Shulou(Shulou.com)06/02 Report--

This article analyzes "how to use the ss command of the Linux network status tool". The content is detailed and easy to understand, the "Linux network status tool ss command how to use" interested friends can follow the editor's ideas slowly in-depth to read, I hope that after reading can be helpful to everyone. Let's follow the editor to learn more about how to use the ss command of the Linux network status tool.

The ss command is used to display the socket status. It can display statistics such as PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, etc. It displays more tcp and state information than other tools. It is a very practical, fast, and efficient new tool for tracking IP connections and sockets. The SS command provides the following information:

All TCP sockets all UDP sockets all ssh/ftp/ttp/https persistent connections all local processes connected to Xserver use state (e.g. connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), address, port to filter all state FIN-WAIT-1 tcpsocket connections and more

Many popular Linux distributions support ss and many monitoring tools use the ss command. Familiarity with this tool will help you better identify and solve system performance problems. I strongly recommend using the ss command instead of some netstat commands, such as netsat-ant/lnt, etc.

Before showing him, let's make a comparison and count the number of concurrent connections on the server.

Netstat# time netstat-ant | grep EST | wc-l3100real 0m12.960suser 0m0.334ssys 0m12.561s# time ss-o state established | wc-l3204real 0m0.030suser 0m0.005ssys 0m0.026s

As a result, ss is obviously better than netstat in counting the number of concurrent connections. If ss can handle it, will you still choose netstat? are you still hesitating? take a look at the following example, or jump to the help page.

Common ss commands:

Ss-l shows all ports opened locally ss-pl shows specific opened socketss-t-a for each process shows all tcp socketss-u-a shows all UDP Socektss-o state established'(dport =: smtp or sport =: smtp) 'shows all established SMTP connections ss-o state established' (dport =: http or sport =: http) 'shows all established HTTP connections ss-x src / tmp/.X11-unix / * find out all processes connected to the X server ss-s list the current socket details:

Displays sockets brief information, listing currently connected, closed, and waiting tcp connections

# ss-sTotal: 3519 (kernel 3691) TCP: 26557 (estab 3163, closed 23182, orphaned 3163, synrecv 0, timewait 23182), ports 1452Transport Total IP IPv6* 3691-- RAW 2 2 0UDP 10 7 3TCP 3375 3368 7INET 3 387 3 377 10FRAG 0 0

List the current listening ports

# ss-lRecv-Q Send-Q Local Address:Port Peer Address:Port0 10: 5989:: * 0 5 *: rsync *: * 0128:: sunrpc:: * 0128 *: sunrpc *: * 0511 *: http *: * 0128:: ssh: * 0128 *: ssh *: * 0128:: 35766:: * 0128 127.0.0.1:ipp *: * 0128:: 1:ipp: * 0100: 1:smtp : * 0100 127.0.0.1:smtp *: * 0511 *: https *: * 0100: 1311:: * 0 5 *: 5666 *: * 0128 *: 3044 *: *

Ss lists each process name and the port it listens on

# ss-pl

Ss column all tcp sockets

# ss-t-a

Ss lists all udp sockets

# ss-u-a

Ss lists connections in all http connections

# ss-o state established'(dport =: http or sport =: http)'

The above includes 80% provided to the outside world, and 80% access to the outside

Use the above command to perfectly replace netstat to obtain the number of http concurrent connections, which is commonly used in monitoring.

Ss lists which local processes are connected to x server

# ss-x src / tmp/.X11-unix/*

Ss lists http and https connections in the FIN-WAIT-1 state

# ss-o state fin-wait-1'(sport =: http or sport =: https)'

Common state status of ss:

Establishedsyn-sentsyn-recvfin-wait-1fin-wait-2time-waitclosedclose-waitlast-acklistenclosingall: All of the above statesconnected: All the states except for listen and closedsynchronized: All the connected states except for syn-sentbucket: Show states, which are maintained as minisockets, i.e. Time-wait and syn-recv.big: Opposite to bucket state.

Ss uses IP address filtering

Ss src ADDRESS_PATTERNsrc: indicates the source ADDRESS_PATTERN: indicates that the address rules are as follows: ss src 120.33.31.1 # 20.33.31.1 connection # listed to 120.33.31.1 Port 80 connection ss src 120.33.31.1:httpss src 120.33.31.1 ss src 120.33.31.1:httpss src 8

Ss uses port filtering

Ss dport OP PORTOP: is the operator PORT: indicates the port dport: indicates the filter target port, and vice versa has sport

The OP operator is as follows:

= or ge: greater than or equal to = = or eq: equal to! = or ne: not equal to port or gt: greater than port

OP instance

Ss sport =: http can also be ss sport =: 80ss dport =: httpss dport\ >: 1024ss sport\ >: 1024ss sport\

Why ss is faster than netstat:

Netstat traverses every PID directory under / proc, and ss reads the statistics under / proc/net directly. So the execution of ss consumes much less resources and time than netstat.

Ss Command help

# ss-hUsage: ss [OPTIONS] ss [OPTIONS] [FILTER]-h,-- help this message-V,-- version output version information-n,-- numeric don't resolve service names-r,-- resolve resolve host names-a,-- all display all sockets-l,-- listening display listening sockets-o,-- options show timer information-e -- extended show detailed socket information-m,-- memory show socket memory usage-p,-processes show process using socket-I,-- info show internal TCP information-s,-- summary show socket usage summary-4,-- ipv4 display only IP version 4 sockets-6,-- ipv6 display only IP version 6 sockets-0,-- packet display PACKET sockets-t -- tcp display only TCP sockets-u,-- udp display only UDP sockets-d,-- dccp display only DCCP sockets-w,-- raw display only RAW sockets-x,-- unix display only Unix domain sockets-f,-- family=FAMILY display sockets of type FAMILY-A,-- query=QUERY,-- socket=QUERY QUERY: = {all | inet | tcp | udp | raw | unix | packet | netlink} [, QUERY]-D -- diag=FILE Dump raw information about TCP sockets to FILE-F,-- filter=FILE read filter information from FILE FILTER: = [state TCP-STATE] [EXPRESSION] what is a Linux system Linux is a free-to-use and free-spread UNIX-like operating system Is a POSIX-based multi-user, multi-tasking, multi-threaded and multi-CPU operating system, using Linux to run major Unix tools, applications and network protocols.

About how to use the Linux network status tool ss command to share here, I hope that the above content can make you improve. If you want to learn more knowledge, please pay more attention to the editor's updates. Thank you for following the website!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.