ss (a substitute for netstat) does not work in WSL1

[tats-u]

This bug-tracker is monitored by developers and other technical types. We like detail! So please use this form and tell us, concisely but precisely, what's up. Please fill out ALL THE FIELDS!

If you have a feature request, please post to the UserVoice. If you're reporting a BSOD, don't post here! Instead, e-mail "secure@microsoft.com", and if possible attach the minidump from "C:\Windows\minidump".

• Your Windows build number: (Type ver at a Windows Command Prompt)
  10.0.15063

• What you're doing and what's happening: (Copy&paste specific commands and their output, or include screen shots)

$ ss
Netid State      Recv-Q Send-Q                                             Local Address:Port                                                              Peer Address:Port
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported

The administrator-privileged BoW also outputs same as above.

• What's wrong / what should be happening instead:
  Linux example:

~$ netstat | head
稼働中のインターネット接続 (w/oサーバ)
Proto 受信-Q 送信-Q 内部アドレス            外部アドレス            状態      
稼働中のUNIXドメインソケット (w/oサーバ)
Proto RefCnt Flags       Type       State         I-Node   パス
unix  2      [ ]         DGRAM                    18640    /var/spool/postfix/dev/log
unix  3      [ ]         DGRAM                    1697     /run/systemd/notify
unix  2      [ ]         DGRAM                    1699     /run/systemd/cgroups-agent
unix  20     [ ]         DGRAM                    1709     /run/systemd/journal/dev-log
unix  2      [ ]         DGRAM                    1721     /run/systemd/journal/syslog
unix  7      [ ]         DGRAM                    1725     /run/systemd/journal/socket

• Strace of the failing command, if applicable: (If <cmd> is failing, then run strace -o strace.txt -ff <cmd>, and post the strace.txt output here)

execve("/bin/ss", ["ss"], [/* 17 vars */]) = 0
brk(NULL)                               = 0xa24000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5da3a20000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=54339, ...}) = 0
mmap(NULL, 54339, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5da3a12000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260Z\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=130224, ...}) = 0
mmap(NULL, 2234080, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5da33d0000
mprotect(0x7f5da33ef000, 2093056, PROT_NONE) = 0
mmap(0x7f5da35ee000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e000) = 0x7f5da35ee000
mmap(0x7f5da35f0000, 5856, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f5da35f0000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\t\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1864888, ...}) = 0
mmap(NULL, 3967392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5da3000000
mprotect(0x7f5da31bf000, 2097152, PROT_NONE) = 0
mmap(0x7f5da33bf000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1bf000) = 0x7f5da33bf000
mmap(0x7f5da33c5000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f5da33c5000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\25\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=456632, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5da3a10000
mmap(NULL, 2552072, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5da2d90000
mprotect(0x7f5da2dfe000, 2097152, PROT_NONE) = 0
mmap(0x7f5da2ffe000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6e000) = 0x7f5da2ffe000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\r\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14608, ...}) = 0
mmap(NULL, 2109680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5da2b80000
mprotect(0x7f5da2b83000, 2093056, PROT_NONE) = 0
mmap(0x7f5da2d82000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f5da2d82000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260`\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=138696, ...}) = 0
mmap(NULL, 2212904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5da2960000
mprotect(0x7f5da2978000, 2093056, PROT_NONE) = 0
mmap(0x7f5da2b77000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f5da2b77000
mmap(0x7f5da2b79000, 13352, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f5da2b79000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5da3a00000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5da39f0000
arch_prctl(ARCH_SET_FS, 0x7f5da39f0800) = 0
mprotect(0x7f5da33bf000, 16384, PROT_READ) = 0
mprotect(0x7f5da2b77000, 4096, PROT_READ) = 0
mprotect(0x7f5da2d82000, 4096, PROT_READ) = 0
mprotect(0x7f5da2ffe000, 4096, PROT_READ) = 0
mprotect(0x7f5da35ee000, 4096, PROT_READ) = 0
mprotect(0x617000, 4096, PROT_READ)     = 0
mprotect(0x7f5da3825000, 4096, PROT_READ) = 0
munmap(0x7f5da3a12000, 54339)           = 0
set_tid_address(0x7f5da39f0ad0)         = 78
set_robust_list(0x7f5da39f0ae0, 24)     = 0
rt_sigaction(SIGRTMIN, {0x7f5da2965b50, [], SA_RESTORER|SA_SIGINFO, 0x7f5da2971390}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f5da2965be0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f5da2971390}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=8192*1024}) = 0
statfs("/sys/fs/selinux", 0x7fffcd8125e0) = -1 ENOENT (No such file or directory)
statfs("/selinux", 0x7fffcd8125e0)      = -1 ENOENT (No such file or directory)
brk(NULL)                               = 0xa24000
brk(0xa45000)                           = 0xa45000
open("/proc/filesystems", O_RDONLY)     = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(3, "nodev      sysfs\nnodev      root"..., 4096) = 367
read(3, "", 4096)                       = 0
close(3)                                = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=25, ws_col=80, ws_xpixel=0, ws_ypixel=0}) = 0
fstat(1, {st_mode=S_IFCHR|0660, st_rdev=makedev(4, 1), ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
write(1, "Netid  State      Recv-Q Send-Q "..., 101) = 101
socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_SOCK_DIAG) = -1 EPROTONOSUPPORT (Protocol not supported)
dup(2)                                  = 3
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
fstat(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(4, 1), ...}) = 0
ioctl(3, TCGETS, {B38400 opost isig icanon echo ...}) = 0
write(3, "Cannot open netlink socket: Prot"..., 51) = 51
close(3)                                = 0
open("/proc/net/unix", O_RDONLY)        = -1 ENOENT (No such file or directory)
open("/proc/net/raw", O_RDONLY)         = -1 ENOENT (No such file or directory)
socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_SOCK_DIAG) = -1 EPROTONOSUPPORT (Protocol not supported)
dup(2)                                  = 3
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
fstat(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(4, 1), ...}) = 0
ioctl(3, TCGETS, {B38400 opost isig icanon echo ...}) = 0
write(3, "Cannot open netlink socket: Prot"..., 51) = 51
close(3)                                = 0
open("/proc/net/udp", O_RDONLY)         = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(3, "", 4096)                       = 0
close(3)                                = 0
open("/proc/net/udp6", O_RDONLY)        = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(3, "", 4096)                       = 0
close(3)                                = 0
socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_SOCK_DIAG) = -1 EPROTONOSUPPORT (Protocol not supported)
dup(2)                                  = 3
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
fstat(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(4, 1), ...}) = 0
ioctl(3, TCGETS, {B38400 opost isig icanon echo ...}) = 0
write(3, "Cannot open netlink socket: Prot"..., 51) = 51
close(3)                                = 0
open("/proc/slabinfo", O_RDONLY)        = -1 ENOENT (No such file or directory)
open("/proc/net/tcp", O_RDONLY)         = 3
read(3, "", 65536)                      = 0
close(3)                                = 0
open("/proc/net/tcp6", O_RDONLY)        = 3
read(3, "", 65536)                      = 0
close(3)                                = 0
socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_SOCK_DIAG) = -1 EPROTONOSUPPORT (Protocol not supported)
dup(2)                                  = 3
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
fstat(3, {st_mode=S_IFCHR|0660, st_rdev=makedev(4, 1), ...}) = 0
ioctl(3, TCGETS, {B38400 opost isig icanon echo ...}) = 0
write(3, "Cannot open netlink socket: Prot"..., 51) = 51
close(3)                                = 0
open("/proc/slabinfo", O_RDONLY)        = -1 ENOENT (No such file or directory)
open("/proc/net/tcp", O_RDONLY)         = 3
read(3, "", 65536)                      = 0
close(3)                                = 0
open("/proc/net/tcp6", O_RDONLY)        = 3
read(3, "", 65536)                      = 0
close(3)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++

See our contributing instructions for assistance.

[sunjoong]

@tats-u - WSL looks like not to support netstat; It was included in not working list but is not included in recent working list of @sunilmut's, so ss could not be supported yet, I think.

Quote from #69 (comment) on Nov 19 2016;

Just an update that the following networking commands should be working in the latest insider build (14971):

• ping
• ifconfig
• ip link
• ip addr show
• ifconfig
• whois
• nslookup (works but spews some errors about IP_RECVTOS)

Coming soon:

• ip route
• ip addr add

Not working:

• nmap (nmap not working #1349)
• tracepath (MTR / tracepath don't work #717)
• traceroute
• netstat
• ip addr add\delete

Quote from #69 (comment) 10 days ago;

As of Creators Update, the following tools should work:

• ping
• dig
• ifconfig
• ip link
• ip addr show
• ifconfig
• whois
• nslookup
• ip route
• ip addr add/delete

Not working:

• nmap (nmap not working #1349)
• tracepath (MTR / tracepath don't work #717)
• traceroute (Traceroute not working even after the Windows 10 Creator's Update #1930)
• traceroute6 (traceroute6 doesn't work #1979)

Maybe... @sunilmut forgot to include "netstat (#2084)" item or something to not working list, I guess :) But... as mentioned on #2084, nc (i,e., nc.openbsd) command works.

[tats-u]

@sunjoong Oh my goodness, I thought it works because of the following output:

$ LANG=C netstat -ltun
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:46574           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::40720                :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
udp        0      0 0.0.0.0:35537           0.0.0.0:*
udp        0      0 0.0.0.0:68              0.0.0.0:*
udp        0      0 0.0.0.0:5353            0.0.0.0:*
udp6       0      0 :::34788                :::*
udp6       0      0 :::5353                 :::*

[sunjoong]

@tats-u - I'm not sure weither netstat is working or not working; I have just searched it :) and netstat of mine does not work :(. On https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/17532637-netstat-appears-to-report-nothing , someone had said netstat had worked on 14986.rs_prerelease.161202-1928, but... other said it did not work on 15063 on #2084.

Netstat is not included to working list nor not working list on the recent @sunilmut's list, you know. More confused.... #2084 was labeled as duplicate to #69 and closed becasue it was duplicated, but #69 was also closed becasue it contained too many issues, so both #2084 and #69 were closed for duplication like deadlock.

BTW, opener of #2084 had mentioned /proc/net/tcp but... it might be "socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_SOCK_DIAG) = -1 EPROTONOSUPPORT (Protocol not supported)" to point out on this issue, I think.

[therealkenc]

Since #2084 is closed, this tracker is as good a place as any for NETLINK_SOCK_DIAG, which is not currently supported.

In the strace above there is also:

open("/proc/net/tcp", O_RDONLY)         = 3
read(3, "", 65536)                      = 0   <--- that's no bytes

Which is to say, if you cat /proc/net/tcp you'll get nothing. So I have no idea how you are getting output from netstat -ltun. [I was going to point the finger at interop for a moment, but that wouldn't make sense unless you have MSYS2 or Cygwin in your path or something.]

There is a User Voice here with a big 5 votes as of this writing, for what it is worth.

[sunilmut]

Thanks for the report. I can confirm that netstat does not work. And, yes @sunjoong, I forgot to include netstat in my working list. There are few blockers on the way for netstat and @therealkenc has listed some of them. We are working towards getting these tools to work.

[alabama]

What's the status of this issue?
ss (netstat) still not working with the build 16299.*
It's a bit annoying not seeing which applications listen on which ports...

[gao4263]

why not solve this issue?

[sousagaspar]

note solved with ubuntu bionic win build 17134.112

[bogdan-calapod]

@sousagaspar Could you provide a bit more detail ? What exactly is Ubuntu Bionic ?

[therealkenc]

I think he meant 'not' instead of 'note', which is a most unfortunate type-o. 'Not' because (among other things) cat /proc/net/tcp is still stubbed (read: empty) as of 18267, which is unrelated to Ubuntu, Bionic or otherwise. If netstat/ss worked you'd know because this issue would be closed, plus all the noise from the rejoicing.

Stay patient. There are reasons to be cautiously optimistic there could (might, maybe, possibly) be some progress afoot in this area. Or, you know, maybe not. But if there is, you'll know.

[dzhwinter]

still not working. Any ideas?

[alfonzso]

Because of this https://stackoverflow.com/a/38920711, you can run (any?!) windows exe from wsl bash, so:
netstat.exe -an | grep -i "listen" | grep -v "\[::\]"
it's working and good enough for me now.

[mdzhigarov]

I tried a similar approach by executing a Windows command (netstat.exe) from WSL with the hope that netstat on Windows works as expected and returns the PID.

The problem with such approaches is that the same process has PID xxx in Windows but is yyy in WSL so there is no way to correlate between the two pids.

[dsyx]

Therefore, wsl will not support the ss command and netstat command in the near future?

[hgfeaon]

Because of this https://stackoverflow.com/a/38920711, you can run (any?!) windows exe from wsl bash, so:
netstat.exe -an | grep -i "listen" | grep -v "\[::\]"
it's working and good enough for me now.

Well Done! but the native solution will be better

[taggdev]

alias netstat='/c/Windwos/System32/netstat.exe'

add in file .bashrc or .profile

source .bashrc or .profile

[wakayamasan]

netstat still no working in ver. 10.0.17763.914
can this bug be figured out?

[omarryhan]

alias netstat='/c/Windwos/System32/netstat.exe'

add in file .bashrc or .profile

source .bashrc or .profile

In my case this (+ fixing a typo) worked:

/mnt/c/Windows/System32/netstat.exe

To append it to your .bashrc, type:

echo "alias netstat='/mnt/c/Windows/System32/netstat.exe'" >> ~/.bashrc

[tats-u]

@therealkenc WSL2 has a different network configuration. While WSL1 has the same one as host, WS2 behaves a VM in a local network like other Hyper-V VMs and Docker containers in Linux.
Someone may want to get network information of the machine itself via Linux interface.
You don't have to close this issue for the reason this has been "fixed" in WSL2.

[rickyma]

alias netstat='/c/Windwos/System32/netstat.exe'
add in file .bashrc or .profile
source .bashrc or .profile

In my case this (+ fixing a typo) worked:

/mnt/c/Windows/System32/netstat.exe

To append it to your .bashrc, type:

echo "alias netstat='/mnt/c/Windows/System32/netstat.exe'" >> ~/.bashrc

This helps me a lot. Works like a charm. Thanks~

[ghost]

@sunilmut Hello Sir, could you please share an update on the status of this ticket? Is it on a todo list perhaps, or put into oblivion?