🌐 Linux/Unix: Networking & Communication
Estimated reading: 3 minutes 35 views
« PreviousNext »

🧰 Linux/Unix: Diagnostics – netstat, ss, traceroute, mtr Explained with Output & Usage

🧲 Introduction – Why Learn Linux Network Diagnostics?

When network issues arise, system administrators need quick, reliable tools to diagnose connections, identify bottlenecks, or trace packet paths. Linux provides powerful utilities like netstat, ss, traceroute, and mtr to inspect sockets, monitor ports, and track routes in real time.

🎯 In this guide, you’ll learn:

  • How to analyze open ports and active connections
  • How to trace network paths using hops and latency
  • The difference between traditional and real-time tools

πŸ”Œ 1. netstat – Legacy Tool for Network Statistics

βœ… What is netstat?

netstat displays network connections, routing tables, interface stats, and listening ports. It’s now deprecated in favor of ss.

πŸ› οΈ Syntax:

netstat [options]

πŸ”Ή Common Options:

OptionMeaning
-tShow TCP connections only
-uShow UDP connections only
-lShow listening ports
-nShow numeric addresses
-pShow PID and program names
-rShow routing table

πŸ§ͺ Example: Show all TCP listening ports

netstat -tlnp

πŸ“€ Output:

Proto Recv-Q Send-Q Local Address  Foreign Address  State   PID/Program name
tcp   0      0      0.0.0.0:22     0.0.0.0:*        LISTEN  1056/sshd

🧠 Shows active TCP ports and which process is using them.

πŸ“¦ Install with:

sudo apt install net-tools

πŸš€ 2. ss – Modern Replacement for netstat

βœ… What is ss?

ss (socket statistics) is faster and more accurate than netstat for displaying socket connections and performance.

πŸ› οΈ Syntax:

ss [options]

πŸ”Ή Common Options:

OptionMeaning
-tDisplay TCP sockets
-uDisplay UDP sockets
-lShow only listening sockets
-nShow numerical addresses/ports
-pShow process using the socket
-aDisplay all sockets

πŸ§ͺ Example: Show listening TCP ports with process names

ss -tlnp

πŸ“€ Output:

State   Recv-Q Send-Q Local Address:Port  Peer Address:Port  Process
LISTEN  0      128     0.0.0.0:22         0.0.0.0:*           users:(("sshd",pid=1056,fd=3))

🧠 Much faster than netstat and works well with scripting.

🌍 3. traceroute – Track Packet Path to Destination

βœ… What is traceroute?

traceroute maps the route packets take to reach a destination, showing each network hop and its latency.

πŸ› οΈ Syntax:

traceroute [destination]

πŸ”Ή Options:

OptionDescription
-nDon’t resolve hostnames
-wSet timeout per probe
-mMax number of hops (default: 30)

πŸ§ͺ Example: Trace route to Google

traceroute google.com

πŸ“€ Output:

 1  192.168.0.1 (192.168.0.1)  2.123 ms  1.452 ms  1.478 ms
 2  100.65.32.1 (100.65.32.1)  5.876 ms  4.903 ms  4.832 ms
 3  ...

🧠 Each line is a hop; shows how long each hop takes in milliseconds.

πŸ“¦ Install with:

sudo apt install traceroute

πŸ“‘ 4. mtr – Real-Time Traceroute with Stats

βœ… What is mtr?

mtr combines traceroute and ping into a real-time visual diagnostic tool. It continuously sends probes and updates live statistics about packet loss and latency.

πŸ› οΈ Syntax:

mtr [destination]

πŸ§ͺ Example: Run mtr to google.com

mtr google.com

πŸ“€ Output:

                             My traceroute  [v0.94]
Host              Loss%   Snt   Last   Avg  Best  Wrst StDev
1. 192.168.0.1     0.0%    10    1.1   1.2   1.0   1.5   0.2
2. 100.65.32.1     0.0%    10    5.5   5.6   5.3   6.2   0.3
...

🧠 Best tool for detecting packet loss and instability across the route.

πŸ“¦ Install with:

sudo apt install mtr

🧠 Diagnostic Tool Comparison

ToolPurposeRealtimeBest For
netstatLegacy socket & port display❌Quick one-off checks (legacy)
ssModern socket display❌Active connections, performance
tracerouteTrace path to destination❌Path tracking, hop delays
mtrReal-time traceroute & pingβœ…Detect packet loss, instability

πŸ“Œ Summary – Recap & Next Steps

These diagnostic tools help you detect connectivity issues, trace network hops, monitor open ports, and spot real-time packet drops. Each serves a unique role in Linux networking diagnostics.

πŸ” Key Takeaways:

  • Use ss for fast socket/port inspection
  • Use netstat for legacy compatibility
  • Use traceroute to map the route of packets
  • Use mtr to monitor route quality in real time

❓ FAQs

❓ What replaced netstat in modern Linux?
βœ… The ss command is the recommended replacementβ€”faster and more detailed.

❓ Can I use traceroute and mtr on servers without GUI?
βœ… Yes. Both work entirely in the terminal.

❓ What’s the difference between traceroute and mtr?
βœ… traceroute is one-time; mtr is live, continuous, and shows packet loss stats.

❓ How do I find which process is using a port?
βœ… Use:

sudo ss -tulnp | grep 8080

❓ How to interpret packet loss in mtr?
βœ… Anything >0% is suspicious. Check routers showing consistent loss across hops.

« PreviousNext »
Share Now :

Leave a Reply

Your email address will not be published. Required fields are marked *

Share

πŸ”΅ Linux/Unix: Diagnostics (netstat, ss, traceroute, mtr)

Or Copy Link

CONTENTS
Scroll to Top