Netstat
wp:netstat was/is a very useful Linux command line tool for getting statistics about network interfaces. Or, in common terms: find out about your network. It is now obsolete (same with ifconfig) and the main replacement is wp:ss. You could use wp:lsof to list open files, including TCP sockets (e.g. lsof -i -n -P to list IP sockets, no DNS, Port numbers not names) but lsof is not always installed by default so it may not be everywhere you work. ss is part of the iproute2 tools in Debian for example. Iproute2 is the successor to the archaic 'net-tools' utilities.
Converting Netstat commands to SS[edit]
ss is another utility to investigate sockets. (from the man page)
Although ss is a replacement of netstat, it is certainly not a one-for-one replacement. Options have been renamed and some functionality has been moved into other utilities. So, while netstat -plnt would give a quick accurate summary of open listening ports on your host, you'll need to be sure that these same options do the same things in ss. This handy Google Sheet compares netstat vs ss arguments in a conversion table.
Even when the options "do the same thing" the output can be different.
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1424/sshd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1471/haproxy tcp 0 0 127.0.0.1:8125 0.0.0.0:* LISTEN 4127167/netdata tcp 0 0 0.0.0.0:19999 0.0.0.0:* LISTEN 4127167/netdata tcp 0 0 127.0.0.1:5601 0.0.0.0:* LISTEN 3449/node tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 907/php-fpm: master tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1021/mysqld tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 910/memcached tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 1471/haproxy tcp6 0 0 127.0.0.1:9300 :::* LISTEN 4168455/java tcp6 0 0 ::1:9300 :::* LISTEN 4168455/java tcp6 0 0 :::22 :::* LISTEN 1424/sshd tcp6 0 0 :::8090 :::* LISTEN 931/httpd tcp6 0 0 ::1:8125 :::* LISTEN 4127167/netdata tcp6 0 0 :::19999 :::* LISTEN 4127167/netdata tcp6 0 0 :::9090 :::* LISTEN 1/systemd tcp6 0 0 :::11211 :::* LISTEN 910/memcached tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 127.0.0.1:9200 :::* LISTEN 4168455/java tcp6 0 0 ::1:9200 :::* LISTEN 4168455/java tcp6 0 0 :::8080 :::* LISTEN 931/httpd
netstat -plnt or in long-form
netstat --program --listening --numeric --tcp
is equivalent to
ss --processes --listening --numeric --tcp
having the same short-form options.
The ss output is more verbose, listing all the user process pids for each port.
