SS(8) System Manager's Manual SS(8) ss - ss [] [ ] ss . netstat. TCP . ss ( TCP/UNIX/UDP) . -h --help . -V --version . -H, --no-header . -Q, --no-queues . -O, --oneline . -n, --numeric . . -r, --resolve / . -a, --all ( TCP ). -l, --listening ( ). -B, --bound-inactive TCP ( ) ( ). -o, --options . TCP : timer:(,,) : on : : TCP TCP keepalive: TCP timewait: persist: unknown: -e, --extended . : uid: ino: sk: inode VFS uuid uuid -m, --memory . : skmem:(r,rb,t,tb, f,w,o, bl,d) ( 3) / . / . ( 3) TCP MD5 backlog sk. backlog sk . -p --processes . -T, --threads . -p. -i --info TCP . : ts "ts" sack "sack" sack ecn "ecn" ecnseen "ecnseen" ecn fastopen "fastopen" cong_alg "cubic" wscale:: rto: TCP backoff: icsk_rto << icsk_backoff rtt:/ rtt rttvar rtt ato: mss: cwnd: pmtu: MTU ssthresh: TCP bytes_acked: bytes_received: segs_out: segs_in: send bps lastsnd: lastrcv: lastack: pacing_rate bps/bps rcv_space: TCP tcp-ulp-mptcp flags:[MmBbJjecv] token: seq: sfseq: ssnoff: maplen: MPTCP --tos ToS . : tos IPv4 tclass IPv6 class_id cgroup net_cls. SO_PRIORITY. --cgroup cgroup. : cgroup Cgroup v2. . --tipcinfo tipc . -K, --kill . . IPv4 IPv6 . -s --summary . . /proc/net/tcp . -E, --events -Z, --context -p . -T . netlink(7) : 1. . 2. ( = 0) . 3. netlink " ". netlink . -z, --contexts -Z . inode . / . -N NSNAME, --net=NSNAME . -b, --bpf BPF ( ). -4, --ipv4 IP 4 ( -f inet). -6, --ipv6 IP 6 ( -f inet6). -0, --packet PACKET ( -f link). -t, --tcp TCP. -u, --udp UDP. -d, --dccp DCCP. -w, --raw RAW. -x, --unix ( -f unix). -S, --sctp SCTP. --tipc tipc ( -f tipc). --vsock vsock ( -f vsock). --xdp XDP ( -f xdp). -M, --mptcp MPTCP. --inet-sockopt inet. -f FAMILY, --family=FAMILY FAMILY. : unix, inet, inet6, link, netlink, vsock, tipc, xdp. -A QUERY, --query=QUERY, --socket=QUERY . : all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp, tipc, vsock_stream, vsock_dgram, xdp, mptcp. (!) . -D FILE, --diag=FILE TCP FILE . FILE - stdout. -F FILE, --filter=FILE FILE. FILE . FILE - stdin. --bpf-maps BPF . --bpf-map-id=MAP_ID BPF . . FILTER := [ state STATE-FILTER ] [ EXPRESSION ] . STATE-FILTER STATE-FILTER . state exclude . : TCP : established syn-sent syn-recv fin-wait-1 fin-wait-2 time-wait closed close-wait last-ack listening closing. all - connected - listening closed synchronized - connected syn-sent bucket - time-wait syn-recv big - bucket bound-inactive - ( .) EXPRESSION . EXPRESSION . or ( | ||) and ( & &&) not ( !). and . "(" ")". : {dst|src} [=] HOST HOST. HOST SYNTAX . {dport|sport} [OP] [FAMILY:]:PORT PORT. OP "<" "<=" "=" "!=" ">=" ">" . FAMILY PORT HOST SYNTAX . dev [=|!=] DEVICE . DEVICE . fwmark [=|!=] MASK fwmark . "/" . "fwmark = 0x01/0x03" fwmark 0x01. cgroup [=|!=] PATH cgroup . autobound ( ). . "=". : o = == eq o != ne neq o > gt o < lt o >= ge geq o <= le leq o ! not o | || or o & && and [FAMILY:]ADDRESS[:PORT]. FAMILY -f. -f inet inet6. inet inet6. . ADDRESS PORT . "*" . : ADDRESS glob ( fnmatch(3)) unix. . Unix "*" . link ADDRESS Ethernet . PORT ip link. netlink ADDRESS netlink. /etc/iproute2/nl_protos. PORT . "kernel" ( 0). vsock ADDRESS CID PORT . inet inet6 ADDRESS ip ( v4 v6 ) DNS ip . ipv6 "[" "]" . CIDR ( ). PORT . ss -t -a TCP. ss -t -a -Z TCP SELinux . ss -u -a UDP. ss -o state established '( dport = :ssh or sport = :ssh )' ssh . ss -x src /tmp/.X11-unix/* X. ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24 TCP FIN-WAIT-1 Apache 193.233.7/24 . ss -a -A 'all,!tcp' TCP. ip(8) RFC 793 - https://tools.ietf.org/rfc/rfc793.txt ( TCP) ss Alexey Kuznetsov . Michael Prokop ( ). 3 . . : . SS(8)