Base command format:
ss [options] [ FILTER ]
Some basic snippets to use it are.
netstati.e. get listening tcp sockets:
ss -t4 state syn-sent
ss -o state established
ss exclude TIME_WAIT
ss -nt dst 10.0.0.1:80
ss -npt dst 10.0.0.1:80
ss -0 state established '( dport = :ssh or sport = :ssh )'
sudo ss -na dport = :6379
sudo ss -nt dport = :6379
sudo ss -na state established dport = :6379
ss -nt dst 10.0.0.0/16
ss -na dst 10.20.0.0/16 dport = :6379
A bit advanced here, you’ll be okay with above section for daily use.
uid:<uid_number> ino:<inode_number> sk:<cookie>
The output format is:
rmem-alloc: the memory allocated for receiving packet
rcv-buf: the total memory can be allocated for receiving packet
wmem-alloc: the memory used for sending packet (which has been sent to layer 3)
snd-buf: the total memory can be allocated for sending packet
fwd-alloc: the memory allocated by the socket as cache, but not used for receiving/sending packet yet. If need memory to send/receive packet, the memory in this cache will be used before allocate additional memory.
wmem-queued: The memory allocated for sending packet (which has not been sent to layer 3)
opt-mem: The memory used for storing socket option, e.g., the key for TCP MD5 signature
back-log: The memory used for the sk backlog queue. On a process context, if the process is receiving packet, and a new packet is received, it will be put into the sk backlog queue, so it can be received by the process immediately