ss: Display Linux TCP / UDP Network and Socket ...
2019独角兽企业重金招聘Python工程师标准>>> 
The ss command is used to show socket statistics. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and much more. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compare to netstat) tool for tracking TCP connections and sockets. SS can provide information about:
- All TCP sockets.
- All UDP sockets.
- All established ssh / ftp / http / https connections.
- All local processes connected to X server.
- Filtering by state (such as connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), addresses and ports.
- All the tcp sockets in state FIN-WAIT-1 and much more.
Most Linux distributions are shipped with ss and many monitoring tools. Being familiar with this tool helps enhance your understand of what's going on in the system sockets and helps you find the possible causes of a performance problem.
Task: Display Sockets Summary
List currently established, closed, orphaned and waiting TCP sockets, enter:
# ss -s
Sample Output:
Total: 734 (kernel 904)
TCP: 1415 (estab 112, closed 1259, orphaned 11, synrecv 0, timewait 1258/0), ports 566
Transport Total IP IPv6
* 904 - -
RAW 0 0 0
UDP 15 12 3
TCP 156 134 22
INET 171 146 25
FRAG 0 0 0Task: Display All Open Network Ports
# ss -l
Sample Output:
ss -l
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 127.0.0.1:smux *:*
0 0 127.0.0.1:10024 *:*
0 0 127.0.0.1:10025 *:*
0 0 *:3306 *:*
0 0 *:http *:*
0 0 *:4949 *:*
0 0 *:domain *:*
0 0 *:ssh *:*
0 0 *:smtp *:*
0 0 127.0.0.1:rndc *:*
0 0 127.0.0.1:6010 *:*
0 0 *:https *:*
0 0 :::34571 :::*
0 0 :::34572 :::*
0 0 :::34573 :::*
0 0 ::1:rndc :::*Type the following to see process named using open socket:
# ss -pl
Find out who is responsible for opening socket / port # 4949:
# ss -lp | grep 4949
Sample output:
0 0 *:4949 *:* users:(("munin-node",3772,5))munin-node (PID # 3772) is responsible for opening port # 4949. You can get more information about this process (like memory used, users, current working directory and so on) visiting /proc/3772 directory:
# cd /proc/3772
# ls -l
Task: Display All TCP Sockets
# ss -t -a
Task: Display All UDP Sockets
# ss -u -a
Task: Display All Established SMTP Connections
# ss -o state established '( dport = :smtp or sport = :smtp )'
Task: Display All Established HTTP Connections
# ss -o state established '( dport = :http or sport = :http )'
Task: Find All Local Processes Connected To X Server
# ss -x src /tmp/.X11-unix/*
Task: List All The Tcp Sockets in State FIN-WAIT-1
List all the TCP sockets in state -FIN-WAIT-1 for our httpd to network 202.54.1/24 and look at their timers:
# ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 202.54.1/24
How Do I Filter Sockets Using TCP States?
The syntax is as follows:
## tcp ipv4 ## ss -4 state FILTER-NAME-HERE## tcp ipv6 ## ss -6 state FILTER-NAME-HEREWhere FILTER-NAME-HERE can be any one of the following,
- established
- syn-sent
- syn-recv
- fin-wait-1
- fin-wait-2
- time-wait
- closed
- close-wait
- last-ack
- listen
- closing
- all : All of the above states
- connected : All the states except for listen and closed
- synchronized : All the connected states except for syn-sent
- bucket : Show states, which are maintained as minisockets, i.e. time-wait and syn-recv.
- big : Opposite to bucket state.
Examples
Type the following command to see closing sockets:
ss -4 state closingRecv-Q Send-Q Local Address:Port Peer Address:Port
1 11094 75.126.153.214:http 175.44.24.85:4669How Do I Matches Remote Address And Port Numbers?
Use the following syntax:
ss dst ADDRESS_PATTERN## Show all ports connected from remote 192.168.1.5## ss dst 192.168.1.5 ## show all ports connected from remote 192.168.1.5:http port## ss dst 192.168.1.5:http
ss dst 192.168.1.5:smtp
ss dst 192.168.1.5:443 Find out connection made by remote 123.1.2.100:http to our local virtual servers:
# ss dst 123.1.2.100:http
Sample outputs:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 75.126.153.206:http 123.1.2.100:35710
ESTAB 0 0 75.126.153.206:http 123.1.2.100:35758How Do I Matches Local Address And Port Numbers?
ss src ADDRESS_PATTERN ### find out all ips connected to nixcraft.com ip address 75.126.153.214 ### ## Show all ports connected to local 75.126.153.214## ss src 75.126.153.214 ## http (80) port only ## ss src 75.126.153.214:http
ss src 75.126.153.214:80 ## smtp (25) port only ## ss src 75.126.153.214:smtp
ss src 75.126.153.214:25 How Do I Compare Local and/or Remote Port To A Number?
Use the following syntax:
## Compares remote port to a number ## ss dport OP PORT## Compares local port to a number ## sport OP PORTWhere OP can be one of the following:
- <= or le : Less than or equal to port
- >= or ge : Greater than or equal to port
- == or eq : Equal to port
- != or ne : Not equal to port
- < or gt : Less than to port
- > or lt : Greater than to port
- Note: le, gt, eq, ne etc. are use in unix shell and are accepted as well.
Examples
################################################################################### ### Do not forget to escape special characters when typing them in command line ### ###################################################################################
ss sport = :http
ss dport = :http
ss dport \> :1024 ss sport \> :1024 ss sport \< :32000 ss sport eq :22 ss dport != :22 ss state connected sport = :http
ss \( sport = :http or sport = :https \) ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1/24 ss vs netstat Speed
Use the time command to run both programs and summarize system resource usage. Type the netstat command as follows:
# time netstat -at
Sample outputs:
real 2m52.254s
user 0m0.178s
sys 0m0.170sNow, try the ss command:
# time
Sample outputs:
real 2m11.102s
user 0m0.124s
sys 0m0.068sNote: Both outputs are taken from reverse proxy acceleration server running on RHEL 6.x amd64.
转载于:https://my.oschina.net/Sebastian/blog/72015
ss: Display Linux TCP / UDP Network and Socket ...相关推荐
- Linux TCP/IP协议栈之Socket的实现分析
数据包的接收 作者:kendo http://www.skynet.org.cn/viewthread.php?tid=14&extra=page%3D1 Kernel:2.6.12 一.从网 ...
- [架构之路-43]:目标系统 - 系统软件 - Linux下的网络通信-3-TCP/IP协议族:IP、TCP/UDP/SCTP、Socket、应用层协议
目录 第1章 TCP/IP协议简介 1.1 简介 1.2 协议栈 1.3 IP网络 第2章 IP协议 2.1 简介 2.2 IP功能 2.4 IP V4地址 2.5 IP V6地址 2.6 IPV4地 ...
- linux 协议栈之socket,Linux TCP/IP 协议栈之 Socket 的实现分析(一)
内核版本:2.6.37 参考[作者:kendo的文章(基于内涵版本2.6.12)] 第一部份 Socket套接字的创建 socket 并不是 TCP/IP协议的一部份. 从广义上来讲,socket 是 ...
- zabbix 监控Linux TCP/UDP端口流量
zabbix-agent客户端在Linux服务器安装之后,服务器端配置上Template OS Linux这个模板 ,就会自动搜索该服务器上的所有网卡,然后实时记录income流量和outcome流量 ...
- Python3之socket编程(TCP/UDP,粘包问题,数据传输、文件上传)
一.socket的定义 Socket是应用层与TCP/IP协议族通信的中间软件抽象层,它是一组接口.在设计模式中,Socket其实就是一个门面模式,它把复杂的TCP/IP协议族隐藏在Socket接口后 ...
- 【Java 网络编程】Socket TCP UDP 联系
文章目录 I 信息传输关注点 II Socket 与 TCP UDP 关系 III Socket 连接组成 ( IP地址 + 端口号 ) IV Socket TCP V Socket UDP VI C ...
- TCP与UDP协议,socket套接字编程,通信相关操作
文章目录 TCP与UDP协议 TCP协议 ==三次握手== ==四次挥手== UDP协议 TCP与UDP的区别 应用层 socket套接字 代码优化 循环通信 半连接池 粘包问题 TCP与UDP协议 ...
- 【socket】从计算机网络基础到socket编程——Windows Linux C语言 + Python实现(TCP+UDP)
一.部分基础知识 1.1 计算机网络的体系结构 1.11 互联网简介 1.12 计算机网络的分类 1.13 协议与网络的分层体系结构 ▶ 协议 ▶ 网络的分层体系结构 1.14 OSI 七层模型(重要 ...
- Linux Kernel TCP/IP Stack — Socket Layer — TCP/UDP Socket 网络编程
目录 文章目录 目录 TCP/UDP Socket 逻辑架构 创建 Socket 绑定 Socket 请求建立 Socket 连接 监听 Socket 接受请求 关闭连接 数据的发送和接收 send ...
最新文章
- OpenCASCADE绘制测试线束:数据交换命令之IGES 命令
- win7源码运行odoo8.0错误
- 汇编题目:编写包含多个功能子程序的中断例程
- TextView跑马灯效果
- Px_ipc_name()函数
- centos window系统安装django
- iOS开发之国际化(本地化)
- python计算无穷级数求和,无穷级数求和的积分审敛法
- java实现调查问卷_jsp70516调查问卷自动生成与分析系统 双数据库 mysql版
- 【gp数据库】统计常用窗口函数详解
- chrome安装油猴插件
- Flowable工作流引擎表用途整理
- !$boo在php中什么意思,php前戏
- CF 1467 B. Hills And Valleys
- 解决tp5 Could not open input file: think问题
- 最新微服务、MySQL、Nginx加Redis实战,助你成功向阿里P8进军!
- java学习思维导图
- KubeEdge+Fabedge集成环境搭建教程
- Java对数组对象进行排序
- Win2003 服务器安装及设置教程 系统设置篇