Mastering Network Troubleshooting: Essential Guide to Ping, Netstat, and SS Commands

Introduction

Network diagnostics are critical for system administrators and IT professionals. Three indispensable tools—ping, netstat, and ss—help identify connectivity issues, inspect network connections, and analyze socket statistics. This guide explains their practical usage with real-world examples.

1. Ping: Testing Network Connectivity

Purpose: Checks reachability and latency between hosts by sending ICMP echo requests.

Basic Syntax:

ping [options] 

Key Options:

• -c: Stop after sending count packets.
• -i: Set interval between packets (default: 1 second).
• -w: Set total execution time limit.

Examples:

# Basic connectivity test (press Ctrl+C to stop)
ping google.com

# Send 4 packets to 8.8.8.8 
ping -c 4 8.8.8.8

# Check latency every 0.5 seconds
ping -i 0.5 example.com

Interpretation:

• Reply time: Latency in milliseconds.
• Packet loss: Indicates network instability.
• Unreachable errors: Configuration or firewall issues.

2. Netstat: Network Statistics & Connections

Purpose: Displays network connections, routing tables, and interface statistics (legacy tool; ss is modern replacement).

Basic Syntax:

netstat [options]

Key Options:

• -t/-u: Show TCP/UDP connections.
• -l: List only listening sockets.
• -n: Show numerical addresses (no DNS resolution).
• -p: Display process IDs/program names.

Examples:

# List all TCP connections
netstat -tunp

# Find processes listening on port 80
netstat -tulnp | grep ':80'

Output Columns:

• Proto: Protocol (TCP/UDP).
• Recv-Q/Send-Q: Data queue sizes.
• Local Address: IP:Port of the local machine.
• Foreign Address: Remote endpoint.
• State: Connection status (e.g., ESTABLISHED, LISTEN).

3. SS: Socket Statistics (Modern Netstat)

Purpose: Faster and more detailed than netstat; uses kernel socket data directly.

Basic Syntax:

ss [options] [filters]

Key Options:

• -t/-u: Filter TCP/UDP sockets.
• -l: Show listening sockets.
• -n: Numerical output.
• -p: Show processes.
• -s: Summary statistics.

Filter Examples:

# Show all established TCP connections
ss -tun state established

# List processes using UDP port 53 (DNS)
ss -unp sport = :53

Advanced Filtering:
Filter by state (e.g., connected, syn-sent), port, or IP:

# Find connections to 192.168.1.100
ss dst 192.168.1.100

When to Use Each Tool

Conclusion

Mastering ping, netstat, and ss empowers you to:
✅ Diagnose network failures.
✅ Monitor active connections.
✅ Identify suspicious processes.
While netstat remains useful on older systems, prioritize ss for Linux efficiency. Combine these tools to troubleshoot like a pro!

> Pro Tip: Use ping first to confirm basic reachability, then dive into ss for granular socket inspection.