Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use ss command instead of netstat under Linux". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to use the ss command instead of netstat under Linux.

When operating and managing the Linux server, one of our common commands is netstat. I often use this command to see which processes on the current server are listening on the port, mainly to diagnose the working status of the network service.

However, there is a recent installation of a Ubuntu hairstyle version, found that there is no default installation of netstat, feel very strange, after their manual installation, found that man pages prompt, the netstat command is already deprecated, it is recommended to use the ss command instead.

This program is mostly obsolete. Replacement for netstat is ss. Replacement for netstat-r is ip route. Replacement for netstat-i is ip-s link. Replacement for netstat-g is ip maddr.

Netstat man pages

The usage of netstat

Netstat has so many parameters that I usually use a combination so that I can't remember why they are:

Netstat-npl

The result is as follows:

Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0127.0.0.53 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 53 0.0.0.0 * LISTEN 655/systemd-resolve tcp 0 0 0.0.0.0 22 0.0.0.0 LISTEN 890/sshd tcp 0 0 127.0.1 LISTEN 890/sshd tcp6 631 0.0.0.0 LISTEN 890/sshd tcp6 0 0:: 22:: * LISTEN 890/sshd tcp6 0 0:: 1 LISTEN 15415/./prometheus tcp6 0 0: * LISTEN 30790/cupsd tcp6 0 0: 9090:: * LISTEN 15415/./prometheus tcp6 0 0: 18025:: : * LISTEN 890/sshd udp 0 0127.0.0.53 30792/cups-browsed udp 53 0.0.0.0 30792/cups-browsed udp * 655/systemd-resolve udp 0 0 0.0.0.0 0 0 0 757/avahi-daemon 5353 0 0 0 757/avahi-daemon: r udp 0 0 0 V 42360 0 0 0 757/avahi-daemon: r udp6 0 0:: 58232: :: * 757/avahi-daemon: r udp6 0 0: 5353:: * 757/avahi-daemon: r Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ACC] STREAM LISTENING 35116 1304 LISTENING session-@ / tmp/.ICE-unix/1304 unix 2 [ACC] SEQPACKET LISTENING 1448 1/init / run/udev/control unix 2 [ACC] STREAM LISTENING 34277 1270/systemd / run/user/1000/systemd/private unix 2 [ACC] STREAM LISTENING 34282 1270/systemd / run/user/ 1000/gnupg/S.gpg-agent.ssh unix 2 [ACC] STREAM LISTENING 33510 1270/systemd / run/user/1000/gnupg/S.gpg-agent unix 2 [ACC] STREAM LISTENING 33511 1270/systemd / run/user/1000/pulse/native unix 2 [ACC] STREAM LISTENING 33512 1270/systemd / run/user/1000/gnupg/S.gpg-agent.extra

This command combination is the most commonly used, showing the result of two paragraphs, the first paragraph showing the listening of the TCP/UDP protocol, and the second paragraph showing the listening of socks files. The parameter n means to show the IP address in numeric format, otherwise the host name or domain name will be displayed, the parameter p means to show the name of the process (sometimes not shown), and l means to pay attention to the socket in the LISTENING state.

Through the above command, we have seen all the socket opened in the system. If you start a network service or develop a network service to open the port, you should be able to see the port you open through this command. If you do not see it, you should not be able to open the port correctly. So this is a good debug command.

The usage of ss

The above describes the most basic use of netstat, of course, there are many other uses, but skip the table, if we want to use the ss command instead of netstat, how can we achieve a similar effect?

Ss-atlp

This is a combination of parameters that I have explored by myself. At present, I am not very fluent in reciting, and I still need to look at the documentation every time:

State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.53%lo:domain 0.0.0.0 users: ("systemd-resolve", pid=655 Fd=13) LISTEN 0 128 0.0.0.0:ssh 0.0.0.0 0.0.0.0:ssh * users: ("sshd", pid=890 Fd=5) LISTEN 0 5 127.0.0.1:ipp 0.0.0.0 127.0.0.1:ipp * users: ("cupsd", pid=30790 Fd=7) LISTEN 0 128 0.0.0.0 pid=890 18025 0.0.0.0 users: ("sshd", pid=890) Fd=3)) LISTEN 0 128 [::]: ssh [::]: * users: ("sshd", pid=890 Fd=6)) LISTEN 0 5 [:: 1]: ipp [:]: * users: ("cupsd", pid=30790 Fd=6)) LISTEN 0 128 *: 9090 *: * users: ("prometheus", pid=15415 Fd=3)) LISTEN 0 128 [::]: 18025 [::]: * users: ("sshd", pid=890,fd=4))

This is the result of the ss command, and as you can see, the format is very different from that of netstat, not as compact and intuitive as the netstat command. This is one of the reasons why many people criticize this order. Of course, critics of this criticism believe that people are just sticking to a habit and are unwilling to move on. Of course, it's not wrong to say that. Take Charles personally. Even if I learned the netstat command when I went to work in 2010, I've been using it for nearly a decade now, and it hasn't changed. Of course, I like it very much.

Of course, there is also a reason put forward by foreigners that the name of the command ss is not good. In fact, ss may mean socket statistics. After the abbreviation, there are only two letters, which is not easy to associate and is not as intuitive as netstat. Of course, this is my explanation, not the reason for foreigners to complain, what they complain is that whenever they mention ss, they will think of Hitler! Is it unthinkable that I am a post-80s generation, and people of my generation have no impression of this. The key is that we mainly use Chinese. It is estimated that when you see ss, you think most of them think of ladders, but you never think of Hitler. The great Nazi had an armed force, formerly called the SS Special Mobile Unit, which was later renamed the Waffen-SS. Its German abbreviation is SS.

Instead of gossiping, let's talk about a few parameters, a parameter shows all the meaning, t parameter means TCP protocol, l represents LISTENING state, and p represents process information. From the table above, we can see that the printed information of the p parameter is not as well organized as netstat refinement. But more perfectly, it shows the process name and PID as well as FD. But because of the use of two parentheses, key/value format, plus quotation marks, it looks dirty and messy. Of course, we can format it with some commands, but it's still too troublesome.

What is the reason for the replacement?

This is probably what I am most curious about. However, I searched a lot of information on the Internet, but basically all of them were vague. It also makes me a little helpless.

In general, we can see that the main package net-tools is going to be replaced by the package iproute. The reason is probably, 1, this package is too old, 2, this package does not support many new features of the kernel (but did not say which features), the interface is not optimized and difficult to use (not friendly to the command line), 3 ifconfig in NetLim tools does have many shortcomings, 4, do not want to maintain net-tools in the future.

Luk Claes and me, as the current maintainers of net-tools, we've been thinking about it's future. Net-tools has been a core part of Debian and any other linux based distro for many years, but it's showing its age.

It doesnt support many of the modern features of the linux kernel, the interface is far from optimal and difficult to use in automatisation, and also, it hasn't got much love in the last years.

On the other side, the iproute suite, introduced around the 2.2 kernel line, has both a much better and consistent interface, is more powerful, and is almost ten years old, so nobody would say it's untested.

Hence, our plans are to replace net-tools completely with iproute, maybe leading the route for other distributions to follow. Of course, most people and tools use and remember the venerable old interface, so the first step would be to write wrappers, trying to be compatible with net-tools.

At the same time, we believe that most packages using net-tools should be patched to use iproute instead, while others can continue using the wrappers for some time. The ifupdown package is obviously the first candidate, but it seems that a version using iproute has been available in experimental since 2007.

There is also a theoretical analysis: today's netstat and ifconfig commands complete the task by reading and writing virtual files under the / proc directory, which is fine on small business systems, but in large-scale systems, it may hurt the performance of the system and so on. By contrast, the ss and ip commands use the netlink sockets feature of the Linux kernel. There is a fundamental difference. Although old commands can also be rewritten with new principles, no one actually does so, mainly because of disagreements with some political issues from different programmer groups.

Of course, at a deep level, when we use such debugging commands, we essentially want to know the state of the kernel. In fact, the kernel has changed the whole principle of the networking module. On the other hand, I also require commands to display information as before, and the format of the display level has deviated from the real principle, so in the long run, it is inevitable to replace these two commands.

At this point, I believe you have a deeper understanding of "how to use the ss command instead of netstat under Linux". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.