Showing results for netstat vs ss
Search instead for netstat v s ss

ss gets them from kernel space directly using Netlink which uses the classic sockets API.

Answer from ggiroux on Stack Overflow
🌐
Stack Overflow
stackoverflow.com › questions › 11763376 › difference-between-netstat-and-ss-in-linux
sockets - difference between netstat and ss in linux? - Stack Overflow
Top answer
1 of 5
42

ss gets them from kernel space directly using Netlink which uses the classic sockets API.

2 of 5
38

I've made a comparison table (in Google Docs) (light HTML link) for converting between netstat and ss arguments. It's too big to include and update it here.

The short version of difference between short arguments is:

Arguments that require attention: r N i g M W T v C F c A U 2 f

Arguments that are safe to leave as is: h V l a n Z s p e o 4 6 x t u S w

🌐
Reddit
reddit.com › r/commandline › netstat vs ss (socket statistics)
r/commandline on Reddit: Netstat vs ss (socket statistics)
August 18, 2023 -

The manual for Netstat says it's obsolete and that I should use ss instead, but I like Netstat's more compact and easy-to-read interface better than ss's wide and spread-out display.

Is there anything wrong with Netstat compared to ss? Which one do you use?

Top answer
1 of 2
10
manual for Netstat says it's obsolete and that I should use ss instead Yup, true that. anything wrong with Netstat compared to ss Oh hell yeah. ss is far superior. E.g. let's say you want to know what PID(s) are associated with what (if anything) is listening on TCP port 22: # ss -nltp sport = :22 State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=852,fd=3)) LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=852,fd=4)) # That's highly fast and efficient, as the filtering happens in kernel. Now, compare that to wanting to do same with netstat - you'd need to run a netstat command that gets a lot more information than just for TCP port 22 - that alone can be exceedingly slow on a heavily loaded system - possibly taking minutes or more to return results - whereas even under comparable load that ss command will be much faster and probably complete in mere seconds or less. But with the netstat command to get just port 22 TCP results, then you'll need to filter it with grep or awk or sed or the like - and if you don't get it exactly right (more complex) you may get false positives - e.g. other stuff that matches, say string :22 other than only and exactly in the relevant field/position. ss is much more versatile than just that example, but that's just one example of how one can very quickly and efficiently get precisely the needed information from ss. Very similar in efficiency (and ease of correct accuracy) in filtering, e.g. by IPs, protocol(s), state, etc., and also many options to control output formatting, etc. Also, for non-ancient *nix operating systems, ss will generally be included / installed by default, whereas netstat may not be.
2 of 2
2
If you are using ss, use it with a pager like more or less. Running it by itself is a mess for readability.
Discussions
Netstat vs ss (socket statistics) : r/commandline
More on reddit.com
🌐 r/commandline
Netstat vs ss (statistiche socket)

Il manuale di Netstat dice che è obsoleto e che dovrei usare ss invece

Già, è vero.

C'è qualcosa di sbagliato in Netstat rispetto a ss

Oh, sì. ss è di gran lunga superiore.

Ad esempio, diciamo che vuoi sapere quale PID(s) è associato a ciò che (se presente) è in ascolto sulla porta TCP 22: 

# ss -nltp sport = :22
State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess                       
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*    users:(("sshd",pid=852,fd=3))
LISTEN 0      128             [::]:22           [::]:*    users:(("sshd",pid=852,fd=4))
#

Questo è molto veloce ed efficiente, poiché il filtraggio avviene nel kernel. Ora, confronta questo con il voler fare lo stesso con netstat: dovresti eseguire un comando netstat che ottiene molte più informazioni rispetto a quelle solo per la porta TCP 22 - questo da solo può essere estremamente lento su un sistema pesantemente caricato - potenzialmente impiegando minuti o più per restituire i risultati - mentre anche sotto un carico comparabile quel comando ss sarà molto più veloce e probabilmente si completerà in pochi secondi o meno. Ma con il comando netstat per ottenere solo i risultati TCP della porta 22, dovrai filtrarlo con grep o awk o sed o simili - e se non lo ottieni esattamente giusto (più complesso) potresti ottenere falsi positivi - ad esempio, altre cose che corrispondono, diciamo la stringa :22 diversa da solo ed esattamente nel campo/posizione rilevante. ss è molto più versatile di quel semplice esempio, ma questo è solo un esempio di come si possono ottenere rapidamente ed efficientemente le informazioni necessarie da ss. Molto simile in efficienza (e facilità di accuratezza corretta) nel filtraggio, ad esempio, per IP, protocollo(i), stato, ecc., e anche molte opzioni per controllare la formattazione dell'output, ecc.

Inoltre, per i sistemi operativi *nix non antichi, ss sarà generalmente incluso/installato di default, mentre netstat potrebbe non esserlo.

More on reddit.com
🌐 r/commandline
4
8
August 18, 2023
netstat to ss argument conversion table (link in the first comment)
ss -tulpn Everything you need in a normal admin day More on reddit.com
🌐 r/linux
32
517
May 19, 2020
netstat is obslete?
The netstat(8) man page https://net-tools.sourceforge.io/man/netstat.8.html says This program is obsolete. Replacement for netstat is ss. Replacement for netstat -r is ip route. Replacement for netstat -i is ip -s link. Replacement for netstat -g is ip maddr. More on reddit.com
🌐 r/linux4noobs
13
4
January 27, 2024
Videos
02:52
🌐 YouTube
How to Use SS to Monitor Listening Ports on Your System - YouTube
June 16, 2025
00:41
🌐 YouTube
"netstat" is deprecated! Use "ss" command instead #linux - YouTube
March 26, 2023
🌐 youtube.com
Linux Network Debug: ss vs netstat Commands
09:24
🌐 YouTube
SS | Analyse Network Statistics in Linux - YouTube
April 18, 2020
12:32
🌐 YouTube
Linux Networking Tools: Ping, Traceroute, Netstat, and ss Explained ...
April 8, 2025
View all
View all
🌐
Medium
medium.com › itversity › understanding-socket-connections-with-netstat-and-ss-00cde8e9454c
Understanding Socket Connections with netstat and ss | by Chaitanya Varma Manthena | itversity | Medium
November 6, 2024 - For example, if you notice a large ... (Denial of Service) attack or experiencing a connection flood. ss (Socket Statistics) is a modern replacement for netstat, designed to be faster and more efficient, especially on large systems ...
🌐
Paul's Blog
blog.pcarleton.com › post › netstat-vs-ss
TIL: The difference between netstat and ss | Paul's Blog
May 31, 2018 - The default arguments is a little more compelling. netstat by default will try to resolve IP addresses through DNS which really slows it down. It also opens a bunch of new UDP sockets, which might clutter the picture if you’re investigating something. netstat -n stops this behavior, but ss has that on by default (you can use ss -r if you do want the resolution).
🌐
OneUptime
oneuptime.com › home › blog › how to use ss as a replacement for netstat to view ipv4 sockets
How to Use ss as a Replacement for netstat to View IPv4 Sockets
March 20, 2026 - ss (socket statistics) is the modern replacement for the deprecated netstat. It queries the kernel's socket information directly and is significantly faster than netstat on systems with many connections.
🌐
TecAdmin
tecadmin.net › comparison-between-ss-vs-netstat-commands
A Comparison Between ss vs netstat Commands – TecAdmin
April 26, 2025 - Both the ss and netstat commands have their own strengths and weaknesses. ss is faster and provides more detailed information, making it the preferred choice for network analysis and troubleshooting in Linux.
🌐
Linux Foundation
training.linuxfoundation.org › home › tutorials › an introduction to the ss command
An Introduction to the ss Command - Linux Foundation - Education
November 22, 2023 - The ss command is a tool used to dump socket statistics and displays information in similar fashion (although simpler and faster) to netstat. The ss command can also display even more TCP and state information than most other tools.
Find elsewhere
🌐
Ask Ubuntu
askubuntu.com › questions › 1220280 › difference-between-netstat-and-ss-and-how-to-convert-commands
networking - Difference between netstat and ss and how to convert commands? - Ask Ubuntu
Top answer
1 of 2
4

I've made a comparison table (in Google Docs) (light HTML link) for converting between netstat and ss arguments. It's too big to include and update it here.

The short version of difference between short arguments is:

Arguments that require attention: r N i g M W T v C F c A U 2 f

Arguments that are safe to leave as is: h V l a n Z s p e o 4 6 x t u S w

2 of 2
0

I stumbled across this post while researching netstat -> ss conversion. Outstanding table but I wanted to point out one thing in particular... the man page description for the netstat -s command option states, "Display summary statistics for each protocol". ss -s option in the man page states, "Print summary statistics. This option does not parse socket lists obtaining summary from various sources. It is useful when amount of sockets is so huge that parsing /proc/net/tcp is painful." These two command options return EXTIRELY different information.

For example:

$ ss -s
Total: 1365 (kernel 0)
TCP:   276 (estab 163, closed 14, orphaned 0, synrecv 0, timewait 1/0), ports 0

Transport Total     IP        IPv6
*         0         -         -
RAW       1         1         0
UDP       24        17        7
TCP       262       246       16
INET      287       264       23
FRAG      0         0         0

as opposed to the netstat -s command output (truncated):

$ netstat -s | head -n15
Ip:
    2043673568 total packets received
    0 forwarded
    0 incoming packets discarded
    1997519606 incoming packets delivered
    1359233819 requests sent out
    53 dropped because of missing route
    22 reassemblies required
    11 packets reassembled ok
Icmp:
    38023 ICMP messages received
    7619 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 23947
        timeout in transit: 129

I don't know if the upstream developers of ss intend on expanding the available output from the command, but near as I can tell... ss doesn't offer anything equivalent to the netstat -s statistics.

/ SenseiC bows out

🌐
Red Hat
redhat.com › en › blog › ss-command
Linux tools: How to use the ss command
In fact, there is one significant ss bummer. You can try this one for yourself to compare the two: $ netstat -s Ip: Forwarding: 2 6231 total packets received 2 with invalid addresses 0 forwarded 0 incoming packets discarded 3104 incoming packets delivered 2011 requests sent out 243 dropped because of missing route <truncated> $ ss -s Total: 182 TCP: 3 (estab 1, closed 0, orphaned 0, timewait 0) Transport Total IP IPv6 RAW 1 0 1 UDP 3 2 1 TCP 3 2 1 INET 7 4 3 FRAG 0 0 0
🌐
Net7
net7.be › blog › article › network_activity_analysis_1_netstat.html
Net7 - Blog - Analysing network activity #1 - netstat, ss and lsof
On Windows the feature to have ... every 1 second. The ss command shows socket information, pretty much like netstat does, with the key difference that it doesn't read /proc/net/* special files and uses a "newer" (it's actually very old) kernel API instead....
🌐
ServerAvatar
serveravatar.com › home › blog › how to use netstat, ss, and lsof for linux network debugging
How to Use netstat, ss, and lsof for Linux Network Debugging
November 14, 2025 - Overlooking automation, manual debugging takes time. netstat shows general network statistics, ss provides faster and more detailed socket information, and lsof lists open files and the processes using them.
🌐
Linux Audit
linux-audit.com › linux audit › alternative for netstat: ss tool
Alternative for netstat: ss tool - Linux Audit
March 12, 2025 - Socket statistics, or ss for short, is an easy replacement command for netstat.
🌐
YouTube
youtube.com › watch
Netstat and SS Commands: Network Monitoring Tools for Beginners - YouTube
06:52
Dive into the world of network monitoring with our comprehensive guide to the `netstat` and `ss` commands! 🚀 Perfect for beginners, this video breaks down h...
Published   May 4, 2025
🌐
eUKhost
eukhost.com › home › how to use netstat and ss to check linux’s listening ports
Linux Show Listening Ports (netstat & ss Command Guide)
September 1, 2025 - Prefer ‘ss’ over ‘netstat’ for speed and accuracy, but both are useful depending on the system environment.
🌐
Reddit
reddit.com › r › commandline › comments › 15uaes9 › netstat_vs_ss_socket_statistics
Netstat vs ss (socket statistics) : r/commandline
We cannot provide a description for this page right now
🌐
IPv64
ipv64.net › wiki › differences-between-netstat-and-ss-in-linux-networking
Differences between netstat and ss in Linux Networking
June 24, 2023 - It has gained popularity among system administrators and network specialists due to its enhanced functionality. In summary, while netstat remains a reliable tool, ss offers a more efficient and powerful solution for network analysis on Linux systems.
🌐
phoenixNAP
phoenixnap.com › home › kb › sysadmin › how to use linux ss command
How To Use Linux SS Command
January 27, 2025 - The ss (socket statistics) tool is a CLI command used to show network statistics. The ss command is a simpler and faster version of the now obsolete netstat command.
Related queries
netstat ss meaning
is netstat deprecated
ss vs lsof
ss command in linux
ss command
netstat command
what phrase does the linux command ss stand for
netstat equivalent in ss