Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to use the ss command in the Linux system, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

Ss is the abbreviation of Socket Statistics. As the name implies, the ss command can be used to get socket statistics, which can display something similar to netstat. But the advantage of ss is that it can display more and more detailed information about TCP and connection status, and is faster and more efficient than netstat.

Command format

Ss [parameters]

Command function

The ss (abbreviation for Socket Statistics) command can be used to get socket statistics. The output of this command is similar to that of netstat, but it can display more and more detailed information about the status of TCP connections and is faster and more efficient than netstat. It uses tcp_diag (a module for analysis and statistics) in the TCP protocol stack to obtain first-hand kernel information directly, which makes ss commands fast and efficient. It can work without tcp_diag,ss.

Command parameter

-h,-- help help information-- V,-- version program version information-- n,-- numeric does not resolve the service name-r,-- resolve parses the hostname-a,-- all displays all sockets (sockets)-l,-- listening displays sockets (sockets)-o,-- options displays timer information-e -- extended displays detailed socket (sockets) information-- m,-- memory shows memory usage of socket (socket)-- p,-- processes shows processes using socket (socket)-- I,-- info displays TCP internal information-- s,-- summary shows socket (socket) usage profile-4,-- ipv4 displays only IPv4 socket (sockets)-6. -- ipv6 displays only IPv6 sockets (sockets)-0,-- packet displays PACKET sockets (socket)-t,-- tcp only shows TCP sockets (sockets)-u,-- udp only shows UCP sockets (sockets)-d,-- dccp only shows DCCP sockets (sockets)-w,-- raw only shows RAW sockets (sockets)-x,-- unix only shows Unix sockets (sockets)-f -- family=FAMILY displays sockets of type FAMILY (sockets) FAMILY is optional and supports unix, inet, inet6, link, netlink-A,-- query=QUERY,-- socket=QUERY QUERY: = {all | inet | tcp | udp | raw | unix | packet | netlink} [, QUERY]-D,-- diag=FILE dumps the original TCP socket (sockets) information to the file-F,-- filter=FILE removes the filter information FILTER: = [state TCP-STATE] [EXPRESSION] from the file

Use an example

Example 1: show TCP connections

[root@localhost] # ss-t-aState Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 127.0.0.1:smux *: * LISTEN 0 0 *: 3690 *: * LISTEN 0 0 *: ssh *: * ESTAB 0 192.168.120.204:ssh 10.2.0.68 purl 49368

Example 2: display Sockets summary

[root@localhost] # ss-sTotal: 34 (kernel 48) TCP: 4 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0 Unip 0) Ports 3Transport Total IP IPv6* 48-- RAW 0 0 UDP 5 50 0 TCP 4 4 0 INET 9 9 0 FRAG 0 0 0

* * description: * * list current established, closed, orphaned and waiting TCP sockets

Example 3: list all open network connection ports

[root@localhost ~] # ss-lRecv-Q Send-Q Local Address:Port Peer Address:Port 0 0 127.0.0.1:smux *: * 0 *: 3690 *: * 0 *: ssh *: *

Example 4: view the socket used by the process

[root@localhost ~] # ss-plRecv-Q Send-Q Local Address:Port Peer Address:Port 0 0 127.0.0.1:smux *: * users: ("snmpd" 0 *: 3690 *: * users: (("svnserve") 3) 0 *: ssh *: * users: ("sshd", 2735 Magne3))

Example 5: find the open socket / port application

[root@localhost ~] # ss-lp | grep 19350 0 *: 1935 *: * users: (("fmsedge", 291313)) 0 0127.0.0.1 grep 19350 *: * users: (("fmsedge") 2913 ss 17) [root@localhost ~] # ss-lp | grep 33060 0 *: 3306 *: * users: (("mysqld", 2871 Magi 10))

Example 6: show all UDP Sockets

[root@localhost] # ss-u-aState Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 127.0.0.1:syslog * : * UNCONN 0 0 *: snmp *: * ESTAB 0 0 192.168.120.203 10.58.119.119:domain

Example 7: displays all SMTP connections with a status of established

[root@localhost ~] # ss-o state established'(dport =: smtp or sport =: smtp) 'Recv-Q Send-Q Local Address:Port Peer Address:Port

Example 8: displays all HTTP connections with a status of Established

[root@localhost] # ss-o state established'(dport =: http or sport =: http) 'Recv-Q Send-Q Local Address:Port Peer Address:Port 0 075.126.153.214 192.168.10.42:http

Example 9: enumerates that the source port in the FIN-WAIT-1 state is 80 or 443, and the destination network is 193.233.7and24 all tcp sockets

[root@localhost ~] # ss-o state fin-wait-1'(sport =: http or sport =: https) 'dst 193.233.7/24Recv-Q Send-Q Local Address:Port Peer Address:Port

Example 10: filter Sockets with TCP status

Command:

Ss-4 state FILTER-NAME-HERE ss-6 state FILTER-NAME-HERE

Output:

[root@localhost] # ss-4 state closing Recv-Q Send-Q Local Address:Port Peer Address:Port 1 11094 75.126.153.214:http 192.168.10.42:4669

Description:

FILTER-NAME-HERE can represent any of the following:

Established

Syn-sent

Syn-recv

Fin-wait-1

Fin-wait-2

Time-wait

Closed

Close-wait

Last-ack

Listen

Closing

All: all the above statu

Connected: all states except listen and closed

Synchronized: all connected states except syn-sent

Bucket: the display status is maintained as minisockets, such as time-wait and syn-recv.

Big: opposite to bucket.

Example 11: match remote address and port number

Command:

Ss dst ADDRESS_PATTERNss dst 192.168.1.5ss dst 192.168.119.113:http ss dst 192.168.119.113:smtp ss dst 192.168.119.113:443

Output:

[root@localhost ~] # ss dst 192.168.119.113State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.119.103 purl 16014 192.168.119.113 : 20229 ESTAB 0 0 192.168.119.103:16014 192.168.119.113:61056 ESTAB 0 0 192.168.119.103:16014 192.168.119.113:61623 ESTAB 0 0 192.168.119.103:16014 192.168.119.113:60924 ESTAB 0 0 192.168.119.103:16050 192.168.119.113:43701 ESTAB 0 0 192.168.119.103:16073 192.168.119.113:32930 ESTAB 0 0 192.168.119.103:16073 192.168.119.113:49318 ESTAB 0 0 192.168.119.103root@ 16014 192.168.119.113purl 3844 [root@localhost ~] # ss dst 192.168.119.113:httpState Recv-Q Send-Q Local Address:Port Peer Address:Port [root@ Localhost ~] # ss dst 192.168.119.113:3844State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 192.168.119.103purl 16014 192.168.119.1133844

Example 12: match local address and port number

Command:

Ss src ADDRESS_PATTERNss src 192.168.119.103ss src 192.168.119.103:httpss src 192.168.119.103:80ss src 192.168.119.103:smtpss src 192.168.119.103:25

Output:

[root@localhost ~] # ss src 192.168.119.103:16021State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.119.103 purl 16021 192.168.119 . 201:63054 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:62894 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:63055 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:2274 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:44784 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:7233 ESTAB 0 0 192.168.119.103:16021 192.168.119.103:58660 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:44822 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56737 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:57487 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56736 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64652 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56586 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64653 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56587

Example 13: compare a local or remote port with a number

Command:

Ss dport OP PORT ss sport OP PORT

Output:

[root@localhost ~] # ss sport =: http [root@localhost ~] # ss dport =: http [root@localhost ~] # ss dport\ >: 1024 [root@localhost ~] # ss sport\ >: 1024 [root@localhost ~] # ss sport\ [root@localhost ~] # ss sport eq: 22 [root@localhost ~] # ss dport! =: 22 [root@localhost ~] # ss state connected sport =: http [root@localhost ~] # ss\ (sport =: http or sport =: https\) [root@localhost] # ss-o state fin-wait-1\ (sport =: http or sport =: https\) dst 192.168.1 and 24

Description:

Ss dport OP PORT remote port is compared to a number; ss sport OP PORT local port is compared to a number.

OP can represent any of the following:

= or ge: greater than or equal to the port number

= = or eq: equal to port number

! = or ne: not equal to port number

Or lt: greater than port number

Efficiency comparison between example 14:ss and netstat

Command:

Time netstat-attime ss

Output:

[root@localhost ~] # time ss real 0m0.739suser 0m0.019ssys 0m0.013s [root@localhost] # [root@localhost ~] # time netstat-atreal 2m45.907suser 0m0.063ssys 0m0.067s

* * Note: * * use the time command to obtain the time used to obtain the resources of the program and the summary through the netstat command and the ss command, respectively. When there are a large number of server connections, the efficiency of netstat can not be compared with ss at all.

Thank you for reading this article carefully. I hope the article "how to use ss commands in Linux system" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.