linux下ss命令的使用方法介绍
- 2020-07-21 13:59:12
- 运维
- 31
- shevechco
ss是Socket Statistics的缩写。顾名思义,ss命令可以用来获取socket统计信息,它可以显示和netstat类似的内容。ss的优势在于它能够显示更多更详细的有关TCP和连接状态的信息,而且比netstat更快速更高效。
当服务器的socket连接数量变得非常大时,无论是使用netstat命令还是直接cat /proc/net/tcp,执行速度都会很慢。
ss快的秘诀在于,它利用到了TCP协议栈中tcp_diag,tcp_diag是一个用于分析统计的模块,可以获得Linux 内核中第一手的信息,这就确保了ss的快捷高效
ss命令常见的参数
01.Usage: ss [ OPTIONS ]02. ss [ OPTIONS ] [ FILTER ]03. -h, --help this message04. -V, --version output version information05. -n, --numeric don't resolve service names06. -r, --resolve resolve host names07. -a, --all display all sockets08. -l, --listening display listening socket09. -o, --options show timer information10. -e, --extended show detailed socket information11. -m, --memory show socket memory usage12. -p, --processes show process using socket13. -i, --info show internal TCP information14. -s, --summary show socket usage summary15. -4, --ipv4 display only IP version 4 sockets16. -6, --ipv6 display only IP version 6 sockets17. -0, --packet display PACKET sockets18. -t, --tcp display only TCP sockets19. -u, --udp display only UDP sockets20. -d, --dccp display only DCCP sockets21. -w, --raw display only RAW sockets22. -x, --unix display only Unix domain sockets23. -f, --family=FAMILY display sockets of type FAMILY24. -A, --query=QUERY, --socket=QUERY25. QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]26. -D, --diag=FILE Dump raw information about TCP sockets to FILE27. -F, --filter=FILE read filter information from FILE28. FILTER := [ state TCP-STATE ] [ EXPRESSION ]查看打开的所有网络端口
01.#ss -l02.State Recv-Q Send-Q Local Address:Port Peer Address:Port 03.LISTEN 0 100 127.0.0.1:smtp *:* 04.LISTEN 0 128 *:https *:* 05.LISTEN 0 128 *:zabbix-agent *:* 06.LISTEN 0 128 127.0.0.1:smux *:* 07.LISTEN 0 128 127.0.0.1:cslistener *:* 08.LISTEN 0 50 *:mysql *:* 09.LISTEN 0 128 *:http *:* 10.LISTEN 0 128 *:42194 *:* 11.LISTEN 0 128 *:ssh *:*如果是需要显示具体进程名称需要添加-p参数
01.#ss -pl02.State Recv-Q Send-Q Local Address:Port Peer Address:Port 03.LISTEN 0 100 127.0.0.1:smtp *:* users:(("master",1855,12))04.LISTEN 0 128 *:https *:* users:(("nginx",16811,7),("nginx",16813,7))05.LISTEN 0 128 *:zabbix-agent *:* users:(("zabbix_agentd",21229,4),("zabbix_agentd",21234,4),("zabbix_agentd",21235,4),("zabbix_agentd",21236,4),("zabbix_agentd",21237,4),("zabbix_agentd",21238,4))06.LISTEN 0 128 127.0.0.1:smux *:* users:(("snmpd",21282,9))07.LISTEN 0 128 127.0.0.1:cslistener *:* users:(("php-fpm",700,0),("php-fpm",701,0),("php-fpm",702,0),("php-fpm",703,0),("php-fpm",10177,0),("php-fpm",17708,0),("php-fpm",21001,7),("php-fpm",25101,0),("php-fpm",27617,0))08.LISTEN 0 50 *:mysql *:* users:(("mysqld",23273,13))09.LISTEN 0 128 *:http *:* users:(("nginx",16811,6),("nginx",16813,6))10.LISTEN 0 128 *:42194 *:* users:(("pwhmze",11851,7))11.LISTEN 0 128 *:ssh *:*这样可以看到相关进程的进程号,可以方便后续对进程的操作处理
查看所有的socket连接
01.#ss -a02.State Recv-Q Send-Q Local Address:Port Peer Address:Port 03.LISTEN 0 100 127.0.0.1:smtp *:* 04.LISTEN 0 128 *:https *:* 05.LISTEN 0 128 *:zabbix-agent *:* 06.LISTEN 0 128 127.0.0.1:smux *:* 07.LISTEN 0 128 127.0.0.1:cslistener *:* 08.LISTEN 0 50 *:mysql *:* 09.LISTEN 0 128 *:http *:* 10.LISTEN 0 128 *:42194 *:* 11.LISTEN 0 128 *:ssh *:* 12.TIME-WAIT 0 0 172.31.108.54:60116 47.35.240.212:EtherNet/IP-1 13.ESTAB 0 0 172.31.108.54:43818 47.93.148.247:22222 14.TIME-WAIT 0 0 172.31.108.54:60238 47.35.240.212:EtherNet/IP-1 15.ESTAB 0 0 172.31.108.54:https 49.233.176.23:37586 16.SYN-SENT 0 1 172.31.108.54:34000 47.66.70.77:EtherNet/IP-1 17.SYN-SENT 0 1 172.31.108.54:40610 47.204.220.61:ssh 18.SYN-SENT 0 1 172.31.108.54:44480 47.175.248.61:tr-rsrb-p1 19.SYN-SENT 0 1 172.31.108.54:45160 47.140.9.186:22222 20.TIME-WAIT 0 0 172.31.108.54:60044 47.35.240.212:EtherNet/IP-1 21.SYN-SENT 0 1 172.31.108.54:56004 47.237.174.38:EtherNet/IP-1 22.ESTAB 0 0 172.31.108.54:37406 47.100.166.197:22222 23.SYN-SENT 0 1 172.31.108.54:33762 47.27.31.120:22222 24.SYN-SENT 0 1 172.31.108.54:52104 47.247.97.112:22222 25.SYN-SENT 0 1 172.31.108.54:32822 47.223.135.180:22222 26.......如果只想查看TCP sockets,那么使用-ta选项
如果只想查看UDP sockets,那么使用-ua选项
如果只想查看RAW sockets,那么使用-wa选项
如果只想查看UNIX sockets,那么使用-xa选项
显示所有状态为established的SMTP连接
01.#ss -o state 'established'02.Recv-Q Send-Q Local Address:Port Peer Address:Port 03.0 12 172.31.108.54:33912 47.35.240.212:EtherNet/IP-1 timer:(on,2.994ms,0)04.0 0 172.31.108.54:43818 47.93.148.247:22222 timer:(keepalive,8.994ms,0)05.0 0 172.31.108.54:37406 47.100.166.197:22222 timer:(keepalive,10sec,0)06.0 0 172.31.108.54:33700 47.106.88.88:22222 timer:(keepalive,2.177ms,0)07.0 0 172.31.108.54:59984 161.35.21.73:https timer:(keepalive,57sec,0)08.0 0 172.31.108.54:36556 111.229.66.87:35356 timer:(keepalive,7.994ms,0)09.0 0 172.31.108.54:36284 106.54.102.94:40716 timer:(keepalive,10sec,0)10.0 0 172.31.108.54:49156 47.105.80.90:22222 timer:(keepalive,8.994ms,0)11.0 96 172.31.108.54:ssh 103.59.50.2:52820 timer:(on,1.331ms,0)12.0 0 172.31.108.54:45020 111.28.140.171:44756 timer:(keepalive,4.994ms,0)13.0 0 172.31.108.54:56186 49.235.57.113:40006 timer:(keepalive,089ms,1)14.0 0 172.31.108.54:57742 111.229.255.31:39242 timer:(keepalive,8.994ms,0)15.0 0 172.31.108.54:55686 47.102.121.167:22222 timer:(keepalive,074ms,0)16.0 0 172.31.108.54:33792 47.93.91.161:22222 timer:(keepalive,8.091ms,0)17.0 0 172.31.108.54:49074 139.155.46.100:35079 timer:(keepalive,3.994ms,0)匹配远程地址和端口号
01.ss dst 172.31.108.5402.ss dst 172.31.108.54:12222匹配本地地址和端口号
01.ss src 172.31.108.5402.ss src 172.31.108.54:22内容版权声明:除非注明,否则皆为本站原创文章。
转载注明出处:http://www.sulao.cn/post/765