Alternative for netstat: ss tool

Alternative for netstat

System administrators and security professionals searching for listening ports on a server, are definitely familiar with the netstat command. However, newer distributions do not have the tool default installed anymore. Time to start using ss besides our beloved netstat command.


Socket statistics, or ss for short, is an easy replacement command for netstat. One way to use it, is with parameters ss -aut

  • -a: show listening and non-listening sockets
  • -u: show UDP
  • -t: show TCP
[root@archlinux ~]# ss -aut
Netid State      Recv-Q Send-Q                                                 Local Address:Port                                           Peer Address:Port
udp   UNCONN     0      0                                                                  *:bootpc                                                    *:*
tcp   LISTEN     0      128                                                                *:ssh                                                       *:*
tcp   ESTAB      0      0                                                                             
tcp   LISTEN     0      128                                                               :::19531                                                    :::*
tcp   LISTEN     0      128                                                               :::ssh                                                      :::*

This way it will show similar information to what netstat shows. When using it for very specific requests, you should refer to the man page, as it has some nice options. One of them is showing specific TCP connection state information

Output of ss -i command with detailed TCP state information

Detailed TCP state information included with ss -i

People who like to audit their system and investigate what ports are opened, can use this command as an alternative to systems without netstat. Right now most systems will have one of the tools available.


Not many people like change. But if you like it or not, ss will be there when netstat is not. Besides that, ss has a few benefits like showing interesting new information.

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package

Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.