Shulou(Shulou.com)06/01 Report--

This article mainly shows you "CentOS network status tool ss command how to use", the content is easy to understand, clear, hope to help you solve doubts, the following let the editor lead you to study and learn "CentOS network status tool ss command how to use" this article.

The ss command is used to display the socket status. It can display statistics such as PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, etc. It displays more tcp and state information than other tools. It is a very practical, fast, and efficient new tool for tracking IP connections and sockets. The SS command provides the following information:

All the TCP sockets

All the UDP sockets

All ssh/ftp/ttp/https persistent connections

All local processes connected to the Xserver

Use state (e.g. connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), address, port filtering

All state FIN-WAIT-1 tcpsocket connections and more

Many popular Linux distributions support ss and many monitoring tools use the ss command. Familiarity with this tool will help you better identify and solve system performance problems. I strongly recommend using the ss command instead of some netstat commands, such as netsat-ant/lnt, etc.

Before showing him, let's make a comparison and count the number of concurrent connections on the server.

Netstat

# time netstat-ant | grep EST | wc-l

3100

Real 0m12.960s

User 0m0.334s

Sys 0m12.561s

# time ss-o state established | wc-l

3204

Real 0m0.030s

User 0m0.005s

Sys 0m0.026s

It is obvious that ss is not as efficient as netstat in counting concurrent connections. If ss can handle it, will you still choose netstat? are you still hesitant? take a look at the following example, or jump to the help page.

Common ss commands:

Ss-l displays all ports opened locally

Ss-pl displays the specific socket opened by each process

Ss-t-a shows all tcp socket

Ss-u-a shows all UDP Socekt

Ss-o state established'(dport =: smtp or sport =: smtp) 'shows all established SMTP connections

Ss-o state established'(dport =: http or sport =: http) 'shows all established HTTP connections

Ss-x src / tmp/.X11-unix/* find all the processes that connect to the X server

Ss-s lists the current socket details:

Display sockets profile information

Lists tcp connections that are currently connected, closed, and waiting

# ss-s

Total: 3519 (kernel 3691)

TCP: 26557 (estab 3163, closed 23182, orphaned 23182, synrecv 0, timewait 23182), ports 1452

Transport Total IP IPv6

* 3691--

RAW 2 2 0

UDP 10 7 3

TCP 3375 3368 7

INET 3387 3377 10

FRAG 0 0 0

List the current listening ports

# ss-l

Recv-Q Send-Q Local Address:Port Peer Address:Port

0 10:: 5989:: *

0 5 *: rsync *: *

0 128: sunrpc: *

0 128 *: sunrpc *: *

0511 *: http *: *

0 128: ssh: *

0 128 *: ssh *: *

0 128:: 35766:: *

0 128 127.0.0.1:ipp *: *

0 128:: 1:ipp: *

0 100:: 1:smtp: *

0 100 127.0.0.1:smtp *: *

0511 *: https *: *

0 100:: 1311:: *

0 5 *: 5666 *: *

0 128 *: 3044 *: *

Ss lists each process name and the port it listens on

# ss-pl

Ss column all tcp sockets

# ss-t-a

Ss lists all udp sockets

# ss-u-a

Ss lists connections in all http connections

# ss-o state established'(dport =: http or sport =: http)'

The above includes 80% provided to the outside world, and 80% access to the outside

Use the above command to perfectly replace netstat to obtain the number of http concurrent connections, which is commonly used in monitoring.

Ss lists which local processes are connected to x server

# ss-x src / tmp/.X11-unix/*

Ss lists http and https connections in the FIN-WAIT-1 state

# ss-o state fin-wait-1'(sport =: http or sport =: https)'

Common state status of ss:

Established

Syn-sent

Syn-recv

Fin-wait-1

Fin-wait-2

Time-wait

Closed

Close-wait

Last-ack

Listen

Closing

All: All of the above states

Connected: All the states except for listen and closed

Synchronized: All the connected states except for syn-sent

Bucket: Show states, which are maintained as minisockets, i.e. Time-wait and syn-recv.

Big: Opposite to bucket state.

Ss uses IP address filtering

Ss src ADDRESS_PATTERN

Src: indicates the source

ADDRESS_PATTERN: indicates address rules

As follows:

Ss src 120.33.31.1 # 20.33.31.1 connections listed

# list the connections to port 120.33.31.1

Ss src 120.33.31.1:http

Ss src 120.33.31.1:80

Ss uses port filtering

Ss dport OP PORT

OP: is the operator

PORT: indicates port

Dport: indicates the filter target port, and vice versa, sport

The OP operator is as follows:

= or ge: greater than or equal to

= = or eq: equal to

! = or ne: not equal to port

Or gt: greater than port

OP instance

Ss sport =: http can also be ss sport =: 80

Ss dport =: http

Ss dport\ >: 1024

Ss sport\ >: 1024

Ss sport\ <: 32000

Ss sport eq: 22

Ss dport! =: 22

Ss state connected sport =: http

Ss\ (sport =: http or sport =: https\)

Ss-o state fin-wait-1\ (sport =: http or sport =: https\) dst 192.168.1 Universe 24

Why ss is faster than netstat:

Netstat traverses every PID directory under / proc, and ss reads the statistics under / proc/net directly. So the execution of ss consumes much less resources and time than netstat.

Ss Command help

# ss-h

Usage: ss [OPTIONS]

Ss [OPTIONS] [FILTER]

-h,-- help this message

-V-- version output version information

-n,-- numeric don't resolve service names

-r,-- resolve resolve host names

-a,-- all display all sockets

-l,-- listening display listening sockets

-o,-- options show timer information

-e-- extended show detailed socket information

-m,-- memory show socket memory usage

-p,-- processes show process using socket

-I-- info show internal TCP information

-s-- summary show socket usage summary

-4,-- ipv4 display only IP version 4 sockets

-6,-- ipv6 display only IP version 6 sockets

-0,-- packet display PACKET sockets

-t,-- tcp display only TCP sockets

-u,-- udp display only UDP sockets

-d,-- dccp display only DCCP sockets

-W,-- raw display only RAW sockets

-x,-- unix display only Unix domain sockets

-f,-- family=FAMILY display sockets of type FAMILY

-A,-- query=QUERY,-- socket=QUERY

QUERY: = {all | inet | tcp | udp | raw | unix | packet | netlink} [, QUERY]

-D,-- diag=FILE Dump raw information about TCP sockets to FILE

-F,-- filter=FILE read filter information from FILE

FILTER: = [state TCP-STATE] [EXPRESSION]

The above is all the contents of the article "how to use the ss Command of the CentOS Network status tool". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.