_drop> | |
152 | the number of packets dropped before they are de-multiplexed into the socket | |
5a9bca71 | 153 | .RE |
d7eeca84 SH |
154 | .TP |
155 | .B \-p, \-\-processes | |
156 | Show process using socket. | |
157 | .TP | |
158 | .B \-i, \-\-info | |
5a9bca71 | 159 | Show internal TCP information. Below fields may appear: |
160 | .RS | |
161 | .P | |
162 | .TP | |
163 | .B ts | |
164 | show string "ts" if the timestamp option is set | |
165 | .P | |
166 | .TP | |
167 | .B sack | |
168 | show string "sack" if the sack option is set | |
169 | .P | |
170 | .TP | |
171 | .B ecn | |
172 | show string "ecn" if the explicit congestion notification option is set | |
173 | .P | |
174 | .TP | |
175 | .B ecnseen | |
176 | show string "ecnseen" if the saw ecn flag is found in received packets | |
177 | .P | |
178 | .TP | |
179 | .B fastopen | |
180 | show string "fastopen" if the fastopen option is set | |
181 | .P | |
182 | .TP | |
183 | .B cong_alg | |
184 | the congestion algorithm name, the default congestion algorithm is "cubic" | |
185 | .P | |
186 | .TP | |
187 | .B wscale:<snd_wscale>:<rcv_wscale> | |
f76ad635 SH |
188 | if window scale option is used, this field shows the send scale factor |
189 | and receive scale factor | |
5a9bca71 | 190 | .P |
191 | .TP | |
192 | .B rto:<icsk_rto> | |
193 | tcp re-transmission timeout value, the unit is millisecond | |
194 | .P | |
195 | .TP | |
196 | .B backoff:<icsk_backoff> | |
f76ad635 SH |
197 | used for exponential backoff re-transmission, the actual |
198 | re-transmission timeout value is icsk_rto << icsk_backoff | |
5a9bca71 | 199 | .P |
200 | .TP | |
201 | .B rtt:<rtt>/<rttvar> | |
f76ad635 SH |
202 | rtt is the average round trip time, rttvar is the mean deviation of |
203 | rtt, their units are millisecond | |
5a9bca71 | 204 | .P |
205 | .TP | |
206 | .B ato:<ato> | |
207 | ack timeout, unit is millisecond, used for delay ack mode | |
208 | .P | |
209 | .TP | |
210 | .B mss:<mss> | |
211 | max segment size | |
212 | .P | |
213 | .TP | |
214 | .B cwnd:<cwnd> | |
215 | congestion window size | |
216 | .P | |
217 | .TP | |
3d791a32 RM |
218 | .B pmtu:<pmtu> |
219 | path MTU value | |
220 | .P | |
221 | .TP | |
5a9bca71 | 222 | .B ssthresh:<ssthresh> |
223 | tcp congestion window slow start threshold | |
224 | .P | |
225 | .TP | |
226 | .B bytes_acked:<bytes_acked> | |
227 | bytes acked | |
228 | .P | |
229 | .TP | |
230 | .B bytes_received:<bytes_received> | |
231 | bytes received | |
232 | .P | |
233 | .TP | |
234 | .B segs_out:<segs_out> | |
235 | segments sent out | |
236 | .P | |
237 | .TP | |
238 | .B segs_in:<segs_in> | |
239 | segments received | |
240 | .P | |
241 | .TP | |
242 | .B send <send_bps>bps | |
243 | egress bps | |
244 | .P | |
245 | .TP | |
246 | .B lastsnd:<lastsnd> | |
247 | how long time since the last packet sent, the unit is millisecond | |
248 | .P | |
249 | .TP | |
250 | .B lastrcv:<lastrcv> | |
251 | how long time since the last packet received, the unit is millisecond | |
252 | .P | |
253 | .TP | |
254 | .B lastack:<lastack> | |
255 | how long time since the last ack received, the unit is millisecond | |
256 | .P | |
257 | .TP | |
258 | .B pacing_rate <pacing_rate>bps/<max_pacing_rate>bps | |
259 | the pacing rate and max pacing rate | |
260 | .P | |
261 | .TP | |
262 | .B rcv_space:<rcv_space> | |
263 | a helper variable for TCP internal auto tuning socket receive buffer | |
712fdd98 DC |
264 | .P |
265 | .TP | |
266 | .B tcp-ulp-mptcp flags:[MmBbJjecv] token:<rem_token(rem_id)/loc_token(loc_id)> seq:<sn> sfseq:<ssn> ssnoff:<off> maplen:<maplen> | |
267 | MPTCP subflow information | |
268 | .P | |
5a9bca71 | 269 | .RE |
d7eeca84 | 270 | .TP |
0f3f0ca3 KK |
271 | .B \-\-tos |
272 | Show ToS and priority information. Below fields may appear: | |
273 | .RS | |
274 | .P | |
275 | .TP | |
276 | .B tos | |
277 | IPv4 Type-of-Service byte | |
278 | .P | |
279 | .TP | |
280 | .B tclass | |
281 | IPv6 Traffic Class byte | |
282 | .P | |
283 | .TP | |
284 | .B class_id | |
f76ad635 SH |
285 | Class id set by net_cls cgroup. If class is zero this shows priority |
286 | set by SO_PRIORITY. | |
0f3f0ca3 KK |
287 | .RE |
288 | .TP | |
14f4bda5 DY |
289 | .B \-\-cgroup |
290 | Show cgroup information. Below fields may appear: | |
291 | .RS | |
292 | .P | |
293 | .TP | |
294 | .B cgroup | |
295 | Cgroup v2 pathname. This pathname is relative to the mount point of the hierarchy. | |
296 | .RE | |
297 | .TP | |
fb2594c1 LC |
298 | .B \-K, \-\-kill |
299 | Attempts to forcibly close sockets. This option displays sockets that are | |
300 | successfully closed and silently skips sockets that the kernel does not support | |
301 | closing. It supports IPv4 and IPv6 sockets only. | |
302 | .TP | |
d7eeca84 SH |
303 | .B \-s, \-\-summary |
304 | Print summary statistics. This option does not parse socket lists obtaining | |
305 | summary from various sources. It is useful when amount of sockets is so huge | |
306 | that parsing /proc/net/tcp is painful. | |
307 | .TP | |
d559db72 PS |
308 | .B \-E, \-\-events |
309 | Continually display sockets as they are destroyed | |
310 | .TP | |
116ac927 RH |
311 | .B \-Z, \-\-context |
312 | As the | |
313 | .B \-p | |
314 | option but also shows process security context. | |
315 | .sp | |
316 | For | |
317 | .BR netlink (7) | |
318 | sockets the initiating process context is displayed as follows: | |
319 | .RS | |
320 | .RS | |
321 | .IP "1." 4 | |
322 | If valid pid show the process context. | |
323 | .IP "2." 4 | |
324 | If destination is kernel (pid = 0) show kernel initial context. | |
325 | .IP "3." 4 | |
326 | If a unique identifier has been allocated by the kernel or netlink user, | |
327 | show context as "unavailable". This will generally indicate that a | |
328 | process has more than one netlink socket active. | |
329 | .RE | |
330 | .RE | |
331 | .TP | |
332 | .B \-z, \-\-contexts | |
333 | As the | |
334 | .B \-Z | |
335 | option but also shows the socket context. The socket context is | |
336 | taken from the associated inode and is not the actual socket | |
337 | context held by the kernel. Sockets are typically labeled with the | |
338 | context of the creating process, however the context shown will reflect | |
339 | any policy role, type and/or range transition rules applied, | |
340 | and is therefore a useful reference. | |
341 | .TP | |
95ce04bc VK |
342 | .B \-N NSNAME, \-\-net=NSNAME |
343 | Switch to the specified network namespace name. | |
344 | .TP | |
f3c2f91e | 345 | .B \-b, \-\-bpf |
f76ad635 SH |
346 | Show socket BPF filters (only administrators are allowed to get these |
347 | information). | |
f3c2f91e | 348 | .TP |
d7eeca84 SH |
349 | .B \-4, \-\-ipv4 |
350 | Display only IP version 4 sockets (alias for -f inet). | |
351 | .TP | |
352 | .B \-6, \-\-ipv6 | |
353 | Display only IP version 6 sockets (alias for -f inet6). | |
354 | .TP | |
355 | .B \-0, \-\-packet | |
5d805635 | 356 | Display PACKET sockets (alias for -f link). |
d7eeca84 SH |
357 | .TP |
358 | .B \-t, \-\-tcp | |
5d805635 | 359 | Display TCP sockets. |
d7eeca84 SH |
360 | .TP |
361 | .B \-u, \-\-udp | |
5d805635 | 362 | Display UDP sockets. |
d7eeca84 SH |
363 | .TP |
364 | .B \-d, \-\-dccp | |
5d805635 | 365 | Display DCCP sockets. |
d7eeca84 SH |
366 | .TP |
367 | .B \-w, \-\-raw | |
5d805635 | 368 | Display RAW sockets. |
d7eeca84 SH |
369 | .TP |
370 | .B \-x, \-\-unix | |
5d805635 | 371 | Display Unix domain sockets (alias for -f unix). |
d7eeca84 | 372 | .TP |
f89d46ad PS |
373 | .B \-S, \-\-sctp |
374 | Display SCTP sockets. | |
375 | .TP | |
c759116a SH |
376 | .B \-\-vsock |
377 | Display vsock sockets (alias for -f vsock). | |
378 | .TP | |
2abc3d76 BT |
379 | .B \-\-xdp |
380 | Display XDP sockets (alias for -f xdp). | |
381 | .TP | |
d7eeca84 | 382 | .B \-f FAMILY, \-\-family=FAMILY |
f76ad635 SH |
383 | Display sockets of type FAMILY. Currently the following families are |
384 | supported: unix, inet, inet6, link, netlink, vsock, xdp. | |
d7eeca84 | 385 | .TP |
583de149 | 386 | .B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY |
d7eeca84 SH |
387 | List of socket tables to dump, separated by commas. The following identifiers |
388 | are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, | |
c759116a | 389 | unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp, |
2abc3d76 BT |
390 | vsock_stream, vsock_dgram, xdp Any item in the list may optionally be |
391 | prefixed by an exclamation mark | |
c121111e PS |
392 | .RB ( ! ) |
393 | to exclude that socket table from being dumped. | |
d7eeca84 | 394 | .TP |
583de149 | 395 | .B \-D FILE, \-\-diag=FILE |
f76ad635 SH |
396 | Do not display anything, just dump raw information about TCP sockets |
397 | to FILE after applying filters. If FILE is - stdout is used. | |
d7eeca84 SH |
398 | .TP |
399 | .B \-F FILE, \-\-filter=FILE | |
f76ad635 SH |
400 | Read filter information from FILE. Each line of FILE is interpreted |
401 | like single command line option. If FILE is - stdin is used. | |
d7eeca84 | 402 | .TP |
b93fe578 | 403 | .B FILTER := [ state STATE-FILTER ] [ EXPRESSION ] |
cd258764 | 404 | Please take a look at the official documentation for details regarding filters. |
b93fe578 VK |
405 | |
406 | .SH STATE-FILTER | |
407 | ||
408 | .B STATE-FILTER | |
f76ad635 SH |
409 | allows to construct arbitrary set of states to match. Its syntax is |
410 | sequence of keywords state and exclude followed by identifier of | |
411 | state. | |
b93fe578 VK |
412 | .TP |
413 | Available identifiers are: | |
414 | ||
415 | All standard TCP states: | |
416 | .BR established ", " syn-sent ", " syn-recv ", " fin-wait-1 ", " fin-wait-2 ", " time-wait ", " closed ", " close-wait ", " last-ack ", " | |
ae4e21c9 | 417 | .BR listening " and " closing. |
b93fe578 VK |
418 | |
419 | .B all | |
420 | - for all the states | |
421 | ||
422 | .B connected | |
423 | - all the states except for | |
ae4e21c9 | 424 | .BR listening " and " closed |
b93fe578 VK |
425 | |
426 | .B synchronized | |
427 | - all the | |
428 | .B connected | |
429 | states except for | |
430 | .B syn-sent | |
431 | ||
432 | .B bucket | |
433 | - states, which are maintained as minisockets, i.e. | |
434 | .BR time-wait " and " syn-recv | |
435 | ||
436 | .B big | |
437 | - opposite to | |
438 | .B bucket | |
439 | ||
d7eeca84 SH |
440 | .SH USAGE EXAMPLES |
441 | .TP | |
442 | .B ss -t -a | |
443 | Display all TCP sockets. | |
444 | .TP | |
116ac927 RH |
445 | .B ss -t -a -Z |
446 | Display all TCP sockets with process SELinux security contexts. | |
447 | .TP | |
d7eeca84 SH |
448 | .B ss -u -a |
449 | Display all UDP sockets. | |
450 | .TP | |
451 | .B ss -o state established '( dport = :ssh or sport = :ssh )' | |
452 | Display all established ssh connections. | |
453 | .TP | |
ea5dd59c | 454 | .B ss -x src /tmp/.X11-unix/* |
d7eeca84 SH |
455 | Find all local processes connected to X server. |
456 | .TP | |
457 | .B ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24 | |
f76ad635 SH |
458 | List all the tcp sockets in state FIN-WAIT-1 for our apache to network |
459 | 193.233.7/24 and look at their timers. | |
c121111e PS |
460 | .TP |
461 | .B ss -a -A 'all,!tcp' | |
462 | List sockets in all states from all socket tables but TCP. | |
d7eeca84 SH |
463 | .SH SEE ALSO |
464 | .BR ip (8), | |
b93fe578 VK |
465 | .br |
466 | .BR RFC " 793 " | |
5699275b | 467 | - https://tools.ietf.org/rfc/rfc793.txt (TCP states) |
b93fe578 | 468 | |
d7eeca84 | 469 | .SH AUTHOR |
5699275b | 470 | .I ss |
dd8fac8c | 471 | was written by Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>. |
d7eeca84 SH |
472 | .PP |
473 | This manual page was written by Michael Prokop <mika@grml.org> | |
474 | for the Debian project (but may be used by others). |