Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to use the Linux network status tool ss command. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

The ss command is used to display the socket status. It can display statistics such as PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, etc. It displays more tcp and state information than other tools. It is a very practical, fast, and efficient new tool for tracking IP connections and sockets. The SS command provides the following information:

All the TCP sockets

All the UDP sockets

All ssh/ftp/ttp/https persistent connections

All local processes connected to the Xserver

Use state (e.g. connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), address, port filtering

All state FIN-WAIT-1 tcpsocket connections and more

Many popular Linux distributions support ss and many monitoring tools use the ss command. Familiarity with this tool will help you better identify and solve system performance problems. I strongly recommend using the ss command instead of some netstat commands, such as netsat-ant/lnt, etc.

Before showing him, let's make a comparison and count the number of concurrent connections on the server.

Eal 0m12.960s user 0m0.334s sys 0m12.561s # time ss-o state established | wc-l 3204 real 0m0.030s user 0m0.005s sys 0m0.026s netstat # time netstat-ant | grep EST | wc-l 3100 r

As a result, ss is obviously better than netstat in counting the number of concurrent connections. If ss can handle it, will you still choose netstat? are you still hesitating? take a look at the following example, or jump to the help page.

Common ss commands:

Ss-l shows all ports opened locally ss-pl shows specific opened socket ss-t-a for each process shows all tcp socket ss-u-a shows all UDP Socekt ss-o state established'(dport =: smtp or sport =: smtp) 'shows all established SMTP connections ss-o state established' (dport =: http or sport =: http) 'shows all established HTTP connections ss-x src / Tmp/.X11-unix/* finds all processes connected to the X server ss-s lists the current socket details:

Displays sockets brief information, listing currently connected, closed, and waiting tcp connections

# ss-s Total: 3519 (kernel 3691) TCP: 26557 (estab 3163, closed 23182, orphaned 3163, synrecv 0, timewait 23182), ports 1452 Transport Total IP IPv6 * 3691-- RAW 220 UDP 10 7 3 TCP 3375 3368 7 INET 3387 3377 10 FRAG 0 0

List the current listening ports

# ss-lRecv-Q Send-Q Local Address:Port Peer Address:Port 0 10: 5989:: * 0 5 *: rsync *: * 0128:: sunrpc:: * 0128 *: sunrpc *: * 0511 * 2:http *: * 0128:: ssh: * 0128 *: ssh *: * 0128:: 35766:: * 0128 127.0.0.1:ipp *: * 0128:: 1:ipp : * 0100:: 1:smtp: * 0100 127.0.0.1:smtp *: * 0511 *: https *: * 0100: 1311: * 0 5 *: 5666 *: * 0128 *: 3044 *: *

Ss lists each process name and the port it listens on

# ss-pl

Ss column all tcp sockets

# ss-t-a

Ss lists all udp sockets

# ss-u-a

Ss lists connections in all http connections

# ss-o state established'(dport =: http or sport =: http)'

The above includes 80% provided to the outside world, and 80% access to the outside

Use the above command to perfectly replace netstat to obtain the number of http concurrent connections, which is commonly used in monitoring.

Ss lists which local processes are connected to x server

# ss-x src / tmp/.X11-unix/*

Ss lists http and https connections in the FIN-WAIT-1 state

# ss-o state fin-wait-1'(sport =: http or sport =: https)'

Common state status of ss:

Established syn-sent syn-recv fin-wait-1 fin-wait-2 time-wait closed close-wait last-ack listen closing all: All of the above states connected: All the states except for listen and closed synchronized: All the connected states except for syn-sent bucket: Show states, which are maintained as minisockets, i.e. Time-wait and syn-recv. Big: Opposite to bucket state.

Ss uses IP address filtering

Ss src ADDRESS_PATTERN src: indicates the source ADDRESS_PATTERN: indicates that the address rules are as follows: ss src 120.33.31.1 # 20.33.31.1 connection # listed to 120.33.31.1 Port 80 connection ss src 120.33.31.1:http ss src 120.33.31.1 ss src 120.33.31.1:http ss src 8

Ss uses port filtering

Ss dport OP PORT OP: is the operator PORT: indicates the port dport: indicates the filter target port, and vice versa has sport

The OP operator is as follows:

= or ge: greater than or equal to = = or eq: equal to! = or ne: not equal to port

Or gt: greater than port

OP instance

Ss sport =: http can also be ss sport =: 80 ss dport =: http ss dport\ >: 1024 ss sport\ >: 1024 ss sport\ <: 32000 ss sport eq: 22 ss dport! =: 22 ss state connected sport =: http ss\ (sport =: http or sport =: https\) ss-o state fin-wait-1\ (sport =: http or sport =: https\) dst 192.168.1hand 24

Why ss is faster than netstat:

Netstat traverses every PID directory under / proc, and ss reads the statistics under / proc/net directly. So the execution of ss consumes much less resources and time than netstat.

Ss Command help

# ss-h Usage: ss [OPTIONS] ss [OPTIONS] [FILTER]-h,-- help this message-V,-- version output version information-n,-- numeric don't resolve service names-r,-- resolve resolve host names-a,-- all display all sockets-l,-- listening display listening sockets-o -- options show timer information-e,-- extended show detailed socket information-m,-memory show socket memory usage-p,-- processes show process using socket-I,-- info show internal TCP information-s,-- summary show socket usage summary-4,-- ipv4 display only IP version 4 sockets-6 -- ipv6 display only IP version 6 sockets-0,-- packet display PACKET sockets-t,-- tcp display only TCP sockets-u,-- udp display only UDP sockets-d,-- dccp display only DCCP sockets-w,-- raw display only RAW sockets-x,-- unix display only Unix domain sockets-f -- family=FAMILY display sockets of type FAMILY-A,-- query=QUERY,-- socket=QUERY QUERY: = {all | inet | tcp | udp | raw | packet | netlink} [, QUERY]-D,-- diag=FILE Dump raw information about TCP sockets to FILE-F,-- filter=FILE read filter information from FILE FILTER: = [state TCP-STATE] [EXPRESSION] about how to use the Linux Network status tool ss command. Hope that the above content can be helpful to you, so that you can learn more knowledge, if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.