A linux command per day (57): ss command

ss is short for Socket Statistics​. As the name suggests, the ss command can be used to get socket statistics, which can display something similar to netstat. But the advantage of ss is that it can display more and more detailed information about TCP and connection status, and it is faster and more efficient than netstat.
When the number of socket connections of the server becomes very large, whether using the netstat command or directly cat /proc/net/tcp, the execution speed will be very slow. You may not feel it personally, but believe me, when the server maintains tens of thousands of connections, using netstat is a waste of life, and using ss is a time saver.
UI. The secret of fast ss is that it uses tcp_diag in the TCP protocol stack. tcp_diag is a module for analyzing statistics, which can obtain first-hand information in the Linux kernel, which ensures the fast and efficient ss. Of course, if you don't have tcp_diag in your system, ss will work fine, but the efficiency will be slightly slower. (But still faster than netstat.)
1. Command format:
ss [parameter]
ss [parameter] [filter]
2. Command function: The
ss (abbreviation of Socket Statistics) command can be used to obtain socket statistics. The output of this command is The result is similar to the netstat output, but it can display more detailed information about the TCP connection status and is faster and more efficient than netstat. It uses tcp_diag (a module for analyzing statistics) in the TCP protocol stack, and can directly obtain first-hand kernel information, which makes the ss command fast and efficient. ss works fine without tcp_diag.
3. Command parameters:
-h, --help help information
-V, --version #p#page title#e#program version information
-n, --numeric do not resolve service names
-r, --resolve resolve hostnames
-a, --all show all sockets (sockets)
-l, --listening show sockets in listening state
- o, --options show timer information
-e, --extended show detailed socket information
-m, --memory show socket memory usage
-p, --processes show usage Process of socket (socket)
-i, --info show TCP internal information
-s, --summary show socket (socket) usage overview
-4, --ipv4 show only IPv4 sockets (sockets)
- 6, --ipv6 show only IPv6 sockets (sockets)
#p#page title#e#-0, --packet show PACKET sockets (sockets)
-t, --tcp show only TCP sockets (sockets ) )
-u, --udp only show UCP sockets (sockets)
-d, --dccp only show DCCP sockets (sockets)
-w, --raw only show RAW sockets (sockets)
-x, - -unix show only Unix sockets (sockets)
-f, --family=FAMILY Display sockets of type FAMILY, FAMILY is optional, supports unix, inet, inet6, link, netlink
-A, --query=QUERY, --socket=QUERY
      QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
-D, --diag=FILE Dump raw TCP sockets (sockets) to file
-F, --filter= FILE go to the filter information from the file
       FILTER := [ state TCP-STATE ] [ EXPRESSION ]

4.#p#page title #e#Use example:
Example 1: Display TCP connection
Command :
ss -t -a
output:

copy code
[root@localhost ~]# ss -t -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port  
LISTEN 0 0 127.0.0.1:smux *:*      
LISTEN 0 0 *:3690 *:*      
LISTEN 0 0 *:ssh *:* #p#page title#e#
ESTAB 0 0 192.168.120.204:ssh 10.2.0.68:49368  
[ root@localhost ~]#
Copy code
Description :

Example 2: Display Sockets summary
Command :
ss -s
Output:

Copy code
[root@localhost ~]# ss -s
Total: 34 (kernel 48)
TCP: 4 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 3

Transport Total IP IPv6
* 48 - -       
RAW 0 0 0 #p#page header#e#
UDP 5 5 0       
TCP 4 4 0       
INET 9 9 0       
FRAG 0 0 0       

[root@localhost ~] #Copy
code
Description :
List the current established, closed, orphaned and waiting TCP sockets

Instance 3: List all open network connection ports
Command :
ss -l
output :

copy code
[root@localhost ~]# ss -l
Recv-Q Send-Q Local Address:Port Peer Address:Port #p#Page Title#e#
0 0 127.0.0.1:smux *:*      
0 0 *:3690 *:*      
0 0 *:ssh *:*      
[root@ localhost ~] 
#Copy code
Description :

Example 4: View the socket
command used by the process:
ss -pl
output:
#p#Page title#e#

Copy code
[root@localhost ~]# ss -pl
Recv-Q Send-Q                                     Local Address:Port                                         Peer Address:Port  
0      0                                              127.0.0.1:smux                                                    *:*        users:(("snmpd",2716,8))
0      0                                                      *:3690                                                    *:*        users:(("svnserve",3590,3))
0      0                                                      *:ssh                                                     *:*        users:((#p#分页标题#e#"sshd",2735,3)) Copy code Output: ss -lp | grep 3306 Example 5: Find out the open socket/port application Command #Copy code Description
[root@localhost ~]









[root@localhost ~]# ss -lp|grep 1935
0 0 *:1935 *:* users:(("fmsedge",2913,18))
0 0 127.0.0.1:19350 *:* users:((#p #Pagination title#e#"fmsedge",2913,17))
[root@localhost ~]# ss -lp|grep 3306
0 0 *:3306 *:* users:(("mysqld",2871,10))
[root @localhost ~]#
Copy code
Description :

Example 6: Display all UDP Sockets
Command:
ss -u -a
Output:

Copy code
[root@localhost ~]# ss -u -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port #p#Page Title#e#
UNCONN 0 0 127.0.0.1:syslog *:*      
UNCONN 0 0 *:snmp *:*      
ESTAB 0 0 192.168.120.203:39641 10.58.119.119:domain
[root@localhost ~] #Copy
code
Description :

Example 7: Display all status For established SMTP connection
Command :
ss -o state established '( dport = :smtp or sport = :smtp )'
Output:

[root@localhost ~]#p#page title#e## ss -o state established '( dport = :smtp or sport = :smtp )'
Recv-Q Send-Q Local Address:Port Peer Address:Port  
[root@localhost ~]#Description
:

Example 8: Display all HTTP connections whose status is Established
Command :
ss -o state established '( dport = :http or sport = :http )'
output:

[root@localhost ~]# ss -o state established '( dport = :http or sport = :http )'
Recv-Q Send-Q Local Address:Port Peer Address:Port  
0 0 75.126.153.214 :2164 192.168.10.42:http #p#Page title#e#
[root@localhost ~]#Description
:

Example 9: List all tcp sockets whose source port is 80 or 443 in FIN-WAIT-1 state, and whose destination network is 193.233.7/24
Command :
ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24
Output:
Description:

Example 10: Filter Sockets with TCP state:
Command:
ss -4 state FILTER-NAME-HERE
ss -6 state FILTER-NAME-HERE
Output:
[root @localhost ~]#ss -4 state closing
Recv-Q Send-Q Local Address:Port Peer Address:Port #p#page title#e#
1 11094 75.126.153.214:http 192.168.10.42:4669

Description:
FILTER-NAME-HERE Can represent any of the following:
established
syn-sent
syn-recv
fin-wait-1
fin-wait-2
time-wait
closed
close-wait
last-ack
listen
closing

all : all above states
connected : all states except listen and closed
synchronized : all connected states Except for syn-sent
bucket : Display status as maintained as minisockets, such as: time-wait and syn-recv. #p#page title #e#
big : Contrary to bucket.

Example 11: Match remote address and port number
Command :
ss dst ADDRESS_PATTERN
ss dst 192.168.1.5
ss dst 192.168.119.113:http
ss dst 192.168.119.113:smtp
ss dst 192.168.119.113:443
output:

copy code
[root@localhost ~]# ss dst 192.168.119.1
State Recv-Q Send-Q Local Address:Port Peer Address:Port  
ESTAB 0 0 192.168.119.103:16014 192.168.119.113:20229   ESTAB
0 0 192.168.119.103:16014 192.168.119.113:61056 #p#page title#e
0 192.168.119.103:16014 192.168.119.113:61623  
ESTAB 0 0 192.168.119.103:16014 192.168.119.113:60924  
ESTAB      0      0                                   192.168.119.103:16050                                192.168.119.113:43701  
ESTAB      0      0                                   192.168.119.103:16073                                192.168.119.113:32930  
ESTAB      0      0                                   192.168.119.103:16073                                192.168.119.113:49318  
ESTAB      0      0                                   192.168.119.103:16014                                192.168.119.113:3844   
[root@localhost ~]# ss dst 192.168.119.113:http
State      Recv-Q Send-Q                                Local Address:Port                                    Peer Address:Port   #p#分页标题#e#
[root@localhost ~]# ss dst 192.168.119.113:3844
State Recv-Q Send-Q Local Address:Port Peer Address:Port  
ESTAB 0 0 192.168.119.103:16014 192.168.119.113:3844   
[root@localhost ~] #Copy
code
Description :

Example 12: Match local address and port number
Command :
the src ADDRESS_PATTERN SS SS the
src 192.168.119.103 SS
192.168.119.103:http the src SS 192.168.119.103:80 the src SS 192.168.119.103:smtp the src SS 192.168.119.103:25 the src output: # p # # e # tab title copy the code [root @ localhost ~]# ss src 192.168.119.103:16021







State      Recv-Q Send-Q                                Local Address:Port                                    Peer Address:Port  
ESTAB      0      0                                   192.168.119.103:16021                                192.168.119.201:63054  
ESTAB      0      0                                   192.168.119.103:16021                                192.168.119.201:62894  
ESTAB      0      0                                   192.168.119.103:16021                                192.168.119.201:63055  
ESTAB      0      0                                   192.168.119.103:16021                                192.168.119.201:2274   
ESTAB 0 0 192.168.119.103:16021 192.168.119.201:44784 # p # E # tab title # the
ESTAB 0 0 192.168.119.103:16021 192.168.119.201:7233   
the ESTAB 0 0 192.168.119.103:16021 192.168.119.103:58660  
the ESTAB 0 0 192.168 .119.103:16021 192.168.119.201:44822  
ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56737  
Estab 0 0 192.168.119.103:16021 10.2.1.206:57487  
ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56736  
ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64652 # p # page title # e #
Estab 0 0 192.168 .119.103:16021 10.2.1.206:56586  
ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64653  
ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56587  
[root@localhost ~] #Copy
code
Description :

Example 13: Compare a local or remote port with a number
Command :
ss dport OP PORT
ss sport OP PORT
output:
#p #Pagination title#e#
Copy code
[root@localhost ~]# ss sport = :http
[root@localhost ~]# ss dport = :http
[root@localhost ~]# ss dport \> :1024
[root@localhost ~] # ss sport \> :1024
[root@localhost ~]# ss sport \< :32000
[root@localhost ~]# ss sport eq :22
[root@localhost ~]# ss dport != :22
[root@localhost ~ ]# ss state connected sport = :http
[root@localhost ~]# ss \( ​​sport = :http or sport = :https \)
[root@localhost ~]# ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1/24Copy
code
Description :#p#page title#e#
ss dport OP PORT remote port is compared with a number; ss sport OP PORT local port is compared with a number.
OP can represent any of the following:
<= or le : less than or equal to the port number
>= or ge : greater than or equal to the port number
== or eq : equal to the port number
!= or ne : not equal to the port number
< or gt : less than the port number number
> or lt : greater than the port number

Example 14: Efficiency comparison between ss and netstat
Command:
time netstat -at
time ss
output:

copy code
[root@localhost ~]# time ss #p#page title#e#
real 0m0.739s
user 0m0 .019s
sys 0m0.013s
[root@localhost ~]#
[root@localhost ~]# time netstat -at
real 2m45.907s
user 0m0.063s
sys 0m0.067s
[root@localhost ~] #Copy
code


Description :
Use the time command to obtain the program and overview resources occupied by the netstat and ss commands respectively time used. When the number of server connections is relatively large, the efficiency of netstat cannot be compared with ss at all.

Reprinted in: http://www.itxuexiwang.com/a/liunxjishu/2016/0303/210.html?1457084072