If you are still using netstat you are doing it wrong. Netstat was replaced by ss many moons ago and it’s long overdue to throw out the old and learn how to get the same result but in a whole new way. Because we all love to learn stuff just for the fun of it, right.
But seriously, ss is way better than nestat because it talks to the kernel directly via Netlink and can thus give you much more info than the old netstat ever could. So to help old folks like me transition from netstat to ss I’ll give you a translation table to port you over. But first, in case there are some newcomers whom isn’t encumbered with old baggage I’ll quickly describe a few common tasks you can do in ss.
Check open ports that someone is listening to
One of my most common use cases is to see if my process is up and running and listening to connections, or if there’s is something listening to a port I wanna know who it is. To do this use the flags --listening to get sessions with the LISTEN state, --processes to get the process that is listening, and to clean up we use --numeric since I never remember that sunrpc means port 111:
$ ss --listening --tcp --numeric --processes
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 127.0.0.1:27060 0.0.0.0:* users:(("steam",pid=29811,fd=45))
LISTEN 0 10 0.0.0.0:57621 0.0.0.0:* users:(("spotify",pid=11223,fd=106))
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:17500 0.0.0.0:* users:(("dropbox",pid=13706,fd=98))
LISTEN 0 128 0.0.0.0:27036 0.0.0.0:* users:(("steam",pid=29811,fd=82))
LISTEN 0 128 127.0.0.1:57343 0.0.0.0:* users:(("steam",pid=29811,fd=39))
Check active connections
Checking just active sessions is easy. Just type ss. If you want to filter and show only TCP connection use the --tcp flag like so:
$ ss --tcp State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.1.102:57044 162.125.18.133:https ESTAB 0 0 192.168.1.102:34008 104.16.3.35:https CLOSE-WAIT 32 0 192.168.1.102:52008 162.125.70.7:https
The same goes for UDP and the --udp flag.
Get a summary
Instead of listing individual sessions you can also get a nice summary of all sessions by using the --summary flag:
$ ss --summary Total: 1625 TCP: 77 (estab 40, closed 12, orphaned 0, timewait 6) Transport Total IP IPv6 RAW 0 0 0 UDP 33 29 4 TCP 65 59 6 INET 98 88 10 FRAG 0 0 0
Translation table going from netstat to ss
Lastly, as promised here is a nice table to help you transition. Believe me, it’s quite easy to remember.
| netstat -a | ss |
| netstat -au | ss -u |
| netstat -ap | grep ssh | ss -p | grep ssh |
| netstat -l | ss -l |
| netstat -lpn | ss -lpn |
| netstat -r | ip route |
| netstat -g | ip maddr |
Ephracis 