ss简介
ss命令可以用来统计套接字信息,它支持PACKET套接字、TCP套接字、UDP套接字、DCCP套接字、RAW套接字和Unix域套接字等等。它能像netstat命令那样输出统计信息,与其它工具相比,它支持更多的TCP状态。在查看TCP连接状态方面,ss命令比netstat命令运行更快,使用起来也很方便快捷。
ss具有如下特性:
- 能统计所有TCP套接字信息
- 能统计所有UDP套接字信息
- 能统计ssh/ftp/http/https等协议的连接信息
- 能按照TCP状态、IP地址和端口过滤信息
大多数Linux发行版都自带ss以及其它监视工具。熟悉这些工具将有助于我们了解系统的套接字状态,为我们发现潜在的性能问题提供有用参考。
ss应用举例
显示套接字统计信息
|
1 |
ss -s |
样例输出:
|
1 2 3 4 5 |
Total: <span class="m" style="color:#009999;">108</span> <span class="o" style="color:#000000;font-weight:bold;">(</span>kernel 0<span class="o" style="color:#000000;font-weight:bold;">)</span> TCP: <span class="m" style="color:#009999;">9</span> <span class="o" style="color:#000000;font-weight:bold;">(</span>estab 1, closed 2, orphaned 0, synrecv 0, timewait 2/0<span class="o" style="color:#000000;font-weight:bold;">)</span>, ports 0 Transport Total IP IPv6 * <span class="m" style="color:#009999;">0</span> - - RAW <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> UDP <span class="m" style="color:#009999;">3</span> <span class="m" style="color:#009999;">2</span> <span class="m" style="color:#009999;">1</span> TCP <span class="m" style="color:#009999;">7</span> <span class="m" style="color:#009999;">6</span> <span class="m" style="color:#009999;">1</span> INET <span class="m" style="color:#009999;">10</span> <span class="m" style="color:#009999;">8</span> <span class="m" style="color:#009999;">2</span> FRAG <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> 0 |
显示所有打开的端口
|
1 |
ss -l |
样例输出:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port nl UNCONN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> rtnl:kernel * nl UNCONN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> tcpdiag:kernel * nl UNCONN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> 7:kernel * nl UNCONN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> 9:kernel * nl UNCONN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> 10:kernel * nl UNCONN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> 11:kernel * nl UNCONN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> 15:kernel * nl UNCONN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> 15:397 * nl UNCONN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> 15:-4117 * nl UNCONN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> 15:408 * nl UNCONN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">0</span> 15:-4116 * |
如果想看到是哪些进程打开了这些端口,可以用如下命令:
|
1 |
ss -pl |
显示所有TCP套接字
|
1 |
ss -t -a |
样例输出:
|
1 2 3 4 5 6 7 |
State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">128</span> *:http *:* LISTEN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">128</span> *:ssh *:* LISTEN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">128</span> 127.0.0.1:9181 *:* LISTEN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">50</span> 127.0.0.1:3872 *:* LISTEN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">128</span> 127.0.0.1:3081 *:* LISTEN <span class="m" style="color:#009999;">0</span> <span class="m" style="color:#009999;">128</span> :::ssh :::* |
显示所有UDP套接字
|
1 |
ss -u -a |
显示所有RAW套接字
|
1 |
ss -w -a |
显示所有UNIX域套接字
|
1 |
ss -x -a |
显示所有建立的SMTP连接
|
1 |
ss -o state established <span class="s1" style="color:#D01040;">'( dport = :smtp or sport = :smtp )'</span> |
显示所有建立的HTTP连接
|
1 |
ss -o state established <span class="s1" style="color:#D01040;">'( dport = :http or sport = :http )'</span> |
列出所有处于FIN-WAIT-1状态的TCP套接字
|
1 |
ss -o state fin-wait-1 -t |
ss相关问题
如何按照TCP状态过滤套接字
语法如下:
|
1 |
<span class="c" style="color:#999988;font-style:italic;">## tcp ipv4 ##</span> ss -4 state tcp-state <span class="c" style="color:#999988;font-style:italic;">## tcp ipv6 ##</span> ss -6 state tcp-state |
上述命令中的tcp-state可以有如下取值:
- established
- syn-sent
- syn-recv
- fin-wait-1
- fin-wait-2
- time-wait
- closed
- close-wait
- last-ack
- listen
- closing
- all:上面所有状态
- connected:除了listen和closed之外的所有状态
- synchronized:除了syn-sent之外的所有connected状态
- bucket:miniSockets维护的状态,也就是time-wait和syn-recv
- big:与bucket状态相反
如何匹配远程地址和端口
语法如下:
|
1 2 3 |
ss dst address_pattern <span class="c" style="color:#999988;font-style:italic;">## examples ##</span> ss dst 192.168.1.5 ss dst 192.168.1.5:http ss dst 192.168.1.5:80 |
如何匹配本地地址和端口
语法如下:
|
1 2 3 |
ss src address_pattern <span class="c" style="color:#999988;font-style:italic;">## examples ##</span> ss src 8.8.8.8 ss src 8.8.8.8:http ss src 8.8.8.8:80 |
如何将本地或者远程端口和一个数作比较
语法如下:
|
1 |
<span class="c" style="color:#999988;font-style:italic;">## 比较远程端口 ##</span> ss dport OP port_number <span class="c" style="color:#999988;font-style:italic;">## 比较本地端口 ##</span> ss sport OP port_number |
其中,OP比较操作如下:
- <= 或 le
- >= 或 ge
- == 或 eq
- != 或 ne
- < 或 lt
- > 或 gt
几个例子:
|
1 2 3 4 5 6 7 8 9 |
<span class="c" style="color:#999988;font-style:italic;">## 别忘了转义特殊字符 ##</span> ss <span class="nv" style="color:#008080;">sport</span> <span class="o" style="color:#000000;font-weight:bold;">==</span> :http ss <span class="nv" style="color:#008080;">dport</span> <span class="o" style="color:#000000;font-weight:bold;">==</span> :http ss dport <span class="se" style="color:#D01040;">\></span> :1024 ss sport <span class="se" style="color:#D01040;">\></span> :1024 ss sport <span class="se" style="color:#D01040;">\<</span> :32000 ss sport eq :22 ss dport !<span class="o" style="color:#000000;font-weight:bold;">=</span> :22 ss -o state connected <span class="nv" style="color:#008080;">sport</span> <span class="o" style="color:#000000;font-weight:bold;">==</span> :http ss <span class="se" style="color:#D01040;">\(</span> <span class="nv" style="color:#008080;">sport</span> <span class="o" style="color:#000000;font-weight:bold;">=</span> :http or <span class="nv" style="color:#008080;">sport</span> <span class="o" style="color:#000000;font-weight:bold;">==</span> :https <span class="se" style="color:#D01040;">\)</span> ss -o state fin-wait-1 <span class="se" style="color:#D01040;">\(</span> <span class="nv" style="color:#008080;">sport</span> <span class="o" style="color:#000000;font-weight:bold;">=</span> :http or <span class="nv" style="color:#008080;">sport</span> <span class="o" style="color:#000000;font-weight:bold;">=</span> :https <span class="se" style="color:#D01040;">\)</span> dst 192.168.1/24 |
