🧰 Linux/Unix: Diagnostics – netstat, ss, traceroute, mtr Explained with Output & Usage

🧲 Introduction – Why Learn Linux Network Diagnostics?

When network issues arise, system administrators need quick, reliable tools to diagnose connections, identify bottlenecks, or trace packet paths. Linux provides powerful utilities like netstat, ss, traceroute, and mtr to inspect sockets, monitor ports, and track routes in real time.

🎯 In this guide, you’ll learn:

• How to analyze open ports and active connections
• How to trace network paths using hops and latency
• The difference between traditional and real-time tools

🔌 1. netstat – Legacy Tool for Network Statistics

✅ What is netstat?

netstat displays network connections, routing tables, interface stats, and listening ports. It’s now deprecated in favor of ss.

🛠️ Syntax:

netstat [options]

🔹 Common Options:

🧪 Example: Show all TCP listening ports

netstat -tlnp

📤 Output:

Proto Recv-Q Send-Q Local Address  Foreign Address  State   PID/Program name
tcp   0      0      0.0.0.0:22     0.0.0.0:*        LISTEN  1056/sshd

🧠 Shows active TCP ports and which process is using them.

📦 Install with:

sudo apt install net-tools

🚀 2. ss – Modern Replacement for netstat

✅ What is ss?

ss (socket statistics) is faster and more accurate than netstat for displaying socket connections and performance.

🛠️ Syntax:

ss [options]

🔹 Common Options:

🧪 Example: Show listening TCP ports with process names

ss -tlnp

📤 Output:

State   Recv-Q Send-Q Local Address:Port  Peer Address:Port  Process
LISTEN  0      128     0.0.0.0:22         0.0.0.0:*           users:(("sshd",pid=1056,fd=3))

🧠 Much faster than netstat and works well with scripting.

🌍 3. traceroute – Track Packet Path to Destination

✅ What is traceroute?

traceroute maps the route packets take to reach a destination, showing each network hop and its latency.

🛠️ Syntax:

traceroute [destination]

🔹 Options:

🧪 Example: Trace route to Google

traceroute google.com

📤 Output:

 1  192.168.0.1 (192.168.0.1)  2.123 ms  1.452 ms  1.478 ms
 2  100.65.32.1 (100.65.32.1)  5.876 ms  4.903 ms  4.832 ms
 3  ...

🧠 Each line is a hop; shows how long each hop takes in milliseconds.

📦 Install with:

sudo apt install traceroute

📡 4. mtr – Real-Time Traceroute with Stats

✅ What is mtr?

mtr combines traceroute and ping into a real-time visual diagnostic tool. It continuously sends probes and updates live statistics about packet loss and latency.

🛠️ Syntax:

mtr [destination]

🧪 Example: Run mtr to google.com

mtr google.com

📤 Output:

                             My traceroute  [v0.94]
Host              Loss%   Snt   Last   Avg  Best  Wrst StDev
1. 192.168.0.1     0.0%    10    1.1   1.2   1.0   1.5   0.2
2. 100.65.32.1     0.0%    10    5.5   5.6   5.3   6.2   0.3
...

🧠 Best tool for detecting packet loss and instability across the route.

📦 Install with:

sudo apt install mtr

🧠 Diagnostic Tool Comparison

📌 Summary – Recap & Next Steps

These diagnostic tools help you detect connectivity issues, trace network hops, monitor open ports, and spot real-time packet drops. Each serves a unique role in Linux networking diagnostics.

🔍 Key Takeaways:

• Use ss for fast socket/port inspection
• Use netstat for legacy compatibility
• Use traceroute to map the route of packets
• Use mtr to monitor route quality in real time

❓ FAQs

❓ What replaced netstat in modern Linux?
✅ The ss command is the recommended replacement—faster and more detailed.

❓ Can I use traceroute and mtr on servers without GUI?
✅ Yes. Both work entirely in the terminal.

❓ What’s the difference between traceroute and mtr?
✅ traceroute is one-time; mtr is live, continuous, and shows packet loss stats.

❓ How do I find which process is using a port?
✅ Use:

sudo ss -tulnp | grep 8080

❓ How to interpret packet loss in mtr?
✅ Anything >0% is suspicious. Check routers showing consistent loss across hops.