Alternative for netstat: ss tool

System administrators and security professionals searching for listening ports on a server, are definitely familiar with the netstat command. However, newer distributions do not have the tool default installed anymore. Time to start using ss besides our beloved netstat command.

ss

Socket statistics, or ss for short, is an easy replacement command for netstat. One way to use it, is with the option -a, short for all information.

ss -a

This reveals a lot of information, so it might be better to tune it to something like ss -aut.

  • -a: show listening and non-listening sockets
  • -u: show UDP
  • -t: show TCP
# ss -aut
Netid State      Recv-Q Send-Q        Local Address:Port        Peer Address:Port
udp   UNCONN     0      0                         *:bootpc                 *:*
tcp   LISTEN     0      128                       *:ssh                    *:*
tcp   ESTAB      0      0             192.168.1.251:ssh        192.168.1.220:hnmp
tcp   LISTEN     0      128                      :::19531                 :::*
tcp   LISTEN     0      128                      :::ssh                   :::*

This way it will show similar information to what netstat shows. When using it for very specific requests, you should refer to the man page, as it has some nice options. One of them is showing specific TCP connection state information

Output of ss -i command with detailed TCP state information

Detailed TCP state information included with ss -i

Overview of common ss options

Full optionShort optionUsage
–all-aShow listening and non-listening sockets (e.g. active connections)
–listening-lDisplay only listening sockets
–numeric-nDo not resolve names, such as hostnames, or services
–processes-pShow process name
–tcp-tTCP sockets
–udp-uUDP sockets

People who like to audit their system and investigate what ports are opened, can use this command as an alternative to systems without netstat. Right now most systems will have one of the tools available.

As these flags aren’t always easy to remember, a good tip might be to think of plants, as it reveals a good amount of information.

ss -plants

Conclusion

Not many people like change. But if you like it or not, ss will be there when netstat is not. Besides that, ss has a few benefits like showing interesting new information.

Learn more about ss

This article uses the ss command to achieve its tasks. For this popular tool there is a cheat sheet available!

» Mastering the tool: ss

ss cheat sheet

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.

Mastodon icon