sockstat

Show all sockets (IPv4 and IPv6, listening and connected)

$ sockstat

$ sockstat -4 -l -p [port1,port2]

$ sockstat -cu

$ sockstat -P [pid|process]

$ sockstat -U [uid|user]

$ sockstat -G [gid|group]

$ sockstat -R [tcp|udp|raw|unix]

sockstat [-46clouh] [-p ports] [-P pid|process] [-U uid|user] [-G gid|group] [-R protocol]

sockstat lists open Internet and Unix domain sockets on the system. It displays information about which processes have which sockets open, useful for network troubleshooting and security auditing.
Output includes USER, COMMAND, PID, FD (file descriptor), PROTO (protocol), LOCAL ADDRESS, and FOREIGN ADDRESS for Internet sockets. Multiple filters can be combined to narrow results.

-4

Show only IPv4 sockets

Show only IPv6 sockets

Include Unix domain sockets

Show only connected sockets

Show only listening sockets

Apply filters with OR logic instead of AND

Filter by ports (comma-separated or ranges like 80-443)

Filter by process ID or process name

Filter by user ID or username

Filter by group ID or group name

Filter by protocol (tcp, udp, raw, unix)

Display help

Requires appropriate permissions to see all sockets; root can see everything. On Linux, similar functionality is provided by ss or netstat. The sockstat command originated on BSD systems and may not be available on all Linux distributions.

sockstat originated on FreeBSD and other BSD systems as a user-friendly alternative to parsing /proc or using netstat. Linux versions provide similar functionality. The tool has been part of BSD since the late 1990s and was ported to Linux as part of various utility packages.

ss(8), netstat(8), lsof(8), fuser(1)