ss (socket statistics) is the modern replacement for the older netstat command. It reads socket information directly from the kernel's netlink interface, which is far faster than netstat's approach of parsing /proc/net/*. On a busy server with many connections, ss finishes in a fraction of a second where netstat can take many seconds.
ss # all established connections
ss -tuln # tcp+udp listening, no resolve
ss -tulpn # with process names
ss -s # summary
ss -an 'sport = :80' # connections on local port 80
ss -o state established # only established
ss is part of the iproute2 suite and is preinstalled on most distributions. It shows far more detail than netstat, including per-socket memory use, TCP congestion algorithms, and internal state. For troubleshooting why a connection is stuck, ss -tio shows retransmits, congestion-window sizes, and queue depths.
If you still run netstat out of habit, it is worth retraining: ss is faster, more informative, and actively maintained, while netstat has been deprecated in iproute2 for years.
Related terms: Socket
Discussed in:
- Chapter 12: Networking — ss and netstat: Who Is Listening?
Also defined in: Textbook of Linux