# Cheatsheet & Examples: ss The `ss` command is a powerful tool for inspecting network sockets. It provides detailed information about TCP, UDP, and other network connections, similar to `netstat`, but often with improved performance and more advanced filtering capabilities. ## Listing All Established TCP Connections Example Usage: `ss -t state established` What it does: Lists all established TCP connections on the system. Command-line Arguments Explained: - `-t`: Specifies that you want to see TCP sockets. - `state established`: Filters the output to show only connections that are in the established state. ## Listing All Listening Sockets Example Usage: `ss -l` What it does: Lists all listening sockets (sockets that are waiting for incoming connections). Command-line Arguments Explained: - `-l`: Displays listening sockets. ## Listing All UDP Sockets Example Usage: `ss -u` What it does: Lists all UDP sockets. Command-line Arguments Explained: - `-u`: Specifies that you want to see UDP sockets. ## Displaying Numeric Addresses and Ports Example Usage: `ss -n` What it does: Displays numeric addresses and ports, avoiding hostname and service name resolution. Command-line Arguments Explained: - `-n`: Shows numerical addresses and ports. This bypasses DNS lookups and /etc/services lookups, making the output faster and often clearer. ## Displaying Process Information Example Usage: `ss -p` What it does: Displays process information associated with each socket, including the PID and process name. Command-line Arguments Explained: - `-p`: Shows process information. This includes the process ID (PID) and the process name associated with each socket. ## Showing Detailed Socket Information Example Usage: `ss -i` What it does: Displays internal TCP information, such as congestion window size, send and receive buffers, etc. Command-line Arguments Explained: - `-i`: Shows internal TCP information. This provides detailed statistics about the TCP connection. ## Filtering by Port Example Usage: `ss -t -a 'sport = :80'` What it does: Lists TCP sockets, showing all states (-a), and filters the output to only include sockets with a source port of 80. Command-line Arguments Explained: - `-t`: Specifies TCP sockets. - `-a`: Shows all sockets (listening and connected). - `'sport = :80'`: Uses an extended filter. `sport` refers to the source port. `:80` represents port 80 (HTTP). This filters the output to show connections originating from port 80. (Note: the single quotes are important for the shell to interpret this correctly.) ## Filtering by Local Address and Port Example Usage: `ss -t -l 'sport = :22 and dport = :1024-65535'` What it does: Lists listening TCP sockets on port 22 (SSH) and filters to include connections originating from ports in the dynamic/private range (1024-65535). Command-line Arguments Explained: - `-t`: Specifies TCP sockets. - `-l`: Lists listening sockets. - `'sport = :22'`: Filters based on source port (SSH, port 22). - `and`: Combines filter conditions. - `dport = :1024-65535`: Filters based on destination port being within the dynamic port range. ## Showing Summary Statistics Example Usage: `ss -s` What it does: Provides a summary of socket statistics, including the number of established, listening, and other types of sockets. Command-line Arguments Explained: - `-s`: Displays summary statistics. ## Showing Timers Example Usage: `ss -t -o state closing` What it does: Shows TCP sockets in the closing state, along with timer information. Command-line Arguments Explained: - `-t`: Specifies TCP sockets. - `-o`: Displays socket timers. - `state closing`: Filters output by sockets in the closing state. ## Filtering by Interface Example Usage: `ss -n -i | grep wlan0` What it does: Lists all network sockets with numeric output. The results are then piped to grep to find entries that belong to the interface wlan0. Command-line Arguments Explained: - `-n`: Shows numerical addresses and ports. - `-i`: Shows internal TCP information. - `| grep wlan0`: Pipes the output to the grep command to filter based on a matching interface name.