Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to use the ss command in Linux, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand.

The Linux common command ss command is used to display socket information that is active. The ss command can be used to get socket statistics, which can display something similar to netstat. But the advantage of ss is that it can display more and more detailed information about TCP and connection status, and is faster and more efficient than netstat.

Socket statistics that ss is better than netstat. Another tool that comes with the iproute2 package allows you to query statistics about socket.

Add that when the number of socket connections to the server becomes very large, whether using the netstat command or directly cat / proc/net/tcp, the execution speed will be very slow. You may not feel it personally, but believe me, when the server maintains tens of thousands of connections, using netstat is a waste of life, while using ss is saving time.

The martial arts in the world can only be broken quickly. The secret of ss fast is that it takes advantage of tcp_diag in the TCP protocol stack. Tcp_diag is a module for analysis and statistics, which can obtain first-hand information in the Linux kernel, which ensures the speed and efficiency of ss. Of course, if you don't have tcp_diag,ss in your system, it will work properly, but it will be a little slower.

Syntax ss [parameters] ss [parameters] [filter] option-h,-- help help information-V,-- version program version information-n,-- numeric does not resolve service name-r,-- resolve resolution hostname-a,-- all displays all sockets (sockets)-l,-- listening shows sockets (sockets)-o for listening status -- options display timer information-- e,-- extended displays detailed socket (sockets) information-- m,-- memory shows memory usage of socket (socket)-- p,-- processes shows processes using socket (socket)-- I,-- info displays TCP internal information-- s,-- summary shows an overview of the use of socket (socket)-4 -- ipv4 displays only IPv4 sockets (sockets)-6,-- ipv6 displays only IPv6 sockets (sockets)-0,-- packet displays PACKET sockets (socket)-t,-- tcp displays only TCP sockets (sockets)-u,-- udp displays only UCP sockets (sockets)-d,-- dccp displays only DCCP sockets (sockets)-w -- raw displays only RAW sockets (sockets)-x,-- unix displays only Unix sockets (sockets)-f,-- family=FAMILY displays sockets of type FAMILY (sockets) FAMILY optional Unix, inet, inet6, link, netlink-A,-- query=QUERY,-- socket=QUERY QUERY: = {all | inet | tcp | udp | raw | unix | packet | netlink} [, QUERY]-D,-- diag=FILE dump the original TCP socket (sockets) information to file-F -- filter=FILE remove filter information from file FILTER: = [state TCP-STATE] [EXPRESSION] instance ss-t-a # display TCP connection ss-s # display Sockets summary ss-l # list all open network connection ports ss-pl # View the socket ss-lp used by the process | grep 3306 # find out the open socket / port application The program ss-u-a displays all UDP Sockets ss-o state established'(dport =: smtp or sport =: smtp)'# shows all SMTP connections with status established ss-o state established'(dport =: http or sport =: http)'# shows all HTTP connections with status Established ss-o state fin-wait-1'(sport =: http or sport =: https) 'dst 193.233.7Mab 24 # enumerates the status of FIN -the source port of WAIT-1 status is 80 or 443 The destination network is 193.233.7 tcp 24 all tcp sockets # ss and netstat efficiency comparison time netstat-at time ss # matching remote address and port number # ss dst ADDRESS_PATTERN ss dst 192.168.1.5 ss dst 192.168.119.113:http ss dst 192.168.119.113:smtp ss dst 192.168.119.113netstat 443 # matching local address and port number # ss src ADDRESS_PATTERN ss src 192.168 .119.103 ss src 192.168.119.103:http ss src 192.168.119.103 ss src 192.168.119.103:smtp ss src 80 ss src 192.168.119.103:smtp ss src 192.168.119.103 VL25 compare a local or remote port with a number

# ss dport OP PORT remote port and a number comparison # ss sport OP PORT local port and a number comparison # OP can represent any of the following: # # > = or ge: greater than or equal to port number # = = or eq: equal to port number #! = or ne: not equal to port number # > or lt: greater than port number ss sport =: http ss dport =: http ss dport\ >: 1024 ss sport\ >: 1024 ss sport\ =: 22 ss state connected sport =: http ss\ (sport =: http or sport =: https\) ss-o state fin-wait-1\ (sport =: http or sport =: https\) dst 192.168.1 go 24 filter Sockets with TCP status

Ss-4 state closing # ss-4 state FILTER-NAME-HERE # ss-6 state FILTER-NAME-HERE # FILTER-NAME-HERE can represent any of the following: # established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen, closing, # all: all above states # connected: all states except listen and closed # synchronized: all connected states except syn-sent # bucket: display status is maintained as minisockets Such as time-wait and syn-recv. # big: opposite to bucket. Show ICP connection

[root@localhost ~] # ss-t-a State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 0 *: 3306 *: * LISTEN 0 0 *: http *: * LISTEN 0 0 *: ssh *: * LISTEN 0 0 127.0.0.1:smtp *: * ESTAB 0 0 112.124.15.130 42.156.166.25:http ESTAB 0 0 112.124.15.130:ssh 121.229.196.235 33398 display Sockets summary

[root@localhost] # ss-s Total: 172 (kernel 189) TCP: 10 (estab 2, closed 4, orphaned 0, synrecv 0, timewait 0 Lex0) Ports 5 Transport Total ip IPv6 * 189-- RAW 000 UDP 550 TCP 660 INET 11 11 0 FRAG 000 list current established, closed, orphaned and waiting TCP sockets

List all open network connection ports

[root@localhost ~] # ss-l Recv-Q Send-Q Local Address:Port Peer Address:Port 0 0 *: 3306 *: * 0 0 *: http *: * 0 *: ssh *: * 0 0 127.0.0.1:smtp *: * View the socket used by the process

[root@localhost ~] # ss-pl Recv-Q Send-Q Local Address:Port Peer Address:Port 0 0 *: 3306 *: * users: ("mysqld" 1718dint 10) 0 *: http *: * users: (("nginx", 13312), ("nginx") 13333 users 5) 0 *: ssh *: * users: (("sshd") 1379 127.0.0.1:smtp 3) 0 0 127.0.0.1:smtp *: * find out to open the socket / port application

[root@localhost ~] # ss-pl | grep 3306 0 0 *: 3306 *: * users: (("mysqld", 1718, 10)) displays all UDP Sockets

[root@localhost] # ss-u-a State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *: syslog *: * UNCONN 0 0 112.124.15.130:ntp *: * UNCONN 0 0 10.160.7.81:ntp *: * UNCONN 0 0 127.0.0.1:ntp *: * UNCONN 0 0 *: ntp *: * all connections with port 22 (ssh) ss state all sport =: ssh Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp LISTEN 0128 *: ssh *: * tcp ESTAB 0 192.168.0.136:ssh 192.168.0.102 tcp LISTEN 0128: ssh: * Thank you for reading this article carefully I hope the article "how to use ss commands in Linux" shared by the editor will be helpful to everyone. At the same time, I also hope that you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.