Skip to main content
Engineering LibreTexts

10-F.11.1: Network Troubleshooting Commands - netstat / ss

  • Page ID
    40967
  • The netstat Command

    The netstat command is used to check the status of ports, whether they are open, closed, or waiting and masquerade connections. Network Statistic (netstat) command displays connection information, routing table information, etc.
    Syntax:

    netstat [ OPTIONS ]

    Command Options:

    Options Option Meaning
    --verbose , -v Tells the user what is going on by being verbose. Especially prints some useful information about unconfigured address families.
    -c, --continuous This will cause netstat to print the selected information every second continuously.
    --interfaces=iface , -I=iface , -i Displays a table of all network interfaces, or the specified iface.
    --listening, -l Shows only listening sockets. (These are omitted by default.)
    --route, -r Displays the kernel routing tables.
    --statistics, -s Displays summary statistics for each protocol.

    The output of netstat obviously depends on the options given on the command line. The following example shows the default:

    pbmac@pbmac-server $ netstat
    Active Internet connections (w/o servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    tcp        0      0 pbmac-server.loca:44042 205.180.87.178:https    ESTABLISHED
    tcp        0      0 pbmac-server.loca:57930 netlab.cisconetla:https ESTABLISHED
    tcp        0      0 pbmac-server.loca:47834 sfo03s01-in-f206.:https ESTABLISHED
    tcp        0      0 pbmac-server.loca:58120 64.58.232.179:https     ESTABLISHED
    tcp        0      0 pbmac-server.loca:59788 sfo07s16-in-f66.1:https ESTABLISHED
    

    Netstat provides statistics for the following:

    • Proto – The name of the protocol (TCP or UDP).
    • Recv-Q/Send-Q - The number of bytes waiting to be received or sent over this connection.
    • Local address – The IP address of the local computer and the port number being used. The name of the local computer that corresponds to the IP address and the name of the port is shown unless the -n parameter is specified. An asterisk (*) is shown for the host if the server is listening on all interfaces. If the port is not yet established, the port number is shown as an asterisk.
    • Foreign address – The IP address and port number of the remote computer to which the socket is connected. The names that corresponds to the IP address and the port are shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).
    • State – Indicates the state of a TCP connection. The possible states are as follows: CLOSE_WAIT, CLOSED, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, LISTEN, SYN_RECEIVED, SYN_SEND, and TIME_WAIT. For more information about the states of a TCP connection, see RFC 793.

    The ss Command

    The ss command is a new tool used to dump socket statistics; it displays information a bit like netstat - although ss is simpler and faster. The ss command can also display additional TCP and more state information than most other tools.

    The ss command displays stats for things like PACKET, TCP, UDP, DCCP, RAW, and Unix domain sockets. This utility displays very detailed information about how a Linux machine is communicating with other machines, networks, and services; and information about network connections, networking protocol statistics, and Linux socket connections. This information makes it much easier to troubleshoot various networking issues.

    Syntax:

    ss [ OPTIONS ]

    Command Options:

    Options Option Meaning
    -a, --all Display all sockets.
    -l, --listening Display listening sockets.
    -o, --options Show timer information.
    -e, --extended Show detailed socket information.
    -m, --memory Show socket memory usage.
    -p, --processes Show process using socket.
    -i, --info Show internal TCP information.

    The output is similar to netstat.

    pbmac@pbmac-server $ ss -4 state listening
    Netid   Recv-Q    Send-Q        Local Address:Port         Peer Address:Port    
    tcp     0         128           127.0.0.53%lo:domain            0.0.0.0:*       
    tcp     0         128                 0.0.0.0:ssh               0.0.0.0:*       
    tcp     0         5                 127.0.0.1:ipp               0.0.0.0:*       
    tcp     0         100               127.0.0.1:smtp              0.0.0.0:*       
    tcp     0         5                   0.0.0.0:902               0.0.0.0:*       
    tcp     0         128               127.0.0.1:46697             0.0.0.0:*       
    tcp     0         128               127.0.0.1:6379              0.0.0.0:*  
    

    Adapted from:
    "netstat" by Multiple ContributorsWikipedia is licensed under CC BY-SA 3.0

    • Was this article helpful?