Mastering the ss Command: A Modern Alternative to netstat on Linux
Deepak KushwahaIf you've ever needed to troubleshoot network issues on a Linux machine, chances are you've come across the netstat command. While it's been a go-to tool for years, there's a faster and more modern alternative: the ss command.
Short for socket statistics, ss is a powerful utility that gives you real-time insights into your system's network activity. Whether you're checking open ports, diagnosing connectivity problems, or just keeping an eye on who's connected to your server, ss is your new best friend.
In this guide, we’ll walk through the essentials of ss—what it does, how to use it, and why it outperforms netstat.
🔍 What is the ss Command?
ss is a command-line tool used to dump socket statistics and display information similar to netstat, but it does so faster and more efficiently. It’s included by default in most modern Linux distributions, and it allows you to:
View active TCP, UDP, and UNIX socket connections
Check which ports are listening
Identify processes using specific network ports
Monitor connections by protocol or IP address
Troubleshoot slow or hanging connections
🛠️ Basic Usage
Start by opening a terminal and try these basic commands:
1. Show All Active Connections
bashCopyEditss
Lists all active sockets—TCP, UDP, and local (UNIX) domain sockets.
2. Filter by Protocol
bashCopyEditss -t # Show TCP connections
ss -u # Show UDP connections
Use -t for TCP, -u for UDP. You can also use -4 or -6 to filter by IPv4 or IPv6 respectively.
3. Show Listening Ports
bashCopyEditss -l
This displays all sockets currently listening for incoming connections (e.g., a web server on port 80).
📌 Common Use Cases
✅ Find Services Running on Specific Ports
bashCopyEditss -tlnp | grep ':80'
What it does:
-t: Show TCP connections-l: Only display listening sockets-n: Show numeric port numbers-p: Show the process using the socketgrep ':80': Filters output to port 80
Use case: Identify what service (e.g., Apache, Nginx) is using port 80.
✅ Check Connected Clients
bashCopyEditss -t state established
Use case: Monitor real-time active client connections to your server.
✅ Diagnose Hanging Connections
bashCopyEditss -t state time-wait
Use case: Troubleshoot why a port isn't freeing up after a service disconnects.
💡 Advanced Tips
🔍 Show Process Names with Listening Ports
bashCopyEditss -ltnp
Combine options to get a full picture of what services are bound to which ports.
🎯 Filter by IP Address
bashCopyEditss -t src 192.168.1.5
Replace src with dst to filter by destination IP address.
🖥️ Live Monitoring with Watch
bashCopyEditwatch -n 1 'ss -t'
Refreshes the list of TCP connections every second—ideal for real-time monitoring.
🆚 Why Use ss Over netstat?
| Feature | netstat | ss |
| Speed | Slower | Much faster (kernel-level access) |
| Modern Support | Limited | Fully supports modern sockets and states |
| Syntax | Verbose | Concise and filter-friendly |
📋 Quick Cheat Sheet
| Command | Description |
ss -tuln | Show all listening TCP/UDP ports |
ss -o state established | Show all active established connections |
ss -s | Display socket summary statistics |
| `ss -p | grep nginx` |
✅ Conclusion
The ss command is a powerful and efficient tool every Linux user should know. Whether you’re a sysadmin, developer, or power user, it makes troubleshooting and monitoring network activity a breeze. It’s faster, simpler, and more accurate than netstat—so next time you need socket stats, reach for ss.
Subscribe to my newsletter
Read articles from Deepak Kushwaha directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Deepak Kushwaha
Deepak Kushwaha
Hey! I'm Deepak, MCA student of Chandigarh University. I'm more interested in Cloud Computing and Devops automations tools like Docker, Kubernetes, CICD pipelines etc.. I'm also doing my project and looking for open-source contribution. Good hands-on knowledge of Source Code Management (Version Control System) tools like Git.