Shulou(Shulou.com)06/02 Report--

Monitor the ss of the service port command locally on the server

When the number of socket connections to the server becomes very large, execution will be slow, whether using the netstat command or directly cat / proc/net/tcp. You may not feel it personally, but when the server maintains tens of thousands of connections, using netstat is a waste of life, and using ss is time-saving. The kung fu under heaven can only be broken quickly. The secret of ss fast is that it takes advantage of tcp_diag in the TCP protocol stack. Tcp_diag is a module for analysis and statistics, which can obtain first-hand information in the Linux kernel, which ensures the speed and efficiency of ss. Of course, if you don't have tcp_diag,ss in your system, it will work properly, but it will be a little slower. (but still faster than netstat. )

Command format

Ss [parameters]

Command function

The ss (abbreviation for Socket Statistics) command can be used to get socket statistics. The output of this command is similar to that of netstat, but it can display more and more detailed information about the status of TCP connections and is faster and more efficient than netstat. It uses tcp_diag (a module for analysis and statistics) in the TCP protocol stack to obtain first-hand kernel information directly, which makes ss commands fast and efficient. It can work without tcp_diag,ss.

Command parameter

-h,-- help help information-- V,-- version program version information-- n,-- numeric does not resolve the service name-r,-- resolve parses the hostname-a,-- all displays all sockets (sockets)-l,-- listening displays sockets (sockets)-o,-- options displays timer information-e,-- extended displays detailed socket (sockets) information-m -- memory displays memory usage of sockets (socket)-- p,-- processes displays processes using sockets (socket)-- I,-- info displays TCP internal information-- s,-- summary displays sockets (socket) usage profiles-4,-- ipv4 displays only IPv4 sockets (sockets)-6,-- ipv6 displays only IPv6 sockets (sockets)-0 -- packet displays PACKET sockets (socket)-t,-- tcp displays only TCP sockets (sockets)-u,-- udp only shows UCP sockets (sockets)-d,-- dccp only shows DCCP sockets (sockets)-w,-- raw only shows RAW sockets (sockets)-x,-- unix only shows Unix sockets (sockets)-f,-- family=FAMILY displays sockets (sockets) of FAMILY type FAMILY is optional and supports unix, inet, inet6, link, netlink-A,-- query=QUERY,-- socket=QUERY QUERY: = {all | inet | tcp | udp | raw | unix | packet | netlink} [, QUERY]-D,-- diag=FILE dumps the original TCP socket (sockets) information to the file-F,-- filter=FILE removes filter information FILTER: = [state TCP-STATE] [EXPRESSION] from the file

Use an example

Example 1: show TCP connections

[root@localhost ~] # ss-t-a State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 0 127.0.0.1:smux *: * LISTEN 0 0 *: 3690 *: * LISTEN 0 0 *: ssh *: * ESTAB 00 192.168.120.204:ssh 10.2.0.68 127.0.0.1:smux 49368

Example 2: display Sockets summary

[root@localhost] # ss-s Total: 34 (kernel 48) TCP: 4 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0 play 0), ports 3 Transport Total IP IPv6 * 48-- RAW 000 UDP 550 TCP 4 40 INET 9 9 0 FRAG 2000

Description: list current established, closed, orphaned and waiting TCP sockets

Example 3: list all open network connection ports

[root@localhost ~] # ss-l Recv-Q Send-Q Local Address:Port Peer Address:Port 0 0 127.0.0.1:smux *: * 0 *: 3690 *: * 0 *: ssh *: *

Example 4: view the socket used by the process

[root@localhost ~] # ss-pl Recv-Q Send-Q Local Address:Port Peer Address:Port 0 0 127.0.0.1:smux *: * users: (("snmpd", 2716 root@localhost 8)) 0 0 *: 3690 *: * users: (("svnserve", 3590 127.0.0.1:smux 3) 0 0 *: ssh *: * users: ("sshd", 2735 Power3))

Example 5: find the open socket / port application

[root@localhost ~] # ss-lp | grep 19350 0 *: 1935 *: * users: (("fmsedge", 291313 18)) 0 0127.0.0.1 ss 19350 *: * users: ("fmsedge", 2913 # 17) [root@localhost ~] # ss-lp | grep 0 000 *: 3306 *: * users: ("mysqld", 2871 #)

Example 6: show all UDP Sockets

[root@localhost] # ss-u-a State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 127.0.0.1:syslog *: * UNCONN 0 0 *: snmp *: * ESTAB 0 0 192.168.120.203 State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 39641 10.58.119.119:domain

Example 7: displays all SMTP connections with a status of established

[root@localhost ~] # ss-o state established'(dport =: smtp or sport =: smtp) 'Recv-Q Send-Q Local Address:Port Peer Address:Port

Example 8: displays all HTTP connections with a status of Established

[root@localhost] # ss-o state established'(dport =: http or sport =: http) 'Recv-Q Send-Q Local Address:Port Peer Address:Port 0 075.126.153.214 virtual 2164 192.168.10.42:http

Example 9: enumerates that the source port in the FIN-WAIT-1 state is 80 or 443, and the destination network is 193.233.7and24 all tcp sockets

[root@localhost] # ss-o state fin-wait-1'(sport =: http or sport =: https) 'dst 193.233.7and24 Recv-Q Send-Q Local Address:Port Peer Address:Port

Example 10: filter Sockets with TCP status

Command:

Ss-4 state FILTER-NAME-HERE ss-6 state FILTER-NAME-HERE

Output:

[root@localhost] # ss-4 state closing Recv-Q Send-Q Local Address:Port Peer Address:Port 1 11094 75.126.153.214:http 192.168.10.42 state closing Recv-Q Send-Q Local Address:Port Peer Address:Port 4669

Description:

FILTER-NAME-HERE can represent any of the following:

Established

Syn-sent

Syn-recv

Fin-wait-1

Fin-wait-2

Time-wait

Closed

Close-wait

Last-ack

Listen

Closing

All: all the above statu

Connected: all states except listen and closed

Synchronized: all connected states except syn-sent

Bucket: the display status is maintained as minisockets, such as time-wait and syn-recv.

Big: opposite to bucket.

Example 11: match remote address and port number

Command:

Ss dst ADDRESS_PATTERN ss dst 192.168.1.5 ss dst 192.168.119.113:http ss dst 192.168.119.113:smtp ss dst 192.168.119.113:443

Output:

[root@localhost ~] # ss dst 192.168.119.113 State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0192.168.119.103 ESTAB 20229 192.168.119.119.103 ESTAB 0 0192.168.119.113 State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 61056 ESTAB 0 192.168.119.103purl 16014 192.168.119.119.113Rue 61623 ESTAB 0192.168.119.119.103Vera 16014 192.168.119.11314 60924 ESTAB 0192. 168.119.103 ESTAB 16050 192.168.119.119.103 ESTAB 0 0192.168.119.103 ESTAB 32930 192.168.119.103 ESTAB 0192.168.119.103 ESTAB 0192.168.119.119.119.119.119.119.113 ss dst 192.168.119.113:http State Recv-Q Send-Q Local Address:Port Peer Address:Port [root@localhost ~] # ss Dst 192.168.119.113:3844 State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.119.103:16014 192.168.119.113:3844

Example 12: match local address and port number

Command:

Ss src ADDRESS_PATTERN ss src 192.168.119.103 ss src 192.168.119.103:http ss src 192.168.119.103:80 ss src 192.168.119.103:smtp ss src 192.168.119.103:25

Output:

[root@localhost ~] # ss src 192.168.119.103 State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 192.168.119.103Vv 16021 192.168.119.20120133054 ESTAB 0 192.168.119.20162894 ESTAB 0 0192.168.119.103Flange 162.168.119.20163055 ESTAB 0 192.168.119.103 ESTAB 16021 192.168.119.2012274 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:44784 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:7233 ESTAB 0 0 192.168.119.103:16021 192.168.119.103:58660 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:44822 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56737 ESTAB 0 0 192.168.119.103:16021 10.2.1. 206:57487 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56736 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64652 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56586 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64653 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56587

Example 13: compare a local or remote port with a number

Command:

Ss dport OP PORT ss sport OP PORT

Output:

[root@localhost ~] # ss sport =: http [root@localhost ~] # ss dport =: http [root@localhost ~] # ss dport\ >: 1024 [root@localhost ~] # ss sport\ >: 1024 [root@localhost ~] # ss sport\

< :32000 [root@localhost ~]# ss sport eq :22 [root@localhost ~]# ss dport != :22 [root@localhost ~]# ss state connected sport = :http [root@localhost ~]# ss \( sport = :http or sport = :https \) [root@localhost ~]# ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1/24 说明： ss dport OP PORT 远程端口和一个数比较；ss sport OP PORT 本地端口和一个数比较。 OP 可以代表以下任意一个: = or ge : 大于或等于端口号 == or eq : 等于端口号 != or ne : 不等于端口号 < or gt : 小于端口号 >

Or lt: greater than port number

Efficiency comparison between example 14:ss and netstat

Command:

Time netstat-at time ss

Output:

[root@localhost ~] # time ss real 0m0.739s user 0m0.019s sys 0m0.013s [root@localhost] # [root@localhost ~] # time netstat-at real 2m45.907s user 0m0.063s sys 0m0.067s

Description: use the time command to get the time it takes to get the program and profile resources through the netstat and ss commands, respectively. When there are a large number of server connections, the efficiency of netstat can not be compared with ss at all.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.