Summary:
Socket Statistics( ) ssCommand is similar to netstatthat used to display a variety of useful information network sockets.
Look for a long time, it has been noticed netstatthat the command procedure is obsolete. So instead of netstata sscommand. A new sscommand to use must be a little strange, but ssmany options and netstatsimilar use of options, but we will see some differences.
ssCommand is Linux CentOS 7the iproutepart of the package, it has been installed by default.
In general, an IP address is a network socket, transport protocol and port defined. Such compositions form an aspect of two-way connection. For example: a Web server may be listening 172.28.204.62:80incoming connections on TCP, which is a socket. But should be noted that one of the endpoint is not connected to the socket itself, but the connection.
Here I explain how to use the sscommand to view a variety of information. Specific use the following syntax:
ss [options] [ FILTER ]1. List the connection has been established
By default, if we run the sscommand without specifying other options, it displays a list of all non-listening socket open a connection has been established, for example TCP, UDPor UNIXa socket.
[root@renwolecom ~]# ss | head -n 5
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 19098 * 18222
u_str ESTAB 0 0 * 19441 * 19440
u_str ESTAB 0 0 * 19440 * 19441
u_str ESTAB 0 0 * 19396 * 193972. Display listening sockets
We can use -lthe options listed in a special socket is currently listening connection, instead of listing all of the sockets.
[root@renwolecom ~]# ss -lt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:http *:*
LISTEN 0 100 127.0.0.1:smtp *:*
LISTEN 0 128 *:entexthigh *:*
LISTEN 0 128 172.28.204.62:zabbix-trapper *:*
LISTEN 0 128 127.0.0.1:cslistener *:*
LISTEN 0 80 :::mysql :::*
LISTEN 0 100 ::1:smtp :::*
LISTEN 0 128 :::entexthigh :::*In this example, we also use the -toption lists only TCP, which will be described in detail later. In the latter case, you will see I will combine a variety of options to quickly filter out, so as to achieve our objective.
3. Display process
We can -pprint out the process or have the socket option PIDnumber.
[root@renwolecom ~]# ss -pl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 :::http :::* users:(("httpd",pid=10522,fd=4),("httpd",pid=10521,fd=4),("httpd",pid=10520,fd=4),("httpd",pid=10519,fd=4),("httpd",pid=10518,fd=4),("httpd",pid=10516,fd=4))In the example above, I've only listed a result, no further option, because ssof the complete output to print out more than 500 lines to standard output. So I just listed a result of this we can see various running on the server Apacheprocess ID.
4. not resolve service name
By default, ssonly resolving port number, for example, in the following lines, we can see that 172.28.204.62:mysql, which is listed as a local mysql port.
[root@renwolecom ~]# ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 0 ::ffff:172.28.204.62:mysql ::ffff:172.28.204.62:38920
tcp ESTAB 0 0 ::ffff:172.28.204.62:mysql ::ffff:172.28.204.62:51598
tcp ESTAB 0 0 ::ffff:172.28.204.62:mysql ::ffff:172.28.204.62:51434
tcp ESTAB 0 0 ::ffff:172.28.204.62:mysql ::ffff:172.28.204.62:36360However, if we specify -noptions, see the port number rather than service name.
[root@renwolecom ~]# ss -n
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 0 ::ffff:172.28.204.62:3306 ::ffff:172.28.204.62:38920
tcp ESTAB 0 0 ::ffff:172.28.204.62:3306 ::ffff:172.28.204.62:51598
tcp ESTAB 0 0 ::ffff:172.28.204.62:3306 ::ffff:172.28.204.62:51434
tcp ESTAB 0 0 ::ffff:172.28.204.62:3306 ::ffff:172.28.204.62:36360Now show 3306, instead of mysql, since disabled the host name and the names of all ports resolved. In addition, you can also view /etc/servicesget a list of all the services corresponding port.
5. Parse the digital address / port
Use -rcan resolve the IP address and port number options. With this method you can list 172.28.204.62the host name of the server.
[root@renwolecom ~]# ss -r
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 0 renwolecom:mysql renwolecom:481346.IPv4 socket
We can -4only display the option IPv4information corresponding socket. In the following example, we use the -loption lists IPv4all the content on the address to listen.
[root@renwolecom ~]# ss -l4
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 *:http *:*
tcp LISTEN 0 100 127.0.0.1:smtp *:*
tcp LISTEN 0 128 *:entexthigh *:*
tcp LISTEN 0 128 172.28.204.62:zabbix-trapper *:*
tcp LISTEN 0 128 127.0.0.1:cslistener *:*7.IPv6 socket
Similarly, we can use the -6option to display only the IPv6information of all sockets. In the following example, we use the -loption lists IPv6all the content on the address to listen.
[root@renwolecom ~]# ss -l6
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 :::ipv6-icmp :::*
udp UNCONN 0 0 :::ipv6-icmp :::*
udp UNCONN 0 0 :::21581 :::*
tcp LISTEN 0 80 :::mysql :::*
tcp LISTEN 0 100 ::1:smtp :::*
tcp LISTEN 0 128 :::entexthigh :::*
8. Display only TCP
-tOption to display only TCP sockets. When and -lwhen combined print out only the listening socket, we can see all listening on TCP content.
[root@renwolecom ~]# ss -lt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:http *:*
LISTEN 0 100 127.0.0.1:smtp *:*
LISTEN 0 128 *:entexthigh *:*
LISTEN 0 128 172.28.204.62:zabbix-trapper *:*
LISTEN 0 128 127.0.0.1:cslistener *:*
LISTEN 0 80 :::mysql :::*
LISTEN 0 100 ::1:smtp :::*
LISTEN 0 128 :::entexthigh :::*
The display UDP
-uOption can be used to display only UDP sockets. Because UDP is a connectionless protocol, so only the operation -uoption not to be displayed, it can be construed with -aor -loption combination, to view all UDP socket listener, as follows:
[root@renwolecom ~]# ss -ul
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:sunwebadmins *:*
UNCONN 0 0 *:etlservicemgr *:*
UNCONN 0 0 *:dynamid *:*
UNCONN 0 0 *:9003 *:*
UNCONN 0 0 *:9004 *:*
UNCONN 0 0 127.0.0.1:terabase *:*
UNCONN 0 0 *:56803 *:*
10. Unix socket
-xOption can only be used to display the unix domain sockets.
[root@renwolecom ~]# ss -x
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 /tmp/zabbix_server_preprocessing.sock 23555 * 21093
u_str ESTAB 0 0 /tmp/zabbix_server_ipmi.sock 20155 * 19009
u_str ESTAB 0 0 /tmp/zabbix_server_preprocessing.sock 19354 * 22573
u_str ESTAB 0 0 /tmp/zabbix_server_preprocessing.sock 21844 * 19375
...
11. All information displayed
-aOption displays all listening and non-listening socket, in the case of TCP, which means that the connection has been established. This option combined with others is useful, for example, you can add -athe option to display all of the UDP socket, by default only -uoption we do not see much information.
[root@renwolecom ~]# ss -u
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 172.28.204.66:36371 8.8.8.8:domain
[root@renwolecom ~]# ss -ua
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:sunwebadmins *:*
UNCONN 0 0 *:etlservicemgr *:*
UNCONN 0 0 *:dynamid *:*
UNCONN 0 0 *:9003 *:*
UNCONN 0 0 *:9004 *:*
UNCONN 0 0 127.0.0.1:terabase *:*
UNCONN 0 0 *:56803 *:*
ESTAB 0 0 172.28.204.66:36371 8.8.8.8:domain
The display memory usage sockets
-mOption can be used to display the amount of memory used by each socket.
[root@renwolecom ~]# ss -ltm
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:http *:*skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
LISTEN 0 100 127.0.0.1:smtp *:*skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
LISTEN 0 128 *:entexthigh *:*skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
LISTEN 0 128 172.28.204.62:zabbix-trapper *:*skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
LISTEN 0 128 127.0.0.1:cslistener *:*skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
LISTEN 0 80 :::mysql :::*skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
LISTEN 0 100 ::1:smtp :::*skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
LISTEN 0 128 :::entexthigh :::*skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0)
The display information of the internal TCP
We can use the -ioption to request additional internal TCP information.
[root@renwolecom ~]# ss -lti
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:chimera-hwm *:* bbr cwnd:10
LISTEN 0 128 *:etlservicemgr *:* bbr cwnd:10
LISTEN 0 128 172.28.204.66:27017 *:* bbr cwnd:10
LISTEN 0 128 127.0.0.1:27017 *:* bbr cwnd:10
LISTEN 0 128 *:dynamid *:* bbr cwnd:10
LISTEN 0 128 *:9003 *:* bbr cwnd:10
LISTEN 0 128 *:9004 *:* bbr cwnd:10
LISTEN 0 128 *:http *:* bbr cwnd:10
LISTEN 0 128 *:ssh *:* bbr cwnd:10
LISTEN 0 100 127.0.0.1:smtp *:* bbr cwnd:10
LISTEN 0 128 *:sunwebadmins *:* bbr cwnd:10
LISTEN 0 128 :::ssh :::* bbr cwnd:10
In each of the listening socket below, we can see more information. Note: The -ioption does not apply to UDP, if you specify -u, rather -t, it will not display this additional information.
14. Displays statistics
We can use the -soption to quickly view statistics.
[root@renwolecom ~]# ss -s
Total: 798 (kernel 1122)
TCP: 192 (estab 99, closed 81, orphaned 0, synrecv 0, timewait 1/0), ports 0
Transport Total IP IPv6
* 1122 - -
RAW 1 0 1
UDP 0 0 0
TCP 111 59 52
INET 112 59 53
FRAG 0 0 0
This allows us to quickly see the total number of counts and the use of established connections, and various types of sockets IPv4 or IPv6.
15 based on the state of the filter
We can specify a socket status, print only socket in the state. For example, we can specify include already established, established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, closed-wait, last-ack monitor and shut and other states. The following example shows all TCP connection establishment. To generate this, I connect via SSH to a server, and load a page from Apache. Then we can see the connection with the Apache quickly into the waiting time.
[root@renwolecom ~]# ss -t state established
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 52 172.28.204.67:ssh 123.125.71.38:49518
0 0 ::ffff:172.28.204.67:http ::ffff:123.125.71.38:49237
[root@renwolecom ~]# ss -t state established
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 172.28.204.67:ssh 103.240.143.126:55682
0 52 172.28.204.67:ssh 123.125.71.38:49518
0 0 ::ffff:172.28.204.67:http ::ffff:123.125.71.38:49262
16. A filter according to the port number
It can also be listed by filtration less than (lt), greater than (gt), equal to (eq), not equal (ne), less than or equal to (le), or greater than or equal (GE) of all ports.
For example, the following command to display all listening port 500 or port number is the following:
[root@renwolecom ~]# ss -ltn sport le 500
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 100 ::1:25 :::*
For comparison, we can perform the reverse operation, and view all the ports greater than 500:
[root@renwolecom ~]# ss -ltn sport gt 500
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:12002 *:*
LISTEN 0 128 172.28.204.62:10051 *:*
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 80 :::3306 :::*
LISTEN 0 128 :::12002 :::*
We can also filter based on the source or destination port other items, for example, we search for a TCP socket source port SSH is running:
[root@renwolecom ~]# ss -t '( sport = :ssh )'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 172.28.204.66:ssh 123.125.71.38:50140
The display context SELinux
-Z`与`-z`选项可用于显示套接字的SELinux安全上下文。 在下面的例子中,我们使用`-t`和-l`选项来列出侦听的TCP套接字,使用-Z选项我们也可以看到SELinux的上下文。
[root@renwolecom ~]# ss -tlZ
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:sunrpc *:*
users:(("systemd",pid=1,proc_ctx=system_u:system_r:init_t:s0,fd=71))
LISTEN 0 5 172.28.204.62:domain *:*
users:(("dnsmasq",pid=1810,proc_ctx=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023,fd=6))
LISTEN 0 128 *:ssh *:*
users:(("sshd",pid=1173,proc_ctx=system_u:system_r:sshd_t:s0-s0:c0.c1023,fd=3))
LISTEN 0 128 127.0.0.1:ipp *:*
users:(("cupsd",pid=1145,proc_ctx=system_u:system_r:cupsd_t:s0-s0:c0.c1023,fd=12))
LISTEN 0 100 127.0.0.1:smtp *:*
users:(("master",pid=1752,proc_ctx=system_u:system_r:postfix_master_t:s0,fd=13))
18. The display version number
-vOption can be used to display ssspecific version information about the command, in this case, we can see that offer ssa iprouteversion of the package.
[root@renwolecom ~]# ss -v
ss utility, iproute2-ss130716
19. The display help document information
-hOptions can be used to display information about ssfurther assistance command, if you need some of the most commonly used options a short description, it can be used as a quick reference. Note: This does not enter the full list.
[root@renwolecom ~]# ss -h
Usage: ss [ OPTIONS ]20. The display extended information
We can use the -eoption to display the details of the extension, as shown below, we can see the extended information attached to each end of the line.
[root@renwolecom ~]# ss -lte
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:sunrpc *:* ino:16090 sk:ffff880000100000 <->
LISTEN 0 5 172.28.204.62:domain *:* ino:23750 sk:ffff880073e70f80 <->
LISTEN 0 128 *:ssh *:* ino:22789 sk:ffff880073e70000 <->
LISTEN 0 128 127.0.0.1:ipp *:* ino:23091 sk:ffff880073e707c0 <->
LISTEN 0 100 127.0.0.1:smtp *:* ino:24659 sk:ffff880000100f80 <->21. A display timer information
-oThe timer option can be used to display information. This information shows us such as retransmission timer value, the number of re-transmissions have occurred, and sent keepalivethe number of probes.
[root@renwolecom ~]# ss -to
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 52 172.28.204.67:ssh 123.125.71.38:49518timer:(on,406ms,0)
LAST-ACK 0 1 172.28.204.67:ssh 103.240.143.126:49603timer:(on,246ms,0)to sum up:
Now you should sshave a preliminary understanding. If you want to use sscommands to quickly check a variety of information about the socket, it is recommended that you review ssthe relevant manual.
Original: https: //renwole.com/archives/814