Alternative for netstat: ss tool

Alternative for netstat

System administrators and security professionals searching for listening ports on a server, are definitely familiar with the netstat command. However, newer distributions do not have the tool default installed anymore. Time to start using ss besides our beloved netstat command.


Socket statistics, or ss for short, is an easy replacement command for netstat. One way to use it, is with parameters ss -aut

  • -a: show listening and non-listening sockets
  • -u: show UDP
  • -t: show TCP
[root@archlinux ~]# ss -aut
Netid State      Recv-Q Send-Q                                                 Local Address:Port                                           Peer Address:Port
udp   UNCONN     0      0                                                                  *:bootpc                                                    *:*
tcp   LISTEN     0      128                                                                *:ssh                                                       *:*
tcp   ESTAB      0      0                                                                             
tcp   LISTEN     0      128                                                               :::19531                                                    :::*
tcp   LISTEN     0      128                                                               :::ssh                                                      :::*

This way it will show similar information to what netstat shows. When using it for very specific requests, you should refer to the man page, as it has some nice options. One of them is showing specific TCP connection state information

Output of ss -i command with detailed TCP state information

Detailed TCP state information included with ss -i

People who like to audit their system and investigate what ports are opened, can use this command as an alternative to systems without netstat. Right now most systems will have one of the tools available.


Not many people like change. But if you like it or not, ss will be there when netstat is not. Besides that, ss has a few benefits like showing interesting new information.

Lynis Enterprise

Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series and the mission to get Linux and Unix-based systems more secure.

Does system hardening take a lot of time, or do you have any compliance in your company? Have a look at Lynis Enterprise.

Or start today with the open source security scanner Lynis (GitHub)

Leave a Reply

Your email address will not be published. Required fields are marked *