Netstat

netstat was/is a very useful Linux command line tool for getting statistics about network interfaces. Or, in common terms: find out about your network. It is now obsolete (same with ifconfig) and the main replacement is ss. You could use lsof to list open files, including TCP sockets (e.g. lsof -i -n -P to list IP sockets, no DNS, Port numbers not names) but lsof is not always installed by default so it may not be everywhere you work. ss is part of the iproute2 tools in Debian for example. Iproute2 is the successor to the archaic 'net-tools' utilities.

Converting Netstat commands to SS[edit]

ss is another utility to investigate sockets. (from the man page)

Although ss is a replacement of netstat, it is certainly not a one-for-one replacement. Options have been renamed and some functionality has been moved into other utilities. So, while netstat -plnt would give a quick accurate summary of open listening ports on your host, you'll need to be sure that these same options do the same things in ss. This handy Google Sheet compares netstat vs ss arguments in a conversion table.

Even when the options "do the same thing" the output can be different.

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1424/sshd           
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1471/haproxy        
tcp        0      0 127.0.0.1:8125          0.0.0.0:*               LISTEN      4127167/netdata     
tcp        0      0 0.0.0.0:19999           0.0.0.0:*               LISTEN      4127167/netdata     
tcp        0      0 127.0.0.1:5601          0.0.0.0:*               LISTEN      3449/node           
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      907/php-fpm: master 
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1021/mysqld         
tcp        0      0 0.0.0.0:11211           0.0.0.0:*               LISTEN      910/memcached       
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      1471/haproxy        
tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      4168455/java        
tcp6       0      0 ::1:9300                :::*                    LISTEN      4168455/java        
tcp6       0      0 :::22                   :::*                    LISTEN      1424/sshd           
tcp6       0      0 :::8090                 :::*                    LISTEN      931/httpd           
tcp6       0      0 ::1:8125                :::*                    LISTEN      4127167/netdata     
tcp6       0      0 :::19999                :::*                    LISTEN      4127167/netdata     
tcp6       0      0 :::9090                 :::*                    LISTEN      1/systemd           
tcp6       0      0 :::11211                :::*                    LISTEN      910/memcached       
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
tcp6       0      0 127.0.0.1:9200          :::*                    LISTEN      4168455/java        
tcp6       0      0 ::1:9200                :::*                    LISTEN      4168455/java        
tcp6       0      0 :::8080                 :::*                    LISTEN      931/httpd  

netstat -plnt or in long-form
netstat --program --listening --numeric --tcp
is equivalent to
ss --processes --listening --numeric --tcp
having the same short-form options.

The ss output is more verbose, listing all the user process pids for each port.