Network

netstat/ss/tcpdump

Common tools

• netstat

• ss

• tcpdump

• ping

• traceroute/mtr

• nmap

• dig

• nslookup

• iperf

• lsof

• fuser

Netstat vs. ss

netstat gets its information from /proc/net directly. It parses the file and prints out information based on it.

ss was written more recently to use the netlink API (it will fall back to proc/net if netlink is unavailable). The information in both systems is essentially the same (from what I've seen), but here are some arguments for why to use ss

• It's faster (I just read that a lot, I don't find netstat to be noticeably slower)

• Netlink exposes more TCP states (again I mostly look for LISTEN so that's not a huge selling point)

• It has better default argument