Frequently Asked Question

What's the difference between ss and netstat?

netstat was the classic Unix tool for listing sockets and routing tables, shipped in net-tools. Like ifconfig, it reads /proc files and is now deprecated in favour of ss (Socket Statistics) from iproute2. ss queries the kernel directly via netlink, is dramatically faster on busy hosts (think thousands of connections), and exposes information netstat never could; detailed TCP state, congestion-control internals, and per-socket counters.

The flags you'll use most are ss -tulnp: t TCP, u UDP, l listening only, n numeric (no name resolution), p show the owning process. That one command tells you what is listening on every port and which program owns it, which is the question you ask whenever you wonder "what is on port 8080?". Add -a for everything (including established connections), -s for a summary, -i for interface stats, or -t state established to filter by TCP state.