The ss command. A very useful way to find open and listening ports on a Linux system.

Posted: August 9, 2017. At: 9:14 PM. This was 1 month ago. Post ID: 7613

The ss command for Linux allows a user to list all listening ports on a Linux system.

This command lists all listening TCP ports.

homer@deusexmachina ~ $ ss -l -t
State       Recv-Q Send-Q                          Local Address:Port                              Peer Address:Port   
LISTEN      0      1                                   127.0.0.1:4101                                         *:*       
LISTEN      0      50                                          *:netbios-ssn                                      *:*       
LISTEN      0      128                                         *:sunrpc                                       *:*       
LISTEN      0      128                                 127.0.0.1:ipp                                          *:*       
LISTEN      0      128                                         *:https                                        *:*       
LISTEN      0      50                                          *:microsoft-ds                                      *:*       
LISTEN      0      50                                         :::netbios-ssn                                     :::*       
LISTEN      0      128                                        :::sunrpc                                      :::*       
LISTEN      0      128                                       ::1:ipp                                         :::*       
LISTEN      0      128                                        :::https                                       :::*       
LISTEN      0      50                                         :::microsoft-ds                                     :::*

And this is how to list all listening UDP ports.

homer@deusexmachina ~ $ ss -l -u
State       Recv-Q Send-Q                          Local Address:Port                              Peer Address:Port   
UNCONN      0      0                                           *:bootpc                                       *:*       
UNCONN      0      0                                           *:sunrpc                                       *:*       
UNCONN      0      0                               192.168.100.4:ntp                                          *:*       
UNCONN      0      0                                   127.0.0.1:ntp                                          *:*       
UNCONN      0      0                                           *:ntp                                          *:*       
UNCONN      0      0                             192.168.100.255:netbios-ns                                      *:*       
UNCONN      0      0                               192.168.100.4:netbios-ns                                      *:*       
UNCONN      0      0                                           *:netbios-ns                                      *:*       
UNCONN      0      0                             192.168.100.255:netbios-dgm                                      *:*       
UNCONN      0      0                               192.168.100.4:netbios-dgm                                      *:*       
UNCONN      0      0                                           *:netbios-dgm                                      *:*       
UNCONN      0      0                                           *:12931                                        *:*       
UNCONN      0      0                                           *:913                                          *:*       
UNCONN      0      0                                           *:mdns                                         *:*       
UNCONN      0      0                                           *:1900                                         *:*       
UNCONN      0      0                                           *:60439                                        *:*       
UNCONN      0      0                                          :::sunrpc                                      :::*       
UNCONN      0      0                   fe80::fa1a:67ff:fe10:b163:ntp                                         :::*       
UNCONN      0      0                             fe80::7a94:7b57:ntp                                         :::*       
UNCONN      0      0                        2001:470:1f06:1b5::2:ntp                                         :::*       
UNCONN      0      0                                         ::1:ntp                                         :::*       
UNCONN      0      0                                          :::ntp                                         :::*       
UNCONN      0      0                                          :::53609                                       :::*       
UNCONN      0      0                                          :::913                                         :::*       
UNCONN      0      0                                          :::mdns                                        :::*       
UNCONN      0      0                                          :::1865                                        :::*

The output of the ss command is very much like the familiar netstat command; but this command has greater capabilities.

Type: ss -a to list listening and non-listening ports.

The ss -i command will list all internal TCP information. This is therefore a very useful alternative to the traditionally used netstat utility.

Print summary statistics about your network traffic.

ubuntu ~ $ ss -s
Total: 115 (kernel 0)
TCP:   8 (estab 1, closed 1, orphaned 0, synrecv 0, timewait 0/0), ports 0
 
Transport Total     IP        IPv6
*         0         -         -
RAW       0         0         0
UDP       3         2         1
TCP       7         4         3
INET      10        6         4
FRAG      0         0         0

Print keepalive information about each network connection. The keepalive signal keeps the network connection open for use.

ubuntu ~ $ ss -tn -o
State      Recv-Q Send-Q                                                      Local Address:Port                                                        Peer Address:Port
ESTAB      0      0                                                            172.31.20.16:22                                                        192.168.10.77:50981  timer:(keepalive,116min,0)

List all listening IPv4 services on the machine.

ubuntu ~ $ ss -tl4
State      Recv-Q Send-Q                                                    Local Address:Port                                                        Peer Address:Port
LISTEN     0      128                                                                   *:ssh                                                                    *:*
LISTEN     0      1                                                                     *:https                                                                  *:*
LISTEN     0      50                                                            127.0.0.1:mysql                                                                  *:*

List all listening ipv4 services that are actually using an established connection.

ubuntu ~ $ ss -t4 state established
Recv-Q Send-Q                                                         Local Address:Port                                                             Peer Address:Port
0      0                                                               172.31.20.16:ssh                                                            192.168.10.77:50981

No comments have been made. Use this form to start the conversation :)

Leave a Reply