The net-tools set of packages had been deprecated years back, although the commands are still being in use. Tools such as netstat and ifconfig are part of the net-tools. The alternatives can be installed from iproute2 package.
Which Ubuntu package provides a file/command
daniel@hidmo:/tmp$ sudo dpkg -S $(which ss)
iproute2: /bin/ss
daniel@hidmo:/tmp$ sudo dpkg -S $(which netstat)
net-tools: /bin/netstat
daniel@hidmo:/tmp$ sudo dpkg -S $(which ifconfig)
net-tools: /sbin/ifconfig
daniel@hidmo:/tmp$ sudo dpkg -S $(which ip)
iproute2: /sbin/ip
Not all features of netstat can be replace with ss, but ss combined with ip can do the job.
There is lots of similarity between netstat and ss flags or options. Let us see how we can use ss to substitute for one of the most common uses of netstat – viewing TCP connections and their state, including the process name and ID associated with the socket.
Below list is for IPv4 only (-4 ) flag –
daniel@hidmo:/tmp$ sudo netstat -plant4
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 675/systemd-resolve
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 230810/cupsd
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 853/redis-server 12
tcp 0 0 192.168.10.44:51328 74.6.143.25:443 ESTABLISHED 39005/chrome --type
tcp 0 0 192.168.10.44:56610 74.6.143.25:5228 ESTABLISHED 39005/chrome --type
tcp 0 0 192.168.10.44:57920 64.233.177.138:443 ESTABLISHED 39005/chrome --type
The equivalent ss comand is below –
daniel@hidmo:/tmp$ sudo ss -pant4
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=675,fd=13))
LISTEN 0 5 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=230810,fd=7))
LISTEN 0 511 127.0.0.1:6379 0.0.0.0:* users:(("redis-server",pid=853,fd=6))
ESTAB 0 0 192.168.10.44:51328 74.6.143.25:443 users:(("chrome",pid=39005,fd=35))
ESTAB 0 0 192.168.10.44:56610 74.6.143.25:5228 users:(("chrome",pid=39005,fd=37))
ESTAB 0 0 192.168.10.44:57920 64.233.177.138:443 users:(("chrome",pid=39005,fd=32))
ss has very helpful filtering features, for instance we can filter by source or destination IP address or port and tcp states. In below example, we are looking for TCP connections in TIMEWAIT state to a an http or https port and destined to specific IP CIDR block –
daniel@hidmo:/tmp$ sudo ss -o state time-wait '( dport = :http or dport = :https )' dst 162.247.78.0/24
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp 0 0 192.168.10.44:59318 162.247.78.1:https timer:(timewait,58sec,0)
tcp 0 0 192.168.10.44:59312 162.247.78.1:https timer:(timewait,58sec,0)
tcp 0 0 192.168.10.44:59322 162.247.78.1:https timer:(timewait,58sec,0)
tcp 0 0 192.168.10.44:59328 162.247.78.1:https timer:(timewait,59sec,0)
tcp 0 0 192.168.10.44:59304 162.247.78.1:https timer:(timewait,58sec,0)
tcp 0 0 192.168.10.44:59326 162.247.78.1:https timer:(timewait,59sec,0)
tcp 0 0 192.168.10.44:59320 162.247.78.1:https timer:(timewait,58sec,0)
tcp 0 0 192.168.10.44:59306 162.247.78.1:https timer:(timewait,58sec,0)
tcp 0 0 192.168.10.44:59334 162.247.78.1:https timer:(timewait,59sec,0)
tcp 0 0 192.168.10.44:59314 162.247.78.1:https timer:(timewait,58sec,0)
tcp 0 0 192.168.10.44:59308 162.247.78.1:https timer:(timewait,58sec,0)
References –
https://www.redhat.com/sysadmin/ss-command
