ss #

-h, --help
    Show summary of options.

-V, --version
    Output version information.

-H, --no-header
    Suppress header line.

-O, --oneline
    Print each socket's data on a single line.

-n, --numeric
    Do not try to resolve service names. Show exact bandwidth values, instead of human-readable.

-r, --resolve
    Try to resolve numeric address/ports.

-l, --listening
    Display only listening sockets (these are omitted by default).

-p, --processes
    Show process using socket.

-s, --summary
    Print  summary  statistics.  This  option  does  not  parse socket lists obtaining summary from various sources. It is useful when amount of sockets is so huge that parsing /proc/net/tcp is painful.

-4, --ipv4
    Display only IP version 4 sockets (alias for -f inet).

-6, --ipv6
    Display only IP version 6 sockets (alias for -f inet6).

-t, --tcp
    Display TCP sockets.

-u, --udp
    Display UDP sockets.

-x, --unix
    Display Unix domain sockets (alias for -f unix).

-A QUERY, --query=QUERY, --socket=QUERY
    List of socket tables to dump, separated by commas. The  following  identifiers  are  understood:  all,
    inet,  tcp,  udp,  raw,  unix,  packet,  netlink,  unix_dgram, unix_stream, unix_seqpacket, packet_raw,
    packet_dgram, dccp, sctp, vsock_stream, vsock_dgram, xdp Any item in the list may  optionally  be  pre‐
    fixed by an exclamation mark (!)  to exclude that socket table from being dumped.

# 列出TCP监听端口
ss -lnt

# 列出TCP监听端口以及相应的进程
ss -lntp

# 列出UDP监听端口
ss -lnu

# 列出 Unix domain sockets 监听地址
ss -lx

# 显示sshd监听端口已建立的连接（如果sshd监听端口是2222，则把 :ssh 改成 2222）
ss -lnto state established '( sport = :ssh )'

# 显示连进来或连出去的ssh连接
ss -no state established '( sport = :ssh or dport = :ssh )'

# 显示连接到 X server 的所有本地进程
ss -p -x src "/tmp/.X11-unix/*"