Gads

netstat equivalent tool


The net-tools set of packages had been deprecated years back, although the commands are still being in use. Tools such as netstat and ifconfig are part of the net-tools. The alternatives can be installed from iproute2 package.

Which Ubuntu package provides a file/command

daniel@hidmo:/tmp$ sudo dpkg -S $(which ss)
iproute2: /bin/ss

daniel@hidmo:/tmp$ sudo dpkg -S $(which netstat)
net-tools: /bin/netstat

daniel@hidmo:/tmp$ sudo dpkg -S $(which ifconfig)
net-tools: /sbin/ifconfig

daniel@hidmo:/tmp$ sudo dpkg -S $(which ip)
iproute2: /sbin/ip

Not all features of netstat can be replace with ss, but ss combined with ip can do the job.

There is lots of similarity between netstat and ss flags or options. Let us see how we can use ss to substitute for one of the most common uses of netstat – viewing TCP connections and their state, including the process name and ID associated with the socket.

Below list is for IPv4 only (-4 ) flag –

daniel@hidmo:/tmp$ sudo netstat -plant4
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      675/systemd-resolve
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      230810/cupsd
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      853/redis-server 12
tcp        0      0 192.168.10.44:51328       74.6.143.25:443       ESTABLISHED 39005/chrome --type 
tcp        0      0 192.168.10.44:56610       74.6.143.25:5228      ESTABLISHED 39005/chrome --type 
tcp        0      0 192.168.10.44:57920       64.233.177.138:443      ESTABLISHED 39005/chrome --type


The equivalent ss comand is below –

daniel@hidmo:/tmp$ sudo ss -pant4
State          Recv-Q         Send-Q                 Local Address:Port                    Peer Address:Port         Process
LISTEN         0              4096                   127.0.0.53%lo:53                           0.0.0.0:*             users:(("systemd-resolve",pid=675,fd=13))
LISTEN         0              5                          127.0.0.1:631                          0.0.0.0:*             users:(("cupsd",pid=230810,fd=7))
LISTEN         0              511                        127.0.0.1:6379                         0.0.0.0:*             users:(("redis-server",pid=853,fd=6))
ESTAB          0              0                        192.168.10.44:51328                  74.6.143.25:443         users:(("chrome",pid=39005,fd=35))
ESTAB          0              0                        192.168.10.44:56610                  74.6.143.25:5228        users:(("chrome",pid=39005,fd=37))
ESTAB          0              0                        192.168.10.44:57920                 64.233.177.138:443         users:(("chrome",pid=39005,fd=32))

ss has very helpful filtering features, for instance we can filter by source or destination IP address or port and tcp states. In below example, we are looking for TCP connections in TIMEWAIT state to a an http or https port and destined to specific IP CIDR block –

daniel@hidmo:/tmp$ sudo ss -o state time-wait '( dport = :http or dport = :https )' dst 162.247.78.0/24
Netid             Recv-Q             Send-Q                           Local Address:Port                            Peer Address:Port              Process                               
tcp               0                  0                                  192.168.10.44:59318                           162.247.78.1:https              timer:(timewait,58sec,0)             
tcp               0                  0                                  192.168.10.44:59312                           162.247.78.1:https              timer:(timewait,58sec,0)             
tcp               0                  0                                  192.168.10.44:59322                           162.247.78.1:https              timer:(timewait,58sec,0)             
tcp               0                  0                                  192.168.10.44:59328                           162.247.78.1:https              timer:(timewait,59sec,0)             
tcp               0                  0                                  192.168.10.44:59304                           162.247.78.1:https              timer:(timewait,58sec,0)             
tcp               0                  0                                  192.168.10.44:59326                           162.247.78.1:https              timer:(timewait,59sec,0)             
tcp               0                  0                                  192.168.10.44:59320                           162.247.78.1:https              timer:(timewait,58sec,0)             
tcp               0                  0                                  192.168.10.44:59306                           162.247.78.1:https              timer:(timewait,58sec,0)             
tcp               0                  0                                  192.168.10.44:59334                           162.247.78.1:https              timer:(timewait,59sec,0)             
tcp               0                  0                                  192.168.10.44:59314                           162.247.78.1:https              timer:(timewait,58sec,0)             
tcp               0                  0                                  192.168.10.44:59308                           162.247.78.1:https              timer:(timewait,58sec,0)    


References –

https://www.redhat.com/sysadmin/ss-command

https://man7.org/linux/man-pages/man8/ss.8.html

https://linux.die.net/man/8/netstat

Leave a Reply

Your email address will not be published. Required fields are marked *