Location>code7788 >text

netstat and ss comparison

Popularity:387 ℃/2025-03-29 22:43:07

1.netstat command

1. Core functions

  • Display network connection, routing table, interface statistics and other information.

  • Supports TCP, UDP, UNIX domain sockets and other protocols.

  • You can view the association between a process and a port.

2. Common syntax examples

View all active connections

netstat -a
 #Export example:
 Proto Recv-Q Send-Q Local Address   Foreign Address  State      
tcp        0      0 192.168.1.2:22 10.0.0.5:54321   ESTABLISHED

  • -a: Displays all connections (including listening and non-listening).View TCP listening port

netstat -tuln
 #Export example:
 Proto Recv-Q Send-Q Local Address   State       PID/Program name
tcp        0      0 0.0.0.0:80      LISTEN      1234/nginx

  • -t: TCP protocol;-u: UDP protocol;-l: Listen to ports only;-n: Disable domain name resolution.

Statistics of the number of connection statuses

netstat -ant | awk '/^tcp/ {print $6}' | sort | uniq -c
 #Export example:10 ESTABLISHED
   2 TIME_WAIT

View the relationship between a process and a port

netstat -tulnp
 #Export example:
 tcp60      0 :::80      :::*        LISTEN      1234/nginx

 

2. Ss command

1. Core functions

  • SubstitutionnetstatModern tools that directly read kernel network stack data (throughnetlinkInterface).

  • Faster, supports more complex filtering syntax.

  • Supports displaying TCP internal status (such as congestion window, RTT).

2. Common syntax examples

View all TCP connections

ss -at
 #Export example:
 State Recv-Q   Send-Q   Local Address:Port    Peer Address:Port   
ESTAB    0        0        192.168.1.2:22        10.0.0.5:54321

  • -a: All connections;-t: TCP protocol.

View the listening port

ss -tuln
 #Export example:
 Netid State Recv-Q  Send-Q  Local Address:Port  Peer Address:Port 
tcp    LISTEN  0       128     *:80                *:*

  • -u: UDP protocol;-l: Listening port;-n: Disable domain name resolution.

Filter connections by status

ss -t state established
 #Export example:
 Recv-Q Send-Q Local:Port    Peer:Port    
0      0      192.168.1.2:22 10.0.0.5:54321

  • Support filtering:establishedtime-waitclosedWait for state.

View process and socket details

ss -tulnp
 #Export example:
 Netid State Recv-Q  Send-Q  Local Address:Port  Peer Address:Port Process
tcp    LISTEN  0       128     *:80                *:*              users:(("nginx",pid=1234,fd=3))

  • -p: Display process information (root permission is required).

Statistics the number of connections in each state

ss -s
 #Export example:
 Total:45 (kernel 60)
TCP:   10 (estab 5, closed 2, orphaned 0, timewait 3)
UDP:   3

3. Core differences

characteristic netstat ss
Source of data Read/proc/netdocument Directly passnetlinkThe interface reads kernel data
performance Slower (stuttering when there are high connections) Extremely fast (suitable for large-scale servers)
Functional complexity Simple but limited functionality Supports advanced filtering and TCP internal state analysis
Output information Basic connection information More detailed Socket metadata (such as memory usage)
System compatibility The old system is installed by default New system recommendation tools (such as CentOS 7+/Ubuntu 16+)
Process association display need-pOptions Also supported, but the format is clearer
 
 
 
 
 
<Previous Next>