When managing a server or troubleshooting network issues, it’s crucial to know which services are listening on which ports and what connections are currently active. One powerful command-line tool that helps achieve this is the ss
(Socket Stat) command. In this article, we’ll explore how to use the ss
command to check current connections on your Linux system by targeting specific ports. We’ll also cover practical examples for various services and explain what you need to get started.
What is the ss
Command?
The ss
command is a utility that provides detailed information about network socket connections. It’s more efficient than the older netstat
command, especially for monitoring high-load servers. The ss
command can display TCP, UDP, and other socket connections along with various details such as connection status, IP addresses, and port numbers.
Checking Current Connections with ss
To check which connections are active on a specific port, you can use the following command:
ss -tnp | grep ':<port number>'
Here’s a breakdown of the command:
ss
: The main command to display socket statistics.-t
: Shows TCP sockets.-n
: Displays the port numbers as numeric values rather than resolving them to service names.-p
: Displays process information for each connection (requires root privileges).grep ':<port number>'
: Filters the output to show only connections related to the specified port number.
Example: Checking Current Connections for Specific Services
Below are examples of using the ss
command to check current connections for different common services.
- Check Active Connections on Port 80 (HTTP)
To check all connections on port 80, typically used by HTTP services, run:
ss -tnp | grep ':80'
This command will display all active TCP connections to port 80, showing which IP addresses are connected to the HTTP server and which processes are handling those connections.
- Check Active Connections on Port 443 (HTTPS)
To monitor secure web traffic, use port 443:
ss -tnp | grep ':443'
This will list all active connections on port 443, commonly used for HTTPS traffic.
- Check Active Connections on Port 22 (SSH)
To monitor SSH connections, which are typically on port 22, run:
ss -tnp | grep ':22'
This command will provide information about all active SSH sessions, helping you identify unauthorized access or multiple SSH connections.
- Check Active Connections on Port 3306 (MySQL)
If you’re running a MySQL server and want to check active connections on its default port, 3306, you can use:
ss -tnp | grep ':3306'
This command will display all active TCP connections to your MySQL database, which can help you monitor database activity and identify potentially malicious connections.
Understanding the Output
The output of the ss
command will look similar to this:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
ESTAB 0 0 192.168.1.2:22 192.168.1.100:53010 users:(("sshd",pid=1234,fd=3))
- State: The state of the connection (e.g., ESTAB for established connections).
- Recv-Q / Send-Q: The receive and send queues, respectively.
- Local Address: The IP address and port number on the local machine.
- Peer Address: The IP address and port number of the remote machine.
- Process: The process responsible for the connection.
Installing the ss
Command
The ss
command is part of the iproute2
package, which is typically installed by default on most modern Linux distributions. You can check if it’s available by running:
ss --version
If you receive a version number in response, you’re good to go. If not, you may need to install the package using your distribution’s package manager:
- Debian/Ubuntu:
sudo apt-get update sudo apt-get install iproute2
- Rocky Linux / Alma Linux / Oracle Linux / RHEL:
sudo dnf install iproute
Conclusion
The ss
command is a versatile tool for monitoring and troubleshooting network connections on Linux systems. By using it to check connections on specific ports, you can easily keep an eye on your services and detect any unusual activity. Make sure the iproute2
package is installed on your system, and start monitoring your network like a pro!