|
Packit Service |
3880ab |
.TH SS 8
|
|
Packit Service |
3880ab |
.SH NAME
|
|
Packit Service |
3880ab |
ss \- another utility to investigate sockets
|
|
Packit Service |
3880ab |
.SH SYNOPSIS
|
|
Packit Service |
3880ab |
.B ss
|
|
Packit Service |
3880ab |
.RI [ options ] " [ FILTER ]"
|
|
Packit Service |
3880ab |
.SH DESCRIPTION
|
|
Packit Service |
3880ab |
.B ss
|
|
Packit Service |
3880ab |
is used to dump socket statistics. It allows showing information similar
|
|
Packit Service |
3880ab |
to
|
|
Packit Service |
3880ab |
.IR netstat .
|
|
Packit Service |
3880ab |
It can display more TCP and state information than other tools.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.SH OPTIONS
|
|
Packit Service |
3880ab |
When no option is used ss displays a list of open non-listening
|
|
Packit Service |
3880ab |
sockets (e.g. TCP/UNIX/UDP) that have established connection.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-h, \-\-help
|
|
Packit Service |
3880ab |
Show summary of options.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-V, \-\-version
|
|
Packit Service |
3880ab |
Output version information.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-H, \-\-no-header
|
|
Packit Service |
3880ab |
Suppress header line.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-O, \-\-oneline
|
|
Packit Service |
3880ab |
Print each socket's data on a single line.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-n, \-\-numeric
|
|
Packit Service |
3880ab |
Do not try to resolve service names. Show exact bandwidth values, instead of human-readable.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-r, \-\-resolve
|
|
Packit Service |
3880ab |
Try to resolve numeric address/ports.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-a, \-\-all
|
|
Packit Service |
3880ab |
Display both listening and non-listening (for TCP this means
|
|
Packit Service |
3880ab |
established connections) sockets.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-l, \-\-listening
|
|
Packit Service |
3880ab |
Display only listening sockets (these are omitted by default).
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-o, \-\-options
|
|
Packit Service |
3880ab |
Show timer information. For TCP protocol, the output format is:
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
timer:(<timer_name>,<expire_time>,<retrans>)
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <timer_name>
|
|
Packit Service |
3880ab |
the name of the timer, there are five kind of timer names:
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.B on
|
|
Packit Service |
3880ab |
: means one of these timers: TCP retrans timer, TCP early retrans
|
|
Packit Service |
3880ab |
timer and tail loss probe timer
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.BR keepalive ": tcp keep alive timer"
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.BR timewait ": timewait stage timer"
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.BR persist ": zero window probe timer"
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.BR unknown ": none of the above timers"
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <expire_time>
|
|
Packit Service |
3880ab |
how long time the timer will expire
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <retrans>
|
|
Packit Bot |
867fae |
how many times the retransmission occurred
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-e, \-\-extended
|
|
Packit Service |
3880ab |
Show detailed socket information. The output format is:
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
uid:<uid_number> ino:<inode_number> sk:<cookie>
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <uid_number>
|
|
Packit Service |
3880ab |
the user id the socket belongs to
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <inode_number>
|
|
Packit Service |
3880ab |
the socket's inode number in VFS
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <cookie>
|
|
Packit Service |
3880ab |
an uuid of the socket
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-m, \-\-memory
|
|
Packit Service |
3880ab |
Show socket memory usage. The output format is:
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
skmem:(r<rmem_alloc>,rb<rcv_buf>,t<wmem_alloc>,tb<snd_buf>,
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
f<fwd_alloc>,w<wmem_queued>,o<opt_mem>,
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
bl<back_log>,d<sock_drop>)
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <rmem_alloc>
|
|
Packit Service |
3880ab |
the memory allocated for receiving packet
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <rcv_buf>
|
|
Packit Service |
3880ab |
the total memory can be allocated for receiving packet
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <wmem_alloc>
|
|
Packit Service |
3880ab |
the memory used for sending packet (which has been sent to layer 3)
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <snd_buf>
|
|
Packit Service |
3880ab |
the total memory can be allocated for sending packet
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <fwd_alloc>
|
|
Packit Service |
3880ab |
the memory allocated by the socket as cache, but not used for
|
|
Packit Service |
3880ab |
receiving/sending packet yet. If need memory to send/receive packet,
|
|
Packit Service |
3880ab |
the memory in this cache will be used before allocate additional
|
|
Packit Service |
3880ab |
memory.
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <wmem_queued>
|
|
Packit Service |
3880ab |
The memory allocated for sending packet (which has not been sent to layer 3)
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <ropt_mem>
|
|
Packit Service |
3880ab |
The memory used for storing socket option, e.g., the key for TCP MD5 signature
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <back_log>
|
|
Packit Service |
3880ab |
The memory used for the sk backlog queue. On a process context, if the
|
|
Packit Service |
3880ab |
process is receiving packet, and a new packet is received, it will be
|
|
Packit Service |
3880ab |
put into the sk backlog queue, so it can be received by the process
|
|
Packit Service |
3880ab |
immediately
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B <sock_drop>
|
|
Packit Service |
3880ab |
the number of packets dropped before they are de-multiplexed into the socket
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-p, \-\-processes
|
|
Packit Service |
3880ab |
Show process using socket.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-i, \-\-info
|
|
Packit Service |
3880ab |
Show internal TCP information. Below fields may appear:
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ts
|
|
Packit Service |
3880ab |
show string "ts" if the timestamp option is set
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B sack
|
|
Packit Service |
3880ab |
show string "sack" if the sack option is set
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ecn
|
|
Packit Service |
3880ab |
show string "ecn" if the explicit congestion notification option is set
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ecnseen
|
|
Packit Service |
3880ab |
show string "ecnseen" if the saw ecn flag is found in received packets
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B fastopen
|
|
Packit Service |
3880ab |
show string "fastopen" if the fastopen option is set
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B cong_alg
|
|
Packit Service |
3880ab |
the congestion algorithm name, the default congestion algorithm is "cubic"
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B wscale:<snd_wscale>:<rcv_wscale>
|
|
Packit Service |
3880ab |
if window scale option is used, this field shows the send scale factor
|
|
Packit Service |
3880ab |
and receive scale factor
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B rto:<icsk_rto>
|
|
Packit Service |
3880ab |
tcp re-transmission timeout value, the unit is millisecond
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B backoff:<icsk_backoff>
|
|
Packit Service |
3880ab |
used for exponential backoff re-transmission, the actual
|
|
Packit Service |
3880ab |
re-transmission timeout value is icsk_rto << icsk_backoff
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B rtt:<rtt>/<rttvar>
|
|
Packit Service |
3880ab |
rtt is the average round trip time, rttvar is the mean deviation of
|
|
Packit Service |
3880ab |
rtt, their units are millisecond
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ato:<ato>
|
|
Packit Service |
3880ab |
ack timeout, unit is millisecond, used for delay ack mode
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B mss:<mss>
|
|
Packit Service |
3880ab |
max segment size
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B cwnd:<cwnd>
|
|
Packit Service |
3880ab |
congestion window size
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B pmtu:<pmtu>
|
|
Packit Service |
3880ab |
path MTU value
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ssthresh:<ssthresh>
|
|
Packit Service |
3880ab |
tcp congestion window slow start threshold
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B bytes_acked:<bytes_acked>
|
|
Packit Service |
3880ab |
bytes acked
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B bytes_received:<bytes_received>
|
|
Packit Service |
3880ab |
bytes received
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B segs_out:<segs_out>
|
|
Packit Service |
3880ab |
segments sent out
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B segs_in:<segs_in>
|
|
Packit Service |
3880ab |
segments received
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B send <send_bps>bps
|
|
Packit Service |
3880ab |
egress bps
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B lastsnd:<lastsnd>
|
|
Packit Service |
3880ab |
how long time since the last packet sent, the unit is millisecond
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B lastrcv:<lastrcv>
|
|
Packit Service |
3880ab |
how long time since the last packet received, the unit is millisecond
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B lastack:<lastack>
|
|
Packit Service |
3880ab |
how long time since the last ack received, the unit is millisecond
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B pacing_rate <pacing_rate>bps/<max_pacing_rate>bps
|
|
Packit Service |
3880ab |
the pacing rate and max pacing rate
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B rcv_space:<rcv_space>
|
|
Packit Service |
3880ab |
a helper variable for TCP internal auto tuning socket receive buffer
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B tcp-ulp-mptcp flags:[MmBbJjecv] token:<rem_token(rem_id)/loc_token(loc_id)> seq:<sn> sfseq:<ssn> ssnoff:<off> maplen:<maplen>
|
|
Packit Service |
3880ab |
MPTCP subflow information
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-\-tos
|
|
Packit Service |
3880ab |
Show ToS and priority information. Below fields may appear:
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B tos
|
|
Packit Service |
3880ab |
IPv4 Type-of-Service byte
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B tclass
|
|
Packit Service |
3880ab |
IPv6 Traffic Class byte
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B class_id
|
|
Packit Service |
3880ab |
Class id set by net_cls cgroup. If class is zero this shows priority
|
|
Packit Service |
3880ab |
set by SO_PRIORITY.
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-\-cgroup
|
|
Packit Service |
3880ab |
Show cgroup information. Below fields may appear:
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.P
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B cgroup
|
|
Packit Service |
3880ab |
Cgroup v2 pathname. This pathname is relative to the mount point of the hierarchy.
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-K, \-\-kill
|
|
Packit Service |
3880ab |
Attempts to forcibly close sockets. This option displays sockets that are
|
|
Packit Service |
3880ab |
successfully closed and silently skips sockets that the kernel does not support
|
|
Packit Service |
3880ab |
closing. It supports IPv4 and IPv6 sockets only.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-s, \-\-summary
|
|
Packit Service |
3880ab |
Print summary statistics. This option does not parse socket lists obtaining
|
|
Packit Service |
3880ab |
summary from various sources. It is useful when amount of sockets is so huge
|
|
Packit Service |
3880ab |
that parsing /proc/net/tcp is painful.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-E, \-\-events
|
|
Packit Service |
3880ab |
Continually display sockets as they are destroyed
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-Z, \-\-context
|
|
Packit Service |
3880ab |
As the
|
|
Packit Service |
3880ab |
.B \-p
|
|
Packit Service |
3880ab |
option but also shows process security context.
|
|
Packit Service |
3880ab |
.sp
|
|
Packit Service |
3880ab |
For
|
|
Packit Service |
3880ab |
.BR netlink (7)
|
|
Packit Service |
3880ab |
sockets the initiating process context is displayed as follows:
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.RS
|
|
Packit Service |
3880ab |
.IP "1." 4
|
|
Packit Service |
3880ab |
If valid pid show the process context.
|
|
Packit Service |
3880ab |
.IP "2." 4
|
|
Packit Service |
3880ab |
If destination is kernel (pid = 0) show kernel initial context.
|
|
Packit Service |
3880ab |
.IP "3." 4
|
|
Packit Service |
3880ab |
If a unique identifier has been allocated by the kernel or netlink user,
|
|
Packit Service |
3880ab |
show context as "unavailable". This will generally indicate that a
|
|
Packit Service |
3880ab |
process has more than one netlink socket active.
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.RE
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-z, \-\-contexts
|
|
Packit Service |
3880ab |
As the
|
|
Packit Service |
3880ab |
.B \-Z
|
|
Packit Service |
3880ab |
option but also shows the socket context. The socket context is
|
|
Packit Service |
3880ab |
taken from the associated inode and is not the actual socket
|
|
Packit Service |
3880ab |
context held by the kernel. Sockets are typically labeled with the
|
|
Packit Service |
3880ab |
context of the creating process, however the context shown will reflect
|
|
Packit Service |
3880ab |
any policy role, type and/or range transition rules applied,
|
|
Packit Service |
3880ab |
and is therefore a useful reference.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-N NSNAME, \-\-net=NSNAME
|
|
Packit Service |
3880ab |
Switch to the specified network namespace name.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-b, \-\-bpf
|
|
Packit Service |
3880ab |
Show socket BPF filters (only administrators are allowed to get these
|
|
Packit Service |
3880ab |
information).
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-4, \-\-ipv4
|
|
Packit Service |
3880ab |
Display only IP version 4 sockets (alias for -f inet).
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-6, \-\-ipv6
|
|
Packit Service |
3880ab |
Display only IP version 6 sockets (alias for -f inet6).
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-0, \-\-packet
|
|
Packit Service |
3880ab |
Display PACKET sockets (alias for -f link).
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-t, \-\-tcp
|
|
Packit Service |
3880ab |
Display TCP sockets.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-u, \-\-udp
|
|
Packit Service |
3880ab |
Display UDP sockets.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-d, \-\-dccp
|
|
Packit Service |
3880ab |
Display DCCP sockets.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-w, \-\-raw
|
|
Packit Service |
3880ab |
Display RAW sockets.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-x, \-\-unix
|
|
Packit Service |
3880ab |
Display Unix domain sockets (alias for -f unix).
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-S, \-\-sctp
|
|
Packit Service |
3880ab |
Display SCTP sockets.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-\-vsock
|
|
Packit Service |
3880ab |
Display vsock sockets (alias for -f vsock).
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-\-xdp
|
|
Packit Service |
3880ab |
Display XDP sockets (alias for -f xdp).
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Bot |
867fae |
.B \-\-inet-sockopt
|
|
Packit Bot |
867fae |
Display inet socket options.
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Service |
3880ab |
.B \-f FAMILY, \-\-family=FAMILY
|
|
Packit Service |
3880ab |
Display sockets of type FAMILY. Currently the following families are
|
|
Packit Service |
3880ab |
supported: unix, inet, inet6, link, netlink, vsock, xdp.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY
|
|
Packit Service |
3880ab |
List of socket tables to dump, separated by commas. The following identifiers
|
|
Packit Service |
3880ab |
are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram,
|
|
Packit Service |
3880ab |
unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp,
|
|
Packit Service |
3880ab |
vsock_stream, vsock_dgram, xdp Any item in the list may optionally be
|
|
Packit Service |
3880ab |
prefixed by an exclamation mark
|
|
Packit Service |
3880ab |
.RB ( ! )
|
|
Packit Service |
3880ab |
to exclude that socket table from being dumped.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-D FILE, \-\-diag=FILE
|
|
Packit Service |
3880ab |
Do not display anything, just dump raw information about TCP sockets
|
|
Packit Service |
3880ab |
to FILE after applying filters. If FILE is - stdout is used.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B \-F FILE, \-\-filter=FILE
|
|
Packit Service |
3880ab |
Read filter information from FILE. Each line of FILE is interpreted
|
|
Packit Service |
3880ab |
like single command line option. If FILE is - stdin is used.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
|
|
Packit Service |
3880ab |
Please take a look at the official documentation for details regarding filters.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.SH STATE-FILTER
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.B STATE-FILTER
|
|
Packit Service |
3880ab |
allows to construct arbitrary set of states to match. Its syntax is
|
|
Packit Service |
3880ab |
sequence of keywords state and exclude followed by identifier of
|
|
Packit Service |
3880ab |
state.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
Available identifiers are:
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
All standard TCP states:
|
|
Packit Service |
3880ab |
.BR established ", " syn-sent ", " syn-recv ", " fin-wait-1 ", " fin-wait-2 ", " time-wait ", " closed ", " close-wait ", " last-ack ", "
|
|
Packit Service |
3880ab |
.BR listening " and " closing.
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.B all
|
|
Packit Service |
3880ab |
- for all the states
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.B connected
|
|
Packit Service |
3880ab |
- all the states except for
|
|
Packit Service |
3880ab |
.BR listening " and " closed
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.B synchronized
|
|
Packit Service |
3880ab |
- all the
|
|
Packit Service |
3880ab |
.B connected
|
|
Packit Service |
3880ab |
states except for
|
|
Packit Service |
3880ab |
.B syn-sent
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.B bucket
|
|
Packit Service |
3880ab |
- states, which are maintained as minisockets, i.e.
|
|
Packit Service |
3880ab |
.BR time-wait " and " syn-recv
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.B big
|
|
Packit Service |
3880ab |
- opposite to
|
|
Packit Service |
3880ab |
.B bucket
|
|
Packit Service |
3880ab |
|
|
Packit Bot |
867fae |
.SH EXPRESSION
|
|
Packit Bot |
867fae |
|
|
Packit Bot |
867fae |
.B EXPRESSION
|
|
Packit Bot |
867fae |
allows filtering based on specific criteria.
|
|
Packit Bot |
867fae |
.B EXPRESSION
|
|
Packit Bot |
867fae |
consists of a series of predicates combined by boolean operators. The possible operators in increasing
|
|
Packit Bot |
867fae |
order of precedence are
|
|
Packit Bot |
867fae |
.B or
|
|
Packit Bot |
867fae |
(or | or ||),
|
|
Packit Bot |
867fae |
.B and
|
|
Packit Bot |
867fae |
(or & or &&), and
|
|
Packit Bot |
867fae |
.B not
|
|
Packit Bot |
867fae |
(or !). If no operator is between consecutive predicates, an implicit
|
|
Packit Bot |
867fae |
.B and
|
|
Packit Bot |
867fae |
operator is assumed. Subexpressions can be grouped with "(" and ")".
|
|
Packit Bot |
867fae |
.P
|
|
Packit Bot |
867fae |
The following predicates are supported:
|
|
Packit Bot |
867fae |
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Bot |
867fae |
.B {dst|src} [=] HOST
|
|
Packit Bot |
867fae |
Test if the destination or source matches HOST. See HOST SYNTAX for details.
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Bot |
867fae |
.B {dport|sport} [OP] [FAMILY:]:PORT
|
|
Packit Bot |
867fae |
Compare the destination or source port to PORT. OP can be any of "<", "<=", "=", "!=",
|
|
Packit Bot |
867fae |
">=" and ">". Following normal arithmetic rules. FAMILY and PORT are as described in
|
|
Packit Bot |
867fae |
HOST SYNTAX below.
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Bot |
867fae |
.B dev [=|!=] DEVICE
|
|
Packit Bot |
867fae |
Match based on the device the connection uses. DEVICE can either be a device name or the
|
|
Packit Bot |
867fae |
index of the interface.
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Bot |
867fae |
.B fwmark [=|!=] MASK
|
|
Packit Bot |
867fae |
Matches based on the fwmark value for the connection. This can either be a specific mark value
|
|
Packit Bot |
867fae |
or a mark value followed by a "/" and a bitmask of which bits to use in the comparison. For example
|
|
Packit Bot |
867fae |
"fwmark = 0x01/0x03" would match if the two least significant bits of the fwmark were 0x01.
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Bot |
867fae |
.B cgroup [=|!=] PATH
|
|
Packit Bot |
867fae |
Match if the connection is part of a cgroup at the given path.
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Bot |
867fae |
.B autobound
|
|
Packit Bot |
867fae |
Match if the port or path of the source address was automatically allocated
|
|
Packit Bot |
867fae |
(rather than explicitly specified).
|
|
Packit Bot |
867fae |
.P
|
|
Packit Bot |
867fae |
Most operators have aliases. If no operator is supplied "=" is assumed.
|
|
Packit Bot |
867fae |
Each of the following groups of operators are all equivalent:
|
|
Packit Bot |
867fae |
.RS
|
|
Packit Bot |
867fae |
.IP \(bu 2
|
|
Packit Bot |
867fae |
= == eq
|
|
Packit Bot |
867fae |
.IP \(bu
|
|
Packit Bot |
867fae |
!= ne neq
|
|
Packit Bot |
867fae |
.IP \(bu
|
|
Packit Bot |
867fae |
> gt
|
|
Packit Bot |
867fae |
.IP \(bu
|
|
Packit Bot |
867fae |
< lt
|
|
Packit Bot |
867fae |
.IP \(bu
|
|
Packit Bot |
867fae |
>= ge geq
|
|
Packit Bot |
867fae |
.IP \(bu
|
|
Packit Bot |
867fae |
<= le leq
|
|
Packit Bot |
867fae |
.IP \(bu
|
|
Packit Bot |
867fae |
! not
|
|
Packit Bot |
867fae |
.IP \(bu
|
|
Packit Bot |
867fae |
| || or
|
|
Packit Bot |
867fae |
.IP \(bu
|
|
Packit Bot |
867fae |
& && and
|
|
Packit Bot |
867fae |
.RE
|
|
Packit Bot |
867fae |
.SH HOST SYNTAX
|
|
Packit Bot |
867fae |
.P
|
|
Packit Bot |
867fae |
The general host syntax is [FAMILY:]ADDRESS[:PORT].
|
|
Packit Bot |
867fae |
.P
|
|
Packit Bot |
867fae |
FAMILY must be one of the families supported by the -f option. If not given
|
|
Packit Bot |
867fae |
it defaults to the family given with the -f option, and if that is also
|
|
Packit Bot |
867fae |
missing, will assume either inet or inet6. Note that all host conditions in the
|
|
Packit Bot |
867fae |
expression should either all be the same family or be only inet and inet6. If there
|
|
Packit Bot |
867fae |
is some other mixture of families, the results will probably be unexpected.
|
|
Packit Bot |
867fae |
.P
|
|
Packit Bot |
867fae |
The form of ADDRESS and PORT depends on the family used. "*" can be used as
|
|
Packit Bot |
867fae |
a wildcard for either the address or port. The details for each family are as
|
|
Packit Bot |
867fae |
follows:
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Bot |
867fae |
.B unix
|
|
Packit Bot |
867fae |
ADDRESS is a glob pattern (see
|
|
Packit Bot |
867fae |
.BR fnmatch (3))
|
|
Packit Bot |
867fae |
that will be matched case-insensitively against the unix socket's address. Both path and abstract
|
|
Packit Bot |
867fae |
names are supported. Unix addresses do not support a port, and "*" cannot be used as a wildcard.
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Bot |
867fae |
.B link
|
|
Packit Bot |
867fae |
ADDRESS is the case-insensitive name of an Ethernet protocol to match. PORT
|
|
Packit Bot |
867fae |
is either a device name or a device index for the desired link device, as seen
|
|
Packit Bot |
867fae |
in the output of ip link.
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Bot |
867fae |
.B netlink
|
|
Packit Bot |
867fae |
ADDRESS is a descriptor of the netlink family. Possible values come from
|
|
Packit Bot |
867fae |
/etc/iproute2/nl_protos. PORT is the port id of the socket, which is usually
|
|
Packit Bot |
867fae |
the same as the owning process id. The value "kernel" can be used to represent
|
|
Packit Bot |
867fae |
the kernel (port id of 0).
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Bot |
867fae |
.B vsock
|
|
Packit Bot |
867fae |
ADDRESS is an integer representing the CID address, and PORT is the port.
|
|
Packit Bot |
867fae |
.TP
|
|
Packit Bot |
867fae |
.BR inet \ and\ inet6
|
|
Packit Bot |
867fae |
ADDRESS is an ip address (either v4 or v6 depending on the family) or a DNS
|
|
Packit Bot |
867fae |
hostname that resolves to an ip address of the required version. An ipv6
|
|
Packit Bot |
867fae |
address must be enclosed in "[" and "]" to disambiguate the port separator. The
|
|
Packit Bot |
867fae |
address may additionally have a prefix length given in CIDR notation (a slash
|
|
Packit Bot |
867fae |
followed by the prefix length in bits). PORT is either the numerical
|
|
Packit Bot |
867fae |
socket port, or the service name for the port to match.
|
|
Packit Bot |
867fae |
|
|
Packit Service |
3880ab |
.SH USAGE EXAMPLES
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ss -t -a
|
|
Packit Service |
3880ab |
Display all TCP sockets.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ss -t -a -Z
|
|
Packit Service |
3880ab |
Display all TCP sockets with process SELinux security contexts.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ss -u -a
|
|
Packit Service |
3880ab |
Display all UDP sockets.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ss -o state established '( dport = :ssh or sport = :ssh )'
|
|
Packit Service |
3880ab |
Display all established ssh connections.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ss -x src /tmp/.X11-unix/*
|
|
Packit Service |
3880ab |
Find all local processes connected to X server.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24
|
|
Packit Service |
3880ab |
List all the tcp sockets in state FIN-WAIT-1 for our apache to network
|
|
Packit Service |
3880ab |
193.233.7/24 and look at their timers.
|
|
Packit Service |
3880ab |
.TP
|
|
Packit Service |
3880ab |
.B ss -a -A 'all,!tcp'
|
|
Packit Service |
3880ab |
List sockets in all states from all socket tables but TCP.
|
|
Packit Service |
3880ab |
.SH SEE ALSO
|
|
Packit Service |
3880ab |
.BR ip (8),
|
|
Packit Service |
3880ab |
.br
|
|
Packit Service |
3880ab |
.BR RFC " 793 "
|
|
Packit Service |
3880ab |
- https://tools.ietf.org/rfc/rfc793.txt (TCP states)
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
.SH AUTHOR
|
|
Packit Service |
3880ab |
.I ss
|
|
Packit Service |
3880ab |
was written by Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>.
|
|
Packit Service |
3880ab |
.PP
|
|
Packit Service |
3880ab |
This manual page was written by Michael Prokop <mika@grml.org>
|
|
Packit Service |
3880ab |
for the Debian project (but may be used by others).
|