ss是Socket Statistics的缩写。顾名思义,ss命令可以用来获取socket统计信息,它可以显示和netstat类似的内容。ss的优势在于它能够显示更多更详细的有关TCP和连接状态的信息,而且比netstat更快速更高效。
当服务器的socket连接数量变得非常大时,无论是使用netstat命令还是直接cat /proc/net/tcp,执行速度都会很慢。
ss快的秘诀在于,它利用到了TCP协议栈中tcp_diag,tcp_diag是一个用于分析统计的模块,可以获得Linux 内核中第一手的信息,这就确保了ss的快捷高效
ss命令常见的参数
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, --help this message
-V, --version output version information
-n, --numeric don't resolve service names
-r, --resolve resolve host names
-a, --all display all sockets
-l, --listening display listening socket
-o, --options show timer information
-e, --extended show detailed socket information
-m, --memory show socket memory usage
-p, --processes show process using socket
-i, --info show internal TCP information
-s, --summary show socket usage summary
-4, --ipv4 display only IP version 4 sockets
-6, --ipv6 display only IP version 6 sockets
-0, --packet display PACKET sockets
-t, --tcp display only TCP sockets
-u, --udp display only UDP sockets
-d, --dccp display only DCCP sockets
-w, --raw display only RAW sockets
-x, --unix display only Unix domain sockets
-f, --family=FAMILY display sockets of type FAMILY
-A, --query=QUERY, --socket=QUERY
QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
-D, --diag=FILE Dump raw information about TCP sockets to FILE
-F, --filter=FILE read filter information from FILE
FILTER := [ state TCP-STATE ] [ EXPRESSION ]查看打开的所有网络端口
#ss -l State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 100 127.0.0.1:smtp *:* LISTEN 0 128 *:https *:* LISTEN 0 128 *:zabbix-agent *:* LISTEN 0 128 127.0.0.1:smux *:* LISTEN 0 128 127.0.0.1:cslistener *:* LISTEN 0 50 *:mysql *:* LISTEN 0 128 *:http *:* LISTEN 0 128 *:42194 *:* LISTEN 0 128 *:ssh *:*
如果是需要显示具体进程名称需要添加-p参数
#ss -pl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:smtp *:* users:(("master",1855,12))
LISTEN 0 128 *:https *:* users:(("nginx",16811,7),("nginx",16813,7))
LISTEN 0 128 *:zabbix-agent *:* users:(("zabbix_agentd",21229,4),("zabbix_agentd",21234,4),("zabbix_agentd",21235,4),("zabbix_agentd",21236,4),("zabbix_agentd",21237,4),("zabbix_agentd",21238,4))
LISTEN 0 128 127.0.0.1:smux *:* users:(("snmpd",21282,9))
LISTEN 0 128 127.0.0.1:cslistener *:* users:(("php-fpm",700,0),("php-fpm",701,0),("php-fpm",702,0),("php-fpm",703,0),("php-fpm",10177,0),("php-fpm",17708,0),("php-fpm",21001,7),("php-fpm",25101,0),("php-fpm",27617,0))
LISTEN 0 50 *:mysql *:* users:(("mysqld",23273,13))
LISTEN 0 128 *:http *:* users:(("nginx",16811,6),("nginx",16813,6))
LISTEN 0 128 *:42194 *:* users:(("pwhmze",11851,7))
LISTEN 0 128 *:ssh *:*这样可以看到相关进程的进程号,可以方便后续对进程的操作处理
查看所有的socket连接
#ss -a State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 100 127.0.0.1:smtp *:* LISTEN 0 128 *:https *:* LISTEN 0 128 *:zabbix-agent *:* LISTEN 0 128 127.0.0.1:smux *:* LISTEN 0 128 127.0.0.1:cslistener *:* LISTEN 0 50 *:mysql *:* LISTEN 0 128 *:http *:* LISTEN 0 128 *:42194 *:* LISTEN 0 128 *:ssh *:* TIME-WAIT 0 0 172.31.108.54:60116 47.35.240.212:EtherNet/IP-1 ESTAB 0 0 172.31.108.54:43818 47.93.148.247:22222 TIME-WAIT 0 0 172.31.108.54:60238 47.35.240.212:EtherNet/IP-1 ESTAB 0 0 172.31.108.54:https 49.233.176.23:37586 SYN-SENT 0 1 172.31.108.54:34000 47.66.70.77:EtherNet/IP-1 SYN-SENT 0 1 172.31.108.54:40610 47.204.220.61:ssh SYN-SENT 0 1 172.31.108.54:44480 47.175.248.61:tr-rsrb-p1 SYN-SENT 0 1 172.31.108.54:45160 47.140.9.186:22222 TIME-WAIT 0 0 172.31.108.54:60044 47.35.240.212:EtherNet/IP-1 SYN-SENT 0 1 172.31.108.54:56004 47.237.174.38:EtherNet/IP-1 ESTAB 0 0 172.31.108.54:37406 47.100.166.197:22222 SYN-SENT 0 1 172.31.108.54:33762 47.27.31.120:22222 SYN-SENT 0 1 172.31.108.54:52104 47.247.97.112:22222 SYN-SENT 0 1 172.31.108.54:32822 47.223.135.180:22222 ......
如果只想查看TCP sockets,那么使用-ta选项
如果只想查看UDP sockets,那么使用-ua选项
如果只想查看RAW sockets,那么使用-wa选项
如果只想查看UNIX sockets,那么使用-xa选项
显示所有状态为established的SMTP连接
#ss -o state 'established' Recv-Q Send-Q Local Address:Port Peer Address:Port 0 12 172.31.108.54:33912 47.35.240.212:EtherNet/IP-1 timer:(on,2.994ms,0) 0 0 172.31.108.54:43818 47.93.148.247:22222 timer:(keepalive,8.994ms,0) 0 0 172.31.108.54:37406 47.100.166.197:22222 timer:(keepalive,10sec,0) 0 0 172.31.108.54:33700 47.106.88.88:22222 timer:(keepalive,2.177ms,0) 0 0 172.31.108.54:59984 161.35.21.73:https timer:(keepalive,57sec,0) 0 0 172.31.108.54:36556 111.229.66.87:35356 timer:(keepalive,7.994ms,0) 0 0 172.31.108.54:36284 106.54.102.94:40716 timer:(keepalive,10sec,0) 0 0 172.31.108.54:49156 47.105.80.90:22222 timer:(keepalive,8.994ms,0) 0 96 172.31.108.54:ssh 103.59.50.2:52820 timer:(on,1.331ms,0) 0 0 172.31.108.54:45020 111.28.140.171:44756 timer:(keepalive,4.994ms,0) 0 0 172.31.108.54:56186 49.235.57.113:40006 timer:(keepalive,089ms,1) 0 0 172.31.108.54:57742 111.229.255.31:39242 timer:(keepalive,8.994ms,0) 0 0 172.31.108.54:55686 47.102.121.167:22222 timer:(keepalive,074ms,0) 0 0 172.31.108.54:33792 47.93.91.161:22222 timer:(keepalive,8.091ms,0) 0 0 172.31.108.54:49074 139.155.46.100:35079 timer:(keepalive,3.994ms,0)
匹配远程地址和端口号
ss dst 172.31.108.54 ss dst 172.31.108.54:12222
匹配本地地址和端口号
ss src 172.31.108.54 ss src 172.31.108.54:22