These programs follow the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below.
-h, --help Show summary of options.
-V, --version Output version information.
-n, --numeric Do not try to resolve service names.
-r, --resolve Try to resolve numeric address/ports.
-a, --all Display both listening and non-listening (for TCP this means established connections) sockets.
-l, --listening Display only listening sockets (these are omitted by default).
-o, --options Show timer information.
-e, --extended Show detailed socket information
-m, --memory Show socket memory usage.
-p, --processes Show process using socket.
-i, --info Show internal TCP information.
-s, --summary Print summary statistics. This option does not parse socket lists obtaining summary from various sources. It is useful when amount of sockets is so huge that parsing /proc/net/tcp is painful.
-4, --ipv4 Display only IP version 4 sockets (alias for -f inet).
-6, --ipv6 Display only IP version 6 sockets (alias for -f inet6).
-0, --packet Display PACKET sockets (alias for -f link).
-t, --tcp Display TCP sockets.
-u, --udp Display UDP sockets.
-d, --dccp Display DCCP sockets.
-w, --raw Display RAW sockets.
-x, --unix Display Unix domain sockets (alias for -f unix).
-f FAMILY, --family=FAMILY Display sockets of type FAMILY. Currently the following families are supported: unix, inet, inet6, link, netlink.
-A QUERY, --query=QUERY, --socket=QUERY List of socket tables to dump, separated by commas. The following identifiers are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream, packet_raw, packet_dgram.
-D FILE, --diag=FILE Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used.
-F FILE, --filter=FILE Read filter information from FILE. Each line of FILE is interpreted like single command line option. If FILE is - stdin is used.
FILTER := [ state TCP-STATE ] [ EXPRESSION ] Please take a look at the official documentation (Debian package iproute-doc) for details regarding filters.
ss -t -a Display all TCP sockets.
ss -u -a Display all UDP sockets.
ss -o state established '( dport = :ssh or sport = :ssh )' Display all established ssh connections.
ss -x src /tmp/.X11-unix/* Find all local processes connected to X server.
ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24 List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7/24 and look at their timers.
This manual page was written by Michael Prokop <mika (at] grml.org> for the Debian project (but may be used by others).