Below is a side-by-side comparison of the netstat and ss commands, along with an extensive list of examples for each option. Both are used to display network connections, routing tables, interface statistics, etc., but ss is often seen as a faster and more modern alternative to netstat.
Comparison: netstat vs ss
| Option | netstat | ss | Description |
|---|---|---|---|
| Show all sockets | netstat -a | ss -a | Shows all connections (listening, non-listening). |
| Show listening sockets | netstat -l | ss -l | Show only listening sockets (server-side). |
| Show numeric addresses | netstat -n | ss -n | Show numeric addresses instead of resolving hostnames. |
| Show process info | netstat -p | ss -p | Show the process associated with each socket. |
| Show TCP connections | netstat -t | ss -t | Show only TCP connections. |
| Show UDP connections | netstat -u | ss -u | Show only UDP connections. |
| Show raw connections | netstat -w | ss -w | Show raw sockets (UDP, TCP, etc.). |
| Show route table | netstat -r | ss -r | Display the routing table. |
| Show interface statistics | netstat -i | ss -i | Display network interface statistics. |
| Show multicast connections | netstat -g | ss -g | Show multicast connections. |
| Show kernel’s routing table | netstat -rn | ss -rn | Display routing table with numeric addresses. |
| Show all sockets and processes | netstat -tulnp | ss -tulnp | Display TCP/UDP sockets with process info (port, pid, etc.). |
| Show all sockets with summary | netstat -s | ss -s | Show summary of socket usage, including protocol statistics. |
| Show the state of sockets | netstat -o | ss -o | Show timer information (socket’s state). |
| Show extended information | netstat -e | ss -e | Show detailed info like TCP states. |
| Show broadcast connections | netstat -b | ss -b | Display broadcast addresses. |
Examples for netstat and ss
1. Show all sockets
netstat -ass -a
2. Show listening sockets
netstat -lss -l
3. Show numeric addresses
netstat -nss -n
4. Show process info
netstat -pss -p
5. Show TCP connections
netstat -tss -t
6. Show UDP connections
netstat -uss -u
7. Show raw connections
netstat -wss -w
8. Show the route table
netstat -rss -r
9. Show interface statistics
netstat -iss -i
10. Show multicast connections
netstat -gss -g
11. Show kernel’s routing table (numeric)
netstat -rnss -rn
12. Show all sockets and processes
netstat -tulnpss -tulnp
13. Show summary of socket usage
netstat -sss -s
14. Show the state of sockets (with timer info)
netstat -oss -o
15. Show extended information (TCP states, etc.)
netstat -ess -e
16. Show broadcast connections
netstat -bss -b
Additional Comparisons
Show Connections for a Specific Address:
netstat -a | grep <ip-address>ss -a | grep <ip-address>
Show Specific Port Connections:
netstat -tuln | grep 8080ss -tuln | grep 8080
Show UDP Port Usage:
netstat -anuss -u -a
Show All Connections by State:
netstat -tulnss -tuln
Show UDP Ports and Associated Processes:
netstat -anu -pss -u -a -p
Performance and Usage
ssis more efficient thannetstat, especially when dealing with large numbers of connections. It uses direct kernel access to retrieve information, whereasnetstatretrieves data from a higher-level system interface.
Summary of Differences
- Performance:
ssis faster and more efficient thannetstat, especially with large numbers of connections. - Modernity:
ssis the newer tool and part of theiproute2suite, whilenetstatis considered legacy. - Output: While both tools provide similar information,
ssoffers a more concise and readable output with fewer columns by default.