ss命令可以用來(lái)獲取socket統(tǒng)計(jì)信息,它可以顯示和netstat類似的內(nèi)容�����。但ss的優(yōu)勢(shì)在于它能夠顯示更多更詳細(xì)的有關(guān)TCP和連接狀態(tài)的信息��,而且比netstat更快速更高效�����。ss是Socket Statistics的縮寫����。
當(dāng)服務(wù)器的socket連接數(shù)量變得非常大時(shí),無(wú)論是使用netstat命令還是直接cat /proc/net/tcp��,執(zhí)行速度都會(huì)很慢��。可能你不會(huì)有切身的感受���,但請(qǐng)相信我�,當(dāng)服務(wù)器維持的連接達(dá)到上萬(wàn)個(gè)的時(shí)候����,使用netstat等于浪費(fèi) 生命,而用ss才是節(jié)省時(shí)間��。
天下武功唯快不破���。ss快的秘訣在于,它利用到了TCP協(xié)議棧中tcp_diag���。tcp_diag是一個(gè)用于分析統(tǒng)計(jì)的模塊�,可以獲得Linux 內(nèi)核中第一手的信息��,這就確保了ss的快捷高效�。當(dāng)然,如果你的系統(tǒng)中沒(méi)有tcp_diag���,ss也可以正常運(yùn)行�,只是效率會(huì)變得稍慢�����。(但仍然比 netstat要快。)
1.命令格式
ss [參數(shù)]
ss [參數(shù)] [過(guò)濾]
2.命令功能
ss(Socket Statistics的縮寫)命令可以用來(lái)獲取 socket統(tǒng)計(jì)信息����,此命令輸出的結(jié)果類似于 netstat輸出的內(nèi)容,但它能顯示更多更詳細(xì)的 TCP連接狀態(tài)的信息�,且比 netstat 更快速高效。它使用了 TCP協(xié)議棧中 tcp_diag(是一個(gè)用于分析統(tǒng)計(jì)的模塊)�����,能直接從獲得第一手內(nèi)核信息��,這就使得 ss命令快捷高效����。在沒(méi)有 tcp_diag,ss也可以正常運(yùn)行��。
3.命令參數(shù)
-h, --help 幫助信息- -V, —version 程序版本信息
- -n, —numeric 不解析服務(wù)名稱
- -r, —resolve 解析主機(jī)名
- -a, —all 顯示所有套接字(sockets)
- -l, —listening 顯示監(jiān)聽(tīng)狀態(tài)的套接字(sockets)
- -o, —options 顯示計(jì)時(shí)器信息
- -e, —extended 顯示詳細(xì)的套接字(sockets)信息
- -m, —memory 顯示套接字(socket)的內(nèi)存使用情況
- -p, —processes 顯示使用套接字(socket)的進(jìn)程
- -i, —info 顯示 TCP內(nèi)部信息
- -s, —summary 顯示套接字(socket)使用概況
- -4, —ipv4 僅顯示IPv4的套接字(sockets)
- -6, —ipv6 僅顯示IPv6的套接字(sockets)
- -0, —packet 顯示 PACKET 套接字(socket)
- -t, —tcp 僅顯示 TCP套接字(sockets)
- -u, —udp 僅顯示 UCP套接字(sockets)
- -d, —dccp 僅顯示 DCCP套接字(sockets)
- -w, —raw 僅顯示 RAW套接字(sockets)
- -x, —unix 僅顯示 Unix套接字(sockets)
- -f, —family=FAMILY 顯示 FAMILY類型的套接字(sockets)�,F(xiàn)AMILY可選,支持 unix, inet, inet6, link, netlink
- -A, —query=QUERY, —socket=QUERY
QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
- -D, —diag=FILE 將原始TCP套接字(sockets)信息轉(zhuǎn)儲(chǔ)到文件
- -F, —filter=FILE 從文件中都去過(guò)濾器信息
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
4.使用實(shí)例
實(shí)例1:顯示TCP連接
命令:
ss -t -a
輸出:
[yiibai@localhost ~]$ ss -t -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:ssh *:*
LISTEN 0 100 127.0.0.1:smtp *:*
ESTAB 0 52 192.168.0.197:ssh 192.168.0.5:54835
LISTEN 0 128 :::ssh :::*
LISTEN 0 100 ::1:smtp :::*
[yiibai@localhost ~]$
實(shí)例2:顯示 Sockets 摘要
命令:
ss -s
輸出:
[yiibai@localhost ~]$ ss -s
Total: 567 (kernel 0)
TCP: 5 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0
Transport Total IP IPv6
* 0 - -
RAW 1 0 1
UDP 5 3 2
TCP 5 3 2
INET 11 6 5
FRAG 0 0 0
[yiibai@localhost ~]$
說(shuō)明:列出當(dāng)前的established, closed, orphaned and waiting TCP sockets
實(shí)例3:列出所有打開(kāi)的網(wǎng)絡(luò)連接端口
命令:
ss -l
輸出:
[yiibai@localhost ~]$ ss -l
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 rtnl:-1254096198 *
nl UNCONN 0 0 rtnl:kernel *
nl UNCONN 0 0 rtnl:-1254096198 *
nl UNCONN 4352 0 tcpdiag:ss/4750 *
nl UNCONN 768 0 tcpdiag:kernel *
nl UNCONN 0 0 xfrm:kernel *
nl UNCONN 0 0 selinux:su/4717 *
nl UNCONN 0 0 selinux:kernel *
nl UNCONN 0 0 selinux:systemd/1 *
nl UNCONN 0 0 selinux:dbus-daemon/648 *
nl UNCONN 0 0 selinux:su/4717 *
nl UNCONN 0 0 selinux:dbus-daemon/648 *
nl UNCONN 0 0 selinux:systemd/1 *
nl UNCONN 0 0 audit:auditd/625 *
nl UNCONN 0 0 audit:systemd/1 *
nl UNCONN 0 0 audit:kernel *
nl UNCONN 0 0 fiblookup:kernel *
nl UNCONN 0 0 connector:kernel *
nl UNCONN 0 0 nft:kernel *
nl UNCONN 0 0 uevent:-4117 *
nl UNCONN 0 0 uevent:systemd/1 *
nl UNCONN 0 0 uevent:-4120 *
nl UNCONN 0 0 uevent:-4107 *
nl UNCONN 0 0 uevent:systemd-udevd/498 *
nl UNCONN 0 0 uevent:-4119 *
nl UNCONN 0 0 uevent:systemd-logind/665 *
nl UNCONN 0 0 uevent:kernel *
nl UNCONN 0 0 uevent:NetworkManager/698 *
nl UNCONN 0 0 uevent:tuned/1002 *
nl UNCONN 0 0 uevent:-4118 *
nl UNCONN 0 0 uevent:tuned/1002 *
nl UNCONN 0 0 uevent:-4120 *
nl UNCONN 0 0 uevent:NetworkManager/698 *
nl UNCONN 0 0 uevent:-4119 *
nl UNCONN 0 0 uevent:-4118 *
nl UNCONN 0 0 uevent:-4117 *
nl UNCONN 0 0 uevent:systemd-logind/665 *
nl UNCONN 0 0 uevent:-4107 *
nl UNCONN 0 0 uevent:systemd/1 *
nl UNCONN 0 0 genl:kernel *
nl UNCONN 0 0 scsi-trans:kernel *
p_raw UNCONN 0 0 *:ens33 *
u_str LISTEN 0 128 /run/lvm/lvmpolld.socket 12805 * 0
u_seq LISTEN 0 128 /run/udev/control 12811 * 0
u_str LISTEN 0 128 /run/lvm/lvmetad.socket 12827 * 0
u_dgr UNCONN 0 0 /run/systemd/shutdownd 13100 * 0
u_str LISTEN 0 100 public/showq 19872 * 0
u_str LISTEN 0 100 private/rewrite 19842 * 0
u_str LISTEN 0 128 /var/run/dbus/system_bus_socket 15231 * 0
u_str LISTEN 0 100 private/bounce 19845 * 0
u_str LISTEN 0 100 private/defer 19848 * 0
u_str LISTEN 0 100 private/trace 19851 * 0
u_str LISTEN 0 100 private/verify 19854 * 0
u_str LISTEN 0 100 private/proxymap 19860 * 0
u_str LISTEN 0 100 private/proxywrite 19863 * 0
u_str LISTEN 0 100 private/smtp 19866 * 0
u_str LISTEN 0 100 private/relay 19869 * 0
u_str LISTEN 0 100 private/error 19875 * 0
u_str LISTEN 0 100 private/retry 19878 * 0
u_str LISTEN 0 100 private/discard 19881 * 0
u_str LISTEN 0 100 private/local 19884 * 0
u_str LISTEN 0 100 private/virtual 19887 * 0
u_str LISTEN 0 100 private/lmtp 19890 * 0
u_str LISTEN 0 100 private/anvil 19893 * 0
u_str LISTEN 0 100 private/scache 19896 * 0
u_str LISTEN 0 100 public/pickup 19822 * 0
u_str LISTEN 0 100 public/cleanup 19832 * 0
u_str LISTEN 0 100 public/qmgr 19835 * 0
u_str LISTEN 0 100 public/flush 19857 * 0
u_str LISTEN 0 10 /var/run/NetworkManager/private-dhcp 17836 * 0
u_dgr UNCONN 0 0 /run/systemd/notify 8385 * 0
u_dgr UNCONN 0 0 /run/systemd/cgroups-agent 8387 * 0
u_str LISTEN 0 100 private/tlsmgr 19839 * 0
u_str LISTEN 0 128 /run/systemd/journal/stdout 8395 * 0
u_dgr UNCONN 0 0 /run/systemd/journal/socket 8398 * 0
u_dgr UNCONN 0 0 /dev/log 8400 * 0
u_str LISTEN 0 128 /run/systemd/private 12794 * 0
u_dgr UNCONN 0 0 * 16501 * 8400
u_dgr UNCONN 0 0 * 80277 * 8400
u_dgr UNCONN 0 0 * 85014 * 8400
u_dgr UNCONN 0 0 * 16412 * 8400
u_dgr UNCONN 0 0 * 80112 * 8400
u_dgr UNCONN 0 0 * 85465 * 8400
u_dgr UNCONN 0 0 * 15509 * 8400
u_dgr UNCONN 0 0 * 82676 * 8400
u_dgr UNCONN 0 0 * 13285 * 8398
u_dgr UNCONN 0 0 * 19784 * 8400
u_dgr UNCONN 0 0 * 20011 * 8400
u_dgr UNCONN 0 0 * 16231 * 8400
u_dgr UNCONN 8 0 * 13816 * 13817
u_dgr UNCONN 0 0 * 16204 * 8400
u_dgr UNCONN 0 0 * 79889 * 8400
u_dgr UNCONN 0 0 * 16133 * 8398
u_dgr UNCONN 0 768 * 13817 * 13816
u_dgr UNCONN 0 0 * 13797 * 8398
u_dgr UNCONN 0 0 * 15143 * 8400
udp UNCONN 0 0 :::ipv6-icmp :::*
udp UNCONN 0 0 *:trnsprntproxy *:*
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 *:bootpc *:*
udp UNCONN 0 0 :::rnm :::*
udp UNCONN 0 0 ::1:323 :::*
tcp LISTEN 0 128 *:ssh *:*
tcp LISTEN 0 100 127.0.0.1:smtp *:*
tcp LISTEN 0 128 :::ssh :::*
tcp LISTEN 0 100 ::1:smtp :::*
[yiibai@localhost ~]$
實(shí)例4:查看進(jìn)程使用的socket
命令:
ss -pl
輸出:
[yiibai@localhost ~]$ ss -pl
Netid State Recv-Q Send-Q Local Address:Port
nl UNCONN 0 0 rtnl:-1254096198
nl UNCONN 0 0 rtnl:kernel
nl UNCONN 0 0 rtnl:-1254096198
nl UNCONN 4352 0 tcpdiag:ss/4871
nl UNCONN 768 0 tcpdiag:kernel
nl UNCONN 0 0 xfrm:kernel
nl UNCONN 0 0 selinux:su/4717
nl UNCONN 0 0 selinux:kernel
nl UNCONN 0 0 selinux:systemd/1
nl UNCONN 0 0 selinux:dbus-daemon/648
nl UNCONN 0 0 selinux:su/4717
nl UNCONN 0 0 selinux:dbus-daemon/648
nl UNCONN 0 0 selinux:systemd/1
nl UNCONN 0 0 audit:auditd/625
nl UNCONN 0 0 audit:systemd/1
nl UNCONN 0 0 audit:kernel
nl UNCONN 0 0 fiblookup:kernel
nl UNCONN 0 0 connector:kernel
nl UNCONN 0 0 nft:kernel
nl UNCONN 0 0 uevent:-4117
nl UNCONN 0 0 uevent:systemd/1
nl UNCONN 0 0 uevent:-4120
nl UNCONN 0 0 uevent:-4107
nl UNCONN 0 0 uevent:-4119
nl UNCONN 0 0 uevent:systemd-logind/665
nl UNCONN 0 0 uevent:kernel
nl UNCONN 0 0 uevent:NetworkManager/698
nl UNCONN 0 0 uevent:tuned/1002
nl UNCONN 0 0 uevent:-4118
nl UNCONN 0 0 uevent:tuned/1002
nl UNCONN 0 0 uevent:-4120
nl UNCONN 0 0 uevent:NetworkManager/698
nl UNCONN 0 0 uevent:-4119
nl UNCONN 0 0 uevent:-4118
nl UNCONN 0 0 uevent:-4117
nl UNCONN 0 0 uevent:systemd-logind/665
nl UNCONN 0 0 uevent:-4107
nl UNCONN 0 0 uevent:systemd/1
nl UNCONN 0 0 genl:kernel
nl UNCONN 0 0 scsi-trans:kernel
p_raw UNCONN 0 0 *:ens33
u_str LISTEN 0 128 /run/lvm/lvmpolld.socket 12805
u_seq LISTEN 0 128 /run/udev/control 12811
u_str LISTEN 0 128 /run/lvm/lvmetad.socket 12827
u_dgr UNCONN 0 0 /run/systemd/shutdownd 13100
u_str LISTEN 0 100 public/showq 19872
u_str LISTEN 0 100 private/rewrite 19842
u_str LISTEN 0 128 /var/run/dbus/system_bus_socket 15231
u_str LISTEN 0 100 private/bounce 19845
u_str LISTEN 0 100 private/defer 19848
u_str LISTEN 0 100 private/trace 19851
u_str LISTEN 0 100 private/verify 19854
u_str LISTEN 0 100 private/proxymap 19860
u_str LISTEN 0 100 private/proxywrite 19863
u_str LISTEN 0 100 private/smtp 19866
u_str LISTEN 0 100 private/relay 19869
u_str LISTEN 0 100 private/error 19875
u_str LISTEN 0 100 private/retry 19878
u_str LISTEN 0 100 private/discard 19881
u_str LISTEN 0 100 private/local 19884
u_str LISTEN 0 100 private/virtual 19887
u_str LISTEN 0 100 private/lmtp 19890
u_str LISTEN 0 100 private/anvil 19893
u_str LISTEN 0 100 private/scache 19896
u_str LISTEN 0 100 public/pickup 19822
u_str LISTEN 0 100 public/cleanup 19832
u_str LISTEN 0 100 public/qmgr 19835
u_str LISTEN 0 100 public/flush 19857
u_str LISTEN 0 10 /var/run/NetworkManager/private-dhcp 17836
u_dgr UNCONN 0 0 /run/systemd/notify 8385
u_dgr UNCONN 0 0 /run/systemd/cgroups-agent 8387
u_str LISTEN 0 100 private/tlsmgr 19839
u_str LISTEN 0 128 /run/systemd/journal/stdout 8395
u_dgr UNCONN 0 0 /run/systemd/journal/socket 8398
u_dgr UNCONN 0 0 /dev/log 8400
u_str LISTEN 0 128 /run/systemd/private 12794
u_dgr UNCONN 0 0 * 16501
u_dgr UNCONN 0 0 * 80277
u_dgr UNCONN 0 0 * 85014
u_dgr UNCONN 0 0 * 16412
u_dgr UNCONN 0 0 * 80112
u_dgr UNCONN 0 0 * 85465
u_dgr UNCONN 0 0 * 15509
u_dgr UNCONN 0 0 * 82676
u_dgr UNCONN 0 0 * 13285
u_dgr UNCONN 0 0 * 19784
u_dgr UNCONN 0 0 * 20011
u_dgr UNCONN 0 0 * 16231
u_dgr UNCONN 0 0 * 13816
u_dgr UNCONN 0 0 * 16204
u_dgr UNCONN 0 0 * 79889
u_dgr UNCONN 0 0 * 16133
u_dgr UNCONN 0 0 * 13817
u_dgr UNCONN 0 0 * 13797
u_dgr UNCONN 0 0 * 15143
udp UNCONN 0 0 :::ipv6-icmp
udp UNCONN 0 0 *:trnsprntproxy
udp UNCONN 0 0 127.0.0.1:323
udp UNCONN 0 0 *:bootpc
udp UNCONN 0 0 :::rnm
udp UNCONN 0 0 ::1:323
tcp LISTEN 0 128 *:ssh
tcp LISTEN 0 100 127.0.0.1:smtp
tcp LISTEN 0 128 :::ssh
tcp LISTEN 0 100 ::1:smtp
[yiibai@localhost ~]$
實(shí)例5:找出打開(kāi)套接字/端口應(yīng)用程序
命令:
ss -lp | grep 23
輸出:
[yiibai@localhost ~]$ ss -lp | grep 23
u_str LISTEN 0 128 /var/run/dbus/system_bus_socket 15231 * 0
u_dgr UNCONN 0 0 * 16231 * 8400
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 ::1:323 :::*
[yiibai@localhost ~]$
實(shí)例6:顯示所有UDP Sockets
命令:
ss -u -a
輸出:
[yiibai@localhost ~]$ ss -u -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:trnsprntproxy *:*
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 *:bootpc *:*
UNCONN 0 0 :::rnm :::*
UNCONN 0 0 ::1:323 :::*
[yiibai@localhost ~]$
實(shí)例7:顯示所有狀態(tài)為established的SMTP連接
命令:
ss -o state established '( dport = :ssh or sport = :ssh )'
輸出:
[yiibai@localhost ~]$ ss -o state established '( dport = :ssh or sport = :ssh )'
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp 0 52 192.168.0.197:ssh 192.168.0.5:54835 timer:(on,241ms,0)
[yiibai@localhost ~]$
實(shí)例8:顯示所有狀態(tài)為Established的ssh連接
命令:
ss -o state established '( dport = :ssh or sport = :ssh )'
輸出:
[yiibai@localhost ~]$ ss -o state established '( dport = :ssh or sport = :ssh )'
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp 0 52 192.168.0.197:ssh 192.168.0.5:54835 timer:(on,248ms,0)
[yiibai@localhost ~]$
實(shí)例9:列舉出處于 FIN-WAIT-1狀態(tài)的源端口為 80或者 443,目標(biāo)網(wǎng)絡(luò)為 193.233.7/24所有 tcp套接字
命令:
ss -o state fin-wait-1 ‘( sport = :http or sport = :http )’ dst 193.233.7/24
輸出:自已動(dòng)手測(cè)試一下吧、
實(shí)例10:用TCP 狀態(tài)過(guò)濾Sockets
命令:
ss -4 state FILTER-NAME-HERE
ss -6 state FILTER-NAME-HERE
輸出:
[yiibai@localhost ~]$ ss -4 state closing
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port
[yiibai@localhost ~]$
說(shuō)明:
FILTER-NAME-HERE 可以代表以下任何一個(gè):
establishedsyn-sentsyn-recvfin-wait-1fin-wait-2time-waitclosedclose-waitlast-acklistenclosingall : 所有以上狀態(tài)connected : 除了listen and closed的所有狀態(tài)synchronized :所有已連接的狀態(tài)除了syn-sentbucket : 顯示狀態(tài)為maintained as minisockets,如:time-wait和syn-recv.big : 和bucket相反.
實(shí)例11:匹配遠(yuǎn)程地址和端口號(hào)
命令:
ss dst 192.168.0.5
ss dst 192.168.0.113:http
ss dst 192.168.0.113:smtp
ss dst 192.168.0.113:443
輸出:
[yiibai@localhost ~]$ ss dst 192.168.0.5
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 52 192.168.0.197:ssh 192.168.0.5:54835
[yiibai@localhost ~]$
實(shí)例12:匹配本地地址和端口號(hào)
命令:
ss src 192.168.0.197
ss src 192.168.0.197:http
ss src 192.168.0.197:80
ss src 192.168.0.197:smtp
ss src 192.168.0.197:25
輸出:
實(shí)例13:將本地或者遠(yuǎn)程端口和一個(gè)數(shù)比較
命令:
ss dport OP PORT
ss sport OP PORT
輸出:
[root@localhost ~]# ss sport = :http
[root@localhost ~]# ss dport = :http
[root@localhost ~]# ss dport \> :1024
[root@localhost ~]# ss sport \> :1024
[root@localhost ~]# ss sport \< :32000
[root@localhost ~]# ss sport eq :22
[root@localhost ~]# ss dport != :22
[root@localhost ~]# ss state connected sport = :http
[root@localhost ~]# ss \( sport = :http or sport = :http \)
[root@localhost ~]# ss -o state fin-wait-1 \( sport = :http or sport = :http \) dst 192.168.0/24
說(shuō)明:
ss dport OP PORT 遠(yuǎn)程端口和一個(gè)數(shù)比較��;ss sport OP PORT 本地端口和一個(gè)數(shù)比較����。
OP 可以代表以下任意一個(gè):
<= 或 le : 小于或等于端口號(hào)>= 或 ge : 大于或等于端口號(hào)== 或 eq : 等于端口號(hào)!= 或 ne : 不等于端口號(hào)< 或 gt : 小于端口號(hào)> 或 lt : 大于端口號(hào)
實(shí)例14:ss 和 netstat 效率對(duì)比
命令:
time netstat -at
time ss
輸出:
[yiibai@localhost ~]$ time netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 52 localhost.localdoma:ssh 192.168.0.5:54835 ESTABLISHED
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
real 0m0.119s
user 0m0.006s
sys 0m0.021s
[yiibai@localhost ~]$ time ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 19870 * 19871
u_str ESTAB
