DevOps Daily

/home

/articles

/topics

Home > Articles > Replacing the netstat Command with ss: A Modern Approach to Network Monitoring

Replacing the netstat Command with ss: A Modern Approach to Network Monitoring

  ·   3 min read

#devops #networking #netstat #ss #linux #network-monitoring #cli #open-source

In the world of network monitoring and troubleshooting, the netstat command has long been a staple for system administrators and DevOps engineers. However, as technology evolves, so do the tools we use. Enter ss, a modern alternative to netstat that offers more features, better performance, and a more user-friendly experience. In this article, we’ll explore why you should consider replacing netstat with ss and how to effectively use ss for your network monitoring needs.

Why Replace netstat with ss?

  1. Performance: ss is part of the iproute2 package and is known for its speed and efficiency. Unlike netstat, which reads from /proc files, ss directly interfaces with the kernel, providing faster and more accurate results.

  2. Detailed Output: ss provides more detailed information about network connections, including TCP, UDP, and raw sockets. It can display a wide range of statistics, making it a powerful tool for in-depth network analysis.

  3. Active Development: netstat is part of the deprecated net-tools package, which is no longer actively maintained. On the other hand, ss is actively developed and maintained, ensuring compatibility with modern systems and protocols.

  4. IPv6 Support: While netstat does support IPv6, ss offers more comprehensive and robust support for IPv6, which is increasingly important in today’s networking environments.

Getting Started with ss

Before you begin using ss, ensure that the iproute2 package is installed on your system. Most modern Linux distributions come with this package pre-installed. If not, you can install it using your package manager. For example, on Debian-based systems, you can run:

sudo apt-get install iproute2

Basic Usage

To display all network connections, simply run:

ss

This command will list all established connections, similar to netstat. However, ss provides more detailed information by default.

Filtering Connections

One of the strengths of ss is its ability to filter connections based on various criteria. For example, to display only TCP connections, use:

ss -t

For UDP connections, use:

ss -u

To view listening sockets, you can use:

ss -l

Advanced Options

  • Display Process Information: To see which processes are using network connections, use the -p option:

    ss -p

  • Show Summary Statistics: For a summary of socket statistics, use:

    ss -s

  • Filter by State: To filter connections by state, such as ESTABLISHED, LISTEN, or CLOSE-WAIT, use:

    ss -t state ESTABLISHED

  • IPv6 Connections: To display only IPv6 connections, use:

    ss -6

Conclusion

While netstat has served the networking community well for many years, ss offers a modern, efficient, and feature-rich alternative that is better suited for today’s networking challenges. By leveraging ss, DevOps engineers and system administrators can gain deeper insights into network activity and troubleshoot issues more effectively.

As you transition from netstat to ss, take advantage of its powerful filtering and display options to tailor the output to your specific needs. With its active development and robust feature set, ss is poised to become the go-to tool for network monitoring in the Linux ecosystem.

References

Deploying HashiCorp Vault Using Ansible
Creating Disk Byte Copies Using `dd`
back to top