Jump to content

Best Debian 10 Netstat Alternative

Linux Hint

By Linux Hint
in Linux

 Share

Recommended Posts

Linux Hint Newbie

Linux Hint

Posted
Posted
The Socket Statistics, or ‘ss,’ command has replaced the netstat command through its incorporation of the iproute suite of tools. Using the ss command, a user can print all the relevant information about network socket connections more quickly and with more detail than the netstat command. The netstat command approach is also slower because it collects information from reading the /proc files, and it takes a significant amount of time to display several network connections at once. Meanwhile, the ss command directly collects information from kernel space. Even so, the options that are used with ss command are quite similar. So, you can easily use the ss command as an improved alternative for the netstat command.

This article covers the usage of the ss command with some straightforward examples. All the commands shown in this article were executed on the Ubuntu 20.04 distribution to check the statistics of socket and network connections.

Example 1: List Network Connection Using ss Command

You can easily list all network connections present in a system, including TCP, UDP, and UNIX socket connections, using the following ss command. The output is displayed in “less” format so that you can scroll through the output window:

$ ss | less

1-17.png

Example 2: List TCP, UDP, & Unix Socket Connections

You can also filter out the TCP, UDP, and UNIX socket connections using the following options:

Using only the “t” option displays connections that are ‘Connected’ or ‘Established.’ This option alone does not show you the TCP socket connections that are ‘Listening.’

$ ss –t

2-10.png

For TCP, use the ‘-t’ option, along with the ‘-A’ tag.

$ ss -A tcp

3-11.png

For UDP connections, use the following command:

$ ss -ua

4-9.png

$ ss -a -A udp

5-10.png

The ‘a’ option displays both ‘Connected’ and ‘Listening’ sockets. UDP is a connectionless protocol, so using ‘ss -u’ alone will not display anything. However, the ‘a’ can be used to show all UDP connections.

For Unix socket connections, use the following command:

$ ss x

6-8.png

Example 3: Display Faster Output

The “n” option used with ‘t’ prevents socket statistics from resolving IP addresses to hostnames and displays the faster output, as follows:

$ ss -nt

7-7.png

Example 4: Display Listening Sockets Only

You can also display only the TCP socket connections that are listening. The “n” option ignores resolving the hostnames of the IP address to display the output more quickly.

$ ss -ltn

8-7.png

For all UDP listening connections, replace the ‘t’ option with the ‘u’ option, as follows:

$ ss -lun

9-4.png

Example 5: Display Process Name with pid

You can display the process name, along with the pid of each process, using the following ss command with the ‘-ltp’ option:

$ sudo ss –ltp

10-4.png

Example 6: Display Statistics

The use of the ‘s’ option with the ss command displays the complete statistics, as follows:

$ ss -s

11-2.png

Example 7: Display Timer Details of Connection

By using the ‘-o’ option with the ss command, you can display the time information of each connection. The time details inform the user how long this connection has been maintained:

$ ss -tn -o

12-2.png

Example 8: Print IPV6 or IPV4 Socket Connection

To print the IPv4 socket connections only, use the ‘-4’ option with ‘-f inet,’ as follows:

$ ss –tl4

13-2.png

$ ss -tl -f inet

14-2.png

For IPV6, use the ‘-6’ option or ‘-f inet.’

$ ss -tl6

15-1.png

Example 9: Filter TCP Connections by State

You can also filter connections by connection state with the ss command. Connections can exist in various states, such as established, syn-recv, syn-sent, fin-wait-1, fin-wait-2, time-wait, close-wait, closed, all, last-ack, closing, connected, bucket, synchronized, and bucket.

So, according to the user requirements, you can use and filter any connection state by running the following command:

$ ss [ OPTIONS ] state [ State-name ]
$ ss -t4 state established

16.png

In the above example, we filtered all ‘established’ socket connections of TCP.

$ ss –t4 state time-wait

17.png

$ ss –t4 state connected

18.png

Example 10: Filter Address by Port Number

You can also filter the connection by the port number or by a specified IP address, as follows:

$ ss –nt dst 127.0.0.1:45807

19.png

$ sudo ss –ntlp sport gt :5000

20.png

Conclusion

This article explored the various uses of the ss command. The ss command is the best alternative for the netstat command, as you have seen in this tutorial. Using the above examples, you can easily monitor system sockets and network connections.

View the full article

  • Thanks 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...