Use of ss command
The ss command in Linux system is the abbreviation of Socket Statistics.
The ss command can be used to obtain socket statistics, and the content it displays is similar to netstat. But the advantage of ss is that it can display more and more detailed information about TCP and connection status, and it is faster than netstat. When the number of socket connections on the server becomes very large, whether you use the netstat command or directly cat /proc/net/tcp, the execution speed will be very slow. The ss command uses tcp_diag in the TCP protocol stack. tcp_diag is a module for analyzing statistics, which can obtain first-hand information in the Linux kernel, so the performance of the ss command will be much better. In other words, the ss command is efficient and accurate.
The ss command supports command combinations, similar to netstat, such as:
1. View the port that the host is listening on
ss -tnl
[root@centos7 mnt]# ss -tlnr
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 5 centos7:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 localhost:631 *:*
LISTEN 0 100 localhost:25 *:*
LISTEN 0 128 localhost:6010 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 localhost:631 :::*
LISTEN 0 100 localhost:25 :::*
LISTEN 0 128 localhost:6010 :::*
We can see that the local machine has opened the tcp ports 111,53,22,631,25,6010,80,25, which is the smtp service-25, ssh-22, dns-53, http-80, xshell- 631, cupsd-6010, bridged network card of docker-111
2. Parse the IP and port number through the -r option
ss -tlr
[root@centos7 mnt]# ss -tlr
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:rpc.portmapper *:*
LISTEN 0 5 centos7:domain *:*
LISTEN 0 128 *:ssh *:*
LISTEN 0 128 localhost:ipp *:*
LISTEN 0 100 localhost:smtp *:*
LISTEN 0 128 localhost:x11-ssh-offset *:*
LISTEN 0 128 :::rpc.portmapper :::*
LISTEN 0 128 :::http :::*
LISTEN 0 128 :::ssh :::*
LISTEN 0 128 localhost:ipp :::*
LISTEN 0 100 localhost:smtp :::*
LISTEN 0 128 localhost:x11-ssh-offset :::*
3. Use the -p option to view the name of the program listening on the port
ss -tlp
4. You can also use grep to further filter the listening port
ss -tlp | grep ssh
[root@centos7 mnt]# ss -tlp | grep ssh
LISTEN 0 128 *:ssh *:* users:(("sshd",pid=1015,fd=3))
LISTEN 0 128 127.0.0.1:x11-ssh-offset *:* users:(("sshd",pid=1839,fd=9))
LISTEN 0 128 :::ssh :::* users:(("sshd",pid=1015,fd=4))
LISTEN 0 128 ::1:x11-ssh-offset :::* users:(("sshd",pid=1839,fd=8))
5. View the established TCP connection
ss -tna
The estab line indicates that the machine 192.168.0.2:49899 is connected to 192.168.0.17 via ssh, and the machine 17 is the default ssh port used.
[root@centos7 mnt]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6010 *:*
ESTAB 0 52 192.168.0.17:22 192.168.0.2:49899
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6010 :::*