ss is short for Socket Statistics. As the name suggests, the ss command can be used to get socket statistics, which can display something similar to netstat. But the advantage of ss is that it can display more and more detailed information about TCP and connection status, and it is faster and more efficient than netstat.
When the number of socket connections of the server becomes very large, whether using the netstat command or directly cat /proc/net/tcp, the execution speed will be very slow. You may not feel it personally, but believe me, when the server maintains tens of thousands of connections, using netstat is a waste of life, and using ss is a time saver.
UI. The secret of fast ss is that it uses tcp_diag in the TCP protocol stack. tcp_diag is a module for analyzing statistics, which can obtain first-hand information in the Linux kernel, which ensures the fast and efficient ss. Of course, if you don't have tcp_diag in your system, ss will work fine, but the efficiency will be slightly slower. (But still faster than netstat.)
1. Command format:
ss [parameter]
ss [parameter] [filter]
2. Command function: The
ss (abbreviation of Socket Statistics) command can be used to obtain socket statistics. The output of this command is The result is similar to the netstat output, but it can display more detailed information about the TCP connection status and is faster and more efficient than netstat. It uses tcp_diag (a module for analyzing statistics) in the TCP protocol stack, and can directly obtain first-hand kernel information, which makes the ss command fast and efficient. ss works fine without tcp_diag.
3. Command parameters:
-h, --help help information
-V, --version #p#page title#e#program version information
-n, --numeric do not resolve service names
-r, --resolve resolve hostnames
-a, --all show all sockets (sockets)
-l, --listening show sockets in listening state
- o, --options show timer information
-e, --extended show detailed socket information
-m, --memory show socket memory usage
-p, --processes show usage Process of socket (socket)
-i, --info show TCP internal information
-s, --summary show socket (socket) usage overview
-4, --ipv4 show only IPv4 sockets (sockets)
- 6, --ipv6 show only IPv6 sockets (sockets)
#p#page title#e#-0, --packet show PACKET sockets (sockets)
-t, --tcp show only TCP sockets (sockets ) )
-u, --udp only show UCP sockets (sockets)
-d, --dccp only show DCCP sockets (sockets)
-w, --raw only show RAW sockets (sockets)
-x, - -unix show only Unix sockets (sockets)
-f, --family=FAMILY Display sockets of type FAMILY, FAMILY is optional, supports unix, inet, inet6, link, netlink
-A, --query=QUERY, --socket=QUERY
QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
-D, --diag=FILE Dump raw TCP sockets (sockets) to file
-F, --filter= FILE go to the filter information from the file
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
4.#p#page title #e#Use example:
Example 1: Display TCP connection
Command :
ss -t -a
output:
copy code
[root@localhost ~]# ss -t -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 0 127.0.0.1:smux *:*
LISTEN 0 0 *:3690 *:*
LISTEN 0 0 *:ssh *:* #p#page title#e#
ESTAB 0 0 192.168.120.204:ssh 10.2.0.68:49368
[ root@localhost ~]#
Copy code
Description :
Example 2: Display Sockets summary
Command :
ss -s
Output:
Copy code
[root@localhost ~]# ss -s
Total: 34 (kernel 48)
TCP: 4 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 3
Transport Total IP IPv6
* 48 - -
RAW 0 0 0 #p#page header#e#
UDP 5 5 0
TCP 4 4 0
INET 9 9 0
FRAG 0 0 0
[root@localhost ~] #Copy
code
Description :
List the current established, closed, orphaned and waiting TCP sockets
Instance 3: List all open network connection ports
Command :
ss -l
output :
copy code
[root@localhost ~]# ss -l
Recv-Q Send-Q Local Address:Port Peer Address:Port #p#Page Title#e#
0 0 127.0.0.1:smux *:*
0 0 *:3690 *:*
0 0 *:ssh *:*
[root@ localhost ~]
#Copy code
Description :
Example 4: View the socket
command used by the process:
ss -pl
output:
#p#Page title#e#
Copy code
[root@localhost ~]# ss -pl
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 127.0.0.1:smux *:* users:(("snmpd",2716,8))
0 0 *:3690 *:* users:(("svnserve",3590,3))
0 0 *:ssh *:* users:((#p#分页标题#e#"sshd",2735,3)) Copy code Output: ss -lp | grep 3306 Example 5: Find out the open socket/port application Command #Copy code Description
[root@localhost ~]
[root@localhost ~]# ss -lp|grep 1935
0 0 *:1935 *:* users:(("fmsedge",2913,18))
0 0 127.0.0.1:19350 *:* users:((#p #Pagination title#e#"fmsedge",2913,17))
[root@localhost ~]# ss -lp|grep 3306
0 0 *:3306 *:* users:(("mysqld",2871,10))
[root @localhost ~]#
Copy code
Description :
Example 6: Display all UDP Sockets
Command:
ss -u -a
Output:
Copy code
[root@localhost ~]# ss -u -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port #p#Page Title#e#
UNCONN 0 0 127.0.0.1:syslog *:*
UNCONN 0 0 *:snmp *:*
ESTAB 0 0 192.168.120.203:39641 10.58.119.119:domain
[root@localhost ~] #Copy
code
Description :
Example 7: Display all status For established SMTP connection
Command :
ss -o state established '( dport = :smtp or sport = :smtp )'
Output:
[root@localhost ~]#p#page title#e## ss -o state established '( dport = :smtp or sport = :smtp )'
Recv-Q Send-Q Local Address:Port Peer Address:Port
[root@localhost ~]#Description
:
Example 8: Display all HTTP connections whose status is Established
Command :
ss -o state established '( dport = :http or sport = :http )'
output:
[root@localhost ~]# ss -o state established '( dport = :http or sport = :http )'
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 75.126.153.214 :2164 192.168.10.42:http #p#Page title#e#
[root@localhost ~]#Description
:
Example 9: List all tcp sockets whose source port is 80 or 443 in FIN-WAIT-1 state, and whose destination network is 193.233.7/24
Command :
ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24
Output:
Description:
Example 10: Filter Sockets with TCP state:
Command:
ss -4 state FILTER-NAME-HERE
ss -6 state FILTER-NAME-HERE
Output:
[root @localhost ~]#ss -4 state closing
Recv-Q Send-Q Local Address:Port Peer Address:Port #p#page title#e#
1 11094 75.126.153.214:http 192.168.10.42:4669
Description:
FILTER-NAME-HERE Can represent any of the following:
established
syn-sent
syn-recv
fin-wait-1
fin-wait-2
time-wait
closed
close-wait
last-ack
listen
closing
all : all above states
connected : all states except listen and closed
synchronized : all connected states Except for syn-sent
bucket : Display status as maintained as minisockets, such as: time-wait and syn-recv. #p#page title #e#
big : Contrary to bucket.
Example 11: Match remote address and port number
Command :
ss dst ADDRESS_PATTERN
ss dst 192.168.1.5
ss dst 192.168.119.113:http
ss dst 192.168.119.113:smtp
ss dst 192.168.119.113:443
output:
copy code
[root@localhost ~]# ss dst 192.168.119.1
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.119.103:16014 192.168.119.113:20229 ESTAB
0 0 192.168.119.103:16014 192.168.119.113:61056 #p#page title#e
0 192.168.119.103:16014 192.168.119.113:61623
ESTAB 0 0 192.168.119.103:16014 192.168.119.113:60924
ESTAB 0 0 192.168.119.103:16050 192.168.119.113:43701
ESTAB 0 0 192.168.119.103:16073 192.168.119.113:32930
ESTAB 0 0 192.168.119.103:16073 192.168.119.113:49318
ESTAB 0 0 192.168.119.103:16014 192.168.119.113:3844
[root@localhost ~]# ss dst 192.168.119.113:http
State Recv-Q Send-Q Local Address:Port Peer Address:Port #p#分页标题#e#
[root@localhost ~]# ss dst 192.168.119.113:3844
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.119.103:16014 192.168.119.113:3844
[root@localhost ~] #Copy
code
Description :
Example 12: Match local address and port number
Command :
the src ADDRESS_PATTERN SS SS the
src 192.168.119.103 SS
192.168.119.103:http the src SS 192.168.119.103:80 the src SS 192.168.119.103:smtp the src SS 192.168.119.103:25 the src output: # p # # e # tab title copy the code [root @ localhost ~]# ss src 192.168.119.103:16021
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.119.103:16021 192.168.119.201:63054
ESTAB 0 0 192.168.119.103:16021 192.168.119.201:62894
ESTAB 0 0 192.168.119.103:16021 192.168.119.201:63055
ESTAB 0 0 192.168.119.103:16021 192.168.119.201:2274
ESTAB 0 0 192.168.119.103:16021 192.168.119.201:44784 # p # E # tab title # the
ESTAB 0 0 192.168.119.103:16021 192.168.119.201:7233
the ESTAB 0 0 192.168.119.103:16021 192.168.119.103:58660
the ESTAB 0 0 192.168 .119.103:16021 192.168.119.201:44822
ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56737
Estab 0 0 192.168.119.103:16021 10.2.1.206:57487
ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56736
ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64652 # p # page title # e #
Estab 0 0 192.168 .119.103:16021 10.2.1.206:56586
ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64653
ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56587
[root@localhost ~] #Copy
code
Description :
Example 13: Compare a local or remote port with a number
Command :
ss dport OP PORT
ss sport OP PORT
output:
#p #Pagination title#e#
Copy code
[root@localhost ~]# ss sport = :http
[root@localhost ~]# ss dport = :http
[root@localhost ~]# ss dport \> :1024
[root@localhost ~] # ss sport \> :1024
[root@localhost ~]# ss sport \< :32000
[root@localhost ~]# ss sport eq :22
[root@localhost ~]# ss dport != :22
[root@localhost ~ ]# ss state connected sport = :http
[root@localhost ~]# ss \( sport = :http or sport = :https \)
[root@localhost ~]# ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1/24Copy
code
Description :#p#page title#e#
ss dport OP PORT remote port is compared with a number; ss sport OP PORT local port is compared with a number.
OP can represent any of the following:
<= or le : less than or equal to the port number
>= or ge : greater than or equal to the port number
== or eq : equal to the port number
!= or ne : not equal to the port number
< or gt : less than the port number number
> or lt : greater than the port number
Example 14: Efficiency comparison between ss and netstat
Command:
time netstat -at
time ss
output:
copy code
[root@localhost ~]# time ss #p#page title#e#
real 0m0.739s
user 0m0 .019s
sys 0m0.013s
[root@localhost ~]#
[root@localhost ~]# time netstat -at
real 2m45.907s
user 0m0.063s
sys 0m0.067s
[root@localhost ~] #Copy
code
Description :
Use the time command to obtain the program and overview resources occupied by the netstat and ss commands respectively time used. When the number of server connections is relatively large, the efficiency of netstat cannot be compared with ss at all.
Reprinted in: http://www.itxuexiwang.com/a/liunxjishu/2016/0303/210.html?1457084072
A linux command per day (57): ss command
Guess you like
Origin http://10.200.1.11:23101/article/api/json?id=326798265&siteId=291194637
Recommended
Ranking