Shulou(Shulou.com)06/01 Report--

Editor to share with you how Linux uses the ss command to check the socket status of the system. I believe most people don't know much about it, so share this article for your reference. I hope you can learn a lot after reading this article. Let's learn about it together.

What is Linux system Linux is a free-to-use and free-spread UNIX-like operating system, is a POSIX-based multi-user, multi-task, multi-threaded and multi-CPU operating system, using Linux can run major Unix tools, applications and network protocols.

In the Linux system, the ss command can be used to view the status of the socket of the system, and socket as the process communication mechanism of the system, it is necessary to understand its status. The following editor will introduce how Linux uses the ss command to view the status of socket.

Ss is the abbreviation of Socket Statistics. As the name implies, the ss command can be used to get socket statistics, which can display something similar to netstat. But the advantage of ss is that it can display more and more detailed information about TCP and connection status, and is faster and more efficient than netstat. When the number of socket connections to the server becomes very large, execution will be slow, whether using the netstat command or directly cat / proc/net/tcp. You may not feel it personally, but believe me, when the server maintains tens of thousands of connections, using netstat is a waste of life, while using ss is saving time. The martial arts in the world can only be broken quickly. The secret of ss fast is that it takes advantage of tcp_diag in the TCP protocol stack. Tcp_diag is a module for analysis and statistics, which can obtain first-hand information in the Linux kernel, which ensures the speed and efficiency of ss. Of course, if you don't have tcp_diag,ss in your system, it will work properly, but it will be a little slower. (but still faster than netstat. )

1. Command format:

Ss [parameters]

Ss [parameters] [filter]

two。 Command function:

The ss (abbreviation for Socket Statistics) command can be used to get socket statistics. The output of this command is similar to that of netstat, but it can display more and more detailed information about the status of TCP connections and is faster and more efficient than netstat. It uses tcp_diag (a module for analysis and statistics) in the TCP protocol stack to obtain first-hand kernel information directly, which makes ss commands fast and efficient. It can work without tcp_diag,ss.

3. Command parameters:

-h,-- help help information

-V,-- version program version information

-n,-- numeric does not resolve the service name

-r,-- resolve resolves hostname

-a,-- all displays all socket (sockets)

-l,-- listening displays the listening status of the socket (sockets)

-o,-- options displays timer information

-e,-- extended displays detailed sockets information

-m,-- memory displays memory usage of sockets (socket)

-p,-- processes shows processes using sockets (socket)

-I,-- info displays TCP internal information

-s,-- summary shows an overview of the use of sockets (socket)

-4,-- ipv4 displays only IPv4 sockets (sockets)

-6,-- ipv6 displays only IPv6 sockets (sockets)

-0,-- packet displays PACKET socket (socket)

-t,-- tcp displays only TCP sockets (sockets)

-u,-- udp displays only UCP sockets (sockets)

-d,-- dccp displays only DCCP sockets (sockets)

-w,-- raw displays only RAW sockets (sockets)

-x,-- unix displays only Unix sockets (sockets)

-f,-- family=FAMILY displays FAMILY type sockets (sockets). FAMILY is optional and supports unix, inet, inet6, link, netlink.

-A,-- query=QUERY,-- socket=QUERY

QUERY: = {all | inet | tcp | udp | raw | unix | packet | netlink} [, QUERY]

-D,-- diag=FILE dumps the original TCP socket (sockets) information to a file

-F,-- filter=FILE removes filter information from the file

FILTER: = [state TCP-STATE] [EXPRESSION]

4. Examples of use:

Example 1: show TCP connections

Command: ss-t-a

Output:

The code is as follows:

[root@localhost] # ss-t-a

State Recv-Q Send-Q Local Address:Port Peer Address:Port

LISTEN 0 0 127.0.0.1:smux *: *

LISTEN 0 0 *: 3690 *: *

LISTEN 0 0 *: ssh *: *

ESTAB 0 0 192.168.120.204:ssh 10.2.0.68:49368

[root@localhost ~] #

Example 2: display Sockets summary

Command: ss-s

Output:

The code is as follows:

[root@localhost] # ss-s

Total: 34 (kernel 48)

TCP: 4 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0 ports 0), ports 3 "/ p"p" Transport Total IP IPv6

* 48--

RAW 0 0 0

UDP 5 5 0

TCP 4 4 0

INET 9 9 0

FRAG 0 0 0

[root@localhost ~] #

Description: list current established, closed, orphaned and waiting TCP sockets

Example 3: list all open network connection ports

Command: ss-l

Output:

The code is as follows:

[root@localhost ~] # ss-l

Recv-Q Send-Q Local Address:Port Peer Address:Port

0 0 127.0.0.1:smux *: *

0 *: 3690 *: *

0 *: ssh *: *

[root@localhost ~] #

Example 4: view the socket used by the process

Command: ss-pl

Output:

The code is as follows:

[root@localhost ~] # ss-pl

Recv-Q Send-Q Local Address:Port Peer Address:Port

0 0 127.0.0.1:smux *: * users: (("snmpd", 2716 127.0.0.1:smux 8))

0 *: 3690 *: * users: ("svnserve", 3590pr. 3)

0 *: ssh *: * users: ("sshd", 2735 pyrrine 3)

[root@localhost ~] #

Example 5: find the open socket / port application

Command: ss-lp | grep 3306

Output:

The code is as follows:

[root@localhost ~] # ss-lp | grep 1935

0 *: 1935 *: * users: ("fmsedge", 2913, 18)

0 0127.0.0.1 19350 *: * users: ("fmsedge", 2913pm 17)

[root@localhost ~] # ss-lp | grep 3306

0 *: 3306 *: * users: ("mysqld", 2871 Magne10)

[root@localhost ~] #

Example 6: show all UDP Sockets

Command: ss-u-a

Output:

The code is as follows:

[root@localhost] # ss-u-a

State Recv-Q Send-Q Local Address:Port Peer Address:Port

UNCONN 0 0 127.0.0.1:syslog *: *

UNCONN 0 0 *: snmp *: *

ESTAB 0 0 192.168.120.203:39641 10.58.119.119:domain

[root@localhost ~] #

Example 7: displays all SMTP connections with a status of established

Command: ss-o state established'(dport =: smtp or sport =: smtp)'

Output:

The code is as follows:

[root@localhost ~] # ss-o state established'(dport =: smtp or sport =: smtp)'

Recv-Q Send-Q Local Address:Port Peer Address:Port

[root@localhost ~] #

Example 8: displays all HTTP connections with a status of Established

Command: ss-o state established'(dport =: http or sport =: http)'

Output:

The code is as follows:

[root@localhost ~] # ss-o state established'(dport =: http or sport =: http)'

Recv-Q Send-Q Local Address:Port Peer Address:Port

0 0 75.126.153.214:2164 192.168.10.42:http

[root@localhost ~] #

Example 9: enumerates that the source port in the FIN-WAIT-1 state is 80 or 443, and the destination network is 193.233.7and24 all tcp sockets

Command: ss-o state fin-wait-1'(sport =: http or sport =: https) 'dst 193.233.7 + 24

Example 10: filter Sockets with TCP status:

Command:

The code is as follows:

Ss-4 state FILTER-NAME-HERE

Ss-6 state FILTER-NAME-HERE

Output:

The code is as follows:

[root@localhost] # ss-4 state closing

Recv-Q Send-Q Local Address:Port Peer Address:Port

1 11094 75.126.153.214:http 192.168.10.42:4669

Description:

FILTER-NAME-HERE can represent any of the following:

The code is as follows:

Established

Syn-sent

Syn-recv

Fin-wait-1

Fin-wait-2

Time-wait

Closed

Close-wait

Last-ack

Listen

Closing

All: all the above statu

Connected: all states except listen and closed

Synchronized: all connected states except syn-sent

Bucket: the display status is maintained as minisockets, such as time-wait and syn-recv.

Big: opposite to bucket.

Example 11: match remote address and port number

Command:

The code is as follows:

Ss dst ADDRESS_PATTERN

Ss dst 192.168.1.5

Ss dst 192.168.119.113:http

Ss dst 192.168.119.113:smtp

Ss dst 192.168.119.113:443

Output:

The code is as follows:

[root@localhost] # ss dst 192.168.119.113

State Recv-Q Send-Q Local Address:Port Peer Address:Port

ESTAB 0 0 192.168.119.103:16014 192.168.119.113:20229

ESTAB 0 0 192.168.119.103:16014 192.168.119.113:61056

ESTAB 0 0 192.168.119.103:16014 192.168.119.113:61623

ESTAB 0 0 192.168.119.103:16014 192.168.119.113:60924

ESTAB 0 0 192.168.119.103:16050 192.168.119.113:43701

ESTAB 0 0 192.168.119.103:16073 192.168.119.113:32930

ESTAB 0 0 192.168.119.103:16073 192.168.119.113:49318

ESTAB 0 0 192.168.119.103:16014 192.168.119.113:3844

[root@localhost ~] # ss dst 192.168.119.113:http

State Recv-Q Send-Q Local Address:Port Peer Address:Port

[root@localhost] # ss dst 192.168.119.1133844

State Recv-Q Send-Q Local Address:Port Peer Address:Port

ESTAB 0 0 192.168.119.103:16014 192.168.119.113:3844

[root@localhost ~] #

Example 12: match local address and port number

Command:

The code is as follows:

Ss src ADDRESS_PATTERN

Ss src 192.168.119.103

Ss src 192.168.119.103:http

Ss src 192.168.119.103:80

Ss src 192.168.119.103:smtp

Ss src 192.168.119.103:25

Output:

The code is as follows:

[root@localhost ~] # ss src 192.168.119.103purl 16021

State Recv-Q Send-Q Local Address:Port Peer Address:Port

ESTAB 0 0 192.168.119.103:16021 192.168.119.201:63054

ESTAB 0 0 192.168.119.103:16021 192.168.119.201:62894

ESTAB 0 0 192.168.119.103:16021 192.168.119.201:63055

ESTAB 0 0 192.168.119.103:16021 192.168.119.201:2274

ESTAB 0 0 192.168.119.103:16021 192.168.119.201:44784

ESTAB 0 0 192.168.119.103:16021 192.168.119.201:7233

ESTAB 0 0 192.168.119.103:16021 192.168.119.103:58660

ESTAB 0 0 192.168.119.103:16021 192.168.119.201:44822

ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56737

ESTAB 0 0 192.168.119.103:16021 10.2.1.206:57487

ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56736

ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64652

ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56586

ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64653

ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56587

[root@localhost ~] #

Example 13: compare a local or remote port with a number

Command:

The code is as follows:

Ss dport OP PORT

Ss sport OP PORT

Output:

The code is as follows:

[root@localhost ~] # ss sport =: http

[root@localhost ~] # ss dport =: http

[root@localhost ~] # ss dport\ ": 1024

[root@localhost ~] # ss sport\ ": 1024

[root@localhost ~] # ss sport\ ": 32000

[root@localhost ~] # ss sport eq: 22

[root@localhost ~] # ss dport! =: 22

[root@localhost ~] # ss state connected sport =: http

[root@localhost ~] # ss\ (sport =: http or sport =: https\)

[root@localhost] # ss-o state fin-wait-1\ (sport =: http or sport =: https\) dst 192.168.1 and 24

Description:

Ss dport OP PORT remote port is compared to a number; ss sport OP PORT local port is compared to a number.

OP can represent any of the following:

"= or le: less than or equal to the port number

"= or ge: greater than or equal to the port number

= = or eq: equal to port number

! = or ne: not equal to port number

"or gt: less than the port number

"or lt: greater than port number

Efficiency comparison between example 14:ss and netstat

Command:

The code is as follows:

Time netstat-at

Time ss

Output:

The code is as follows:

[root@localhost ~] # time ss

Real 0m0.739s

User 0m0.019s

Sys 0m0.013s

[root@localhost ~] #

[root@localhost ~] # time netstat-at

Real 2m45.907s

User 0m0.063s

Sys 0m0.067s

[root@localhost ~] #

Description:

Use the time command to get the time it takes to get the program and profile resources through the netstat and ss commands, respectively. When there are a large number of server connections, the efficiency of netstat can not be compared with ss at all.

The above is all the contents of the article "how to use the ss command to check the socket status of a system by Linux". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.