The man page for netstat says :
NOTE This program is obsolete. Replacement for netstat is ss. Replacement for netstat -r is ip route. Replacement for netstat -i is ip -s link. Replacement for netstat -g is ip maddr."
When netstat and ss are run with options t (for TCP sockets) and n (to avoid dns lookups), ss is faster than netstat :
time netstat -tn
.
.
real 0m0.052s
user 0m0.005s
sys 0m0.037s
time ss -tn
.
.
real 0m0.018s
user 0m0.002s
sys 0m0.013s
However, when used with an additional option p, somehow, ss is very much slower than netstat:
time netstat -tnp
.
.
real 0m0.072s
user 0m0.010s
sys 0m0.056s
time ss -tnp
.
.
real 0m3.913s
user 0m0.585s
sys 0m3.288s
There is another command - lsof - which is faster than ss but still slower than netstat :
time lsof -i TCP
.
.
real 0m0.126s
user 0m0.050s
sys 0m0.057s
So, is netstat the best command to get tcp network details and with PID of the process to which the tcp socket belongs?
