Posted on
commands

Checking Network Connections with `netstat` and `ss`

Author
  • User
    Linux Bash
    Posts by this author
    Posts by this author

Exploring Network Connections and Troubleshooting Using netstat and ss Commands

In our interconnected digital world, understanding network connections is crucial for system administrators, network engineers, and even informed users. Whether you're troubleshooting connectivity issues or merely curious about which applications are communicating over the network, the tools you need are right at your fingertips within any Linux or Unix environment. Among the most powerful and extensive tools for this purpose are netstat and ss.

Introduction to netstat

netstat (network statistics) is a command-line tool that comes baked into many operating systems and provides a variety of insights such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships, and so on.

Primarily used for checking your system’s network connections, netstat delivers information in a comprehensive format, which is useful for both troubleshooting and checking the general network health.

Common netstat Commands:

  • netstat -a: Lists all ports and connections.

  • netstat -t: Displays TCP connections.

  • netstat -u: Displays UDP connections.

  • netstat -l: Shows only listening sockets.

  • netstat -s: Provides detailed statistics by protocol.

  • netstat -r: Displays the kernel routing table.

While netstat is exceedingly helpful, it has been deprecated on many Linux distributions and replaced by the more modern ss tool, though it is still available and widely used.

Introducing ss

ss stands for ‘socket statistics’ and is a utility that comes included with the iproute2 package in most Linux distributions. It is designed to be a faster, more informative tool for examining sockets on a host than the older netstat.

The ss tool can display more detailed information about the connections than netstat and runs faster because it dumps all the socket information directly from kernel space.

Basic ss Uses:

  • ss -t: Lists TCP sockets.

  • ss -u: Lists UDP sockets.

  • ss -l: Shows listening sockets.

  • ss -a: Shows all sockets.

  • ss -s: Socket statistics.

  • ss -n: Avoids domain name resolution (speeds up the output).

  • ss -p: Shows the process using the socket.

Why Use ss Over netstat?

ss provides several advantages over netstat:

  • It is much faster, particularly in systems with a high number of connections.

  • ss integrates well with other Linux networking tools as part of the iproute2 suite.

  • More detailed output options make it preferable for diagnosing specific issues.

Practical Use Case: Troubleshooting A Connection

Imagine you are a server admin and you notice that your server is much slower than usual. To figure out if it's a network issue, you could list all active connections to see if an unusual number of connections exist:

You would run:

ss -tunap

This command tells ss to display TCP and UDP connections (tun), do not resolve ports (n), display listening sockets (a), and show which process is involved with each socket (p).

The output might reveal that a process is making an unusually high number of outbound connections, perhaps indicating a misconfigured application or even a security breach such as a DDoS attack.

Conclusion

Both netstat and ss are powerful tools designed to help system administrators manage and troubleshoot network-related issues. While netstat is widely recognized and still used in many operating systems, ss offers a more robust and faster solution for modern Linux environments.

Knowing how to use these tools can greatly enhance your ability to monitor and diagnose network problems effectively, helping maintain healthy and secure IT environments. Whether you are a seasoned network professional or just embarking on your networking journey, mastering these tools is a valuable asset in your skillset.

Related posts