hopeless-dream

导航

ss命令详解

命令作用

  ss命令用于显示socket状态. 他可以显示PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets等等统计. 它比其他工具展示等多tcp和state信息. 它是一个非常实用、快速、有效的跟踪IP连接和sockets的新工具.SS命令可以提供如下信息:

  • 所有的TCP sockets
  • 所有的UDP sockets
  • 所有ssh/ftp/ttp/https持久连接
  • 所有连接到Xserver的本地进程
  • 使用state(例如:connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT)、地址、端口过滤
  • 所有的state FIN-WAIT-1 tcpsocket连接以及更多

  当服务器的socket连接数量变得非常大时,无论是使用netstat命令还是直接cat /proc/net/tcp,执行速度都会很慢。可能你不会有切身的感受,但请相信我,当服务器维持的连接达到上万个的时候,使用netstat等于浪费 生命,而用ss才是节省时间。

  ss之所以快,它利用到了TCP协议栈中tcp_diag。tcp_diag是一个用于分析统计的模块,可以获得Linux 内核中第一手的信息,这就确保了ss的快捷高效。当然,如果你的系统中没有tcp_diag,ss也可以正常运行,只是效率会变得稍慢。

  比较ss和netstat的效率:

 

[root@node1 ~]# time netstat -tan|grep -i estab |wc -l
127

real	0m0.600s
user	0m0.048s
sys	0m0.312s
[root@node1 ~]# time ss -tan|grep -i estab |wc -l
126

real	0m0.028s
user	0m0.001s
sys	0m0.007s

  从结果可以看出ss比netstat效率快了一个数量级。

ss 常用的参数

-h:显示帮助信息;
-V:显示指令版本信息;
-n:不解析服务名称,以数字方式显示;
-a:显示所有的套接字;
-l:显示处于监听状态的套接字;
-o:显示计时器信息;
-m:显示套接字的内存使用情况;
-p:显示使用套接字的进程信息;
-i:显示内部的TCP信息;
-4:只显示ipv4的套接字;
-6:只显示ipv6的套接字;
-t:只显示tcp套接字;
-u:只显示udp套接字;
-d:只显示DCCP套接字;
-w:仅显示RAW套接字;
-x:仅显示UNIX域套接字。
 -A, --query=QUERY, --socket=QUERY
     QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
 
 -D, --diag=FILE      #将关于TCP套接字的原始信息转储到文件中
 -F, --filter=FILE   #使用此参数指定的过滤规则文件,过滤某种状态的连接
    FILTER := [ state TCP-STATE ] [ EXPRESSION ]

  

  -s选项:显示socket概要信息

   列出当前的established, closed, orphaned and time-wait TCP sockets

[root@node1 ~]# ss -s
Total: 759 (kernel 1071)
TCP:   174 (estab 87, closed 31, orphaned 0, synrecv 0, timewait 29/0), ports 0

Transport Total     IP        IPv6
*	  1071      -         -        
RAW	  1         0         1        
UDP	  10        6         4        
TCP	  143       108       35       
INET	  154       114       40       
FRAG	  0         0         0

  查看所有监听状态的连接

[root@node1 ~]# ss -l
Netid  State      Recv-Q Send-Q             Local Address:Port                              Peer Address:Port                            
tcp    LISTEN     0      128                    10.0.0.61:fs-agent                                     *:*                    
tcp    LISTEN     0      50                             *:7180                                         *:*                    
tcp    LISTEN     0      128                    10.0.0.61:1004                                         *:*                    
tcp    LISTEN     0      128                            *:50060                                        *:*                    
tcp    LISTEN     0      50                             *:bmcpatrolagent                               *:*                    
tcp    LISTEN     0      128                    127.0.0.1:45677                                        *:*                    
tcp    LISTEN     0      50                             *:7182                                         *:*                    
tcp    LISTEN     0      50                     10.0.0.61:1006                                         *:*                    
tcp    LISTEN     0      128                            *:50030                                        *:*                    
tcp    LISTEN     0      128                            *:sunrpc                                       *:*                    
tcp    LISTEN     0      50                             *:ndmp                                         *:*                    
tcp    LISTEN     0      128                    10.0.0.61:19888                                        *:*                    
tcp    LISTEN     0      128                    10.0.0.61:10033                                        *:*                    
tcp    LISTEN     0      5                              *:vop                                          *:*                                       
tcp    LISTEN     0      128                    10.0.0.61:oa-system                                    *:*                    
tcp    LISTEN     0      128                    10.0.0.61:50070                                        *:*                    
tcp    LISTEN     0      5                      127.0.0.1:7190                                         *:*                    
tcp    LISTEN     0      128                            *:ssh                                          *:*                    
tcp    LISTEN     0      5                              *:7191                                         *:*                    
tcp    LISTEN     0      100                            *:irisa                                        *:*                    
tcp    LISTEN     0      128                    10.0.0.61:radan-http                                   *:*                    
tcp    LISTEN     0      1                      127.0.0.1:metasys                                      *:*                    
tcp    LISTEN     0      50                             *:44697                                        *:*                    
tcp    LISTEN     0      128                    127.0.0.1:19001                                        *:*                    
tcp    LISTEN     0      100                    127.0.0.1:smtp                                         *:*                    
tcp    LISTEN     0      128                            *:13562                                        *:*                    
tcp    LISTEN     0      50                             *:emc-pp-mgmtsvc                               *:*                    
tcp    LISTEN     0      80                            :::mysql                                       :::*                    
tcp    LISTEN     0      128                           :::sunrpc                                      :::*                    
tcp    LISTEN     0      128                           :::http                                        :::*                    
tcp    LISTEN     0      5                             :::4434                                        :::*                    
tcp    LISTEN     0      128                           :::ssh                                         :::*                    
tcp    LISTEN     0      5                             :::7191                                        :::*                    
tcp    LISTEN     0      100                          ::1:smtp                                        :::*                    
tcp    LISTEN     0      128                           :::https                                       :::*

  查看进程使用的套接字

[root@node1 ~]# ss -pl
Netid  State      Recv-Q Send-Q             Local Address:Port                              Peer Address:Port                
tcp    LISTEN     0      128                    10.0.0.61:fs-agent                                     *:*                     users:(("java",pid=3544,fd=216))
tcp    LISTEN     0      50                             *:7180                                         *:*                     users:(("java",pid=1182,fd=261))
tcp    LISTEN     0      128                    10.0.0.61:1004                                         *:*                     users:(("jsvc",pid=4435,fd=166))
tcp    LISTEN     0      128                            *:50060                                        *:*                     users:(("java",pid=2580,fd=157))
tcp    LISTEN     0      50                             *:bmcpatrolagent                               *:*                     users:(("java",pid=2620,fd=37))
tcp    LISTEN     0      128                    127.0.0.1:45677                                        *:*                     users:(("java",pid=2580,fd=147))
tcp    LISTEN     0      50                             *:7182                                         *:*                     users:(("java",pid=1182,fd=247))
tcp    LISTEN     0      50                     10.0.0.61:1006                                         *:*                     users:(("jsvc",pid=4435,fd=168))
tcp    LISTEN     0      128                            *:50030                                        *:*                     users:(("java",pid=3050,fd=154))
tcp    LISTEN     0      128                            *:sunrpc                                       *:*                     users:(("rpcbind",pid=535,fd=4),("systemd",pid=1,fd=36))
tcp    LISTEN     0      50                             *:ndmp                                         *:*                     users:(("java",pid=2451,fd=378))
tcp    LISTEN     0      128                    10.0.0.61:19888                                        *:*                     users:(("java",pid=3546,fd=191))
tcp    LISTEN     0      128                    10.0.0.61:10033                                        *:*                     users:(("java",pid=3546,fd=180))
tcp    LISTEN     0      5                              *:vop                                          *:*                     users:(("python2.7",pid=1772,fd=8))
tcp    LISTEN     0      50                             *:documentum                                   *:*                     users:(("java",pid=2451,fd=379))
tcp    LISTEN     0      50                             *:sdr                                          *:*                     users:(("java",pid=2620,fd=23))
tcp    LISTEN     0      128                    10.0.0.61:qbdb                                         *:*                     users:(("java",pid=3031,fd=180))
tcp    LISTEN     0      128                    10.0.0.61:intu-ec-svcdisc                              *:*                     users:(("java",pid=3075,fd=206))
tcp    LISTEN     0      128                    10.0.0.61:intu-ec-client                               *:*                     users:(("java",pid=3050,fd=143))
tcp    LISTEN     0      50                             *:macbak                                       *:*                     users:(("java",pid=2620,fd=35))
tcp    LISTEN     0      50                             *:ezmeeting-2                                  *:*                     users:(("java",pid=2643,fd=233))
tcp    LISTEN     0      128                    10.0.0.61:oa-system                                    *:*                     users:(("java",pid=3075,fd=183))
tcp    LISTEN     0      128                    10.0.0.61:50070                                        *:*                     users:(("java",pid=3075,fd=177))
tcp    LISTEN     0      5                      127.0.0.1:7190                                         *:*                     users:(("python2.7",pid=1772,fd=14))
tcp    LISTEN     0      128                            *:ssh                                          *:*                     users:(("sshd",pid=773,fd=3))
tcp    LISTEN     0      5                              *:7191                                         *:*                     users:(("python2.7",pid=1772,fd=7))
tcp    LISTEN     0      100                            *:irisa                                        *:*                     users:(("java",pid=2435,fd=265))
tcp    LISTEN     0      128                    10.0.0.61:radan-http                                   *:*                     users:(("java",pid=3440,fd=177))
tcp    LISTEN     0      1                      127.0.0.1:metasys                                      *:*                     users:(("java",pid=2435,fd=279))
tcp    LISTEN     0      50                             *:44697                                        *:*                     users:(("java",pid=2620,fd=24))
tcp    LISTEN     0      128                    127.0.0.1:19001                                        *:*                     users:(("python",pid=1557,fd=4))
tcp    LISTEN     0      100                    127.0.0.1:smtp                                         *:*                     users:(("master",pid=1225,fd=13))
tcp    LISTEN     0      128                            *:13562                                        *:*                     users:(("java",pid=3544,fd=215))
tcp    LISTEN     0      50                             *:emc-pp-mgmtsvc                               *:*                     users:(("java",pid=2444,fd=378))
tcp    LISTEN     0      80                            :::mysql                                       :::*                     users:(("mysqld",pid=1181,fd=63))
tcp    LISTEN     0      128                           :::sunrpc                                      :::*

  列出所有ssh连接中state为estab的连接

[root@node1 ~]# ss -o state established '( sport = :22 )'
Netid  Recv-Q Send-Q                  Local Address:Port                                   Peer Address:Port                
tcp    0      0                           10.0.0.61:ssh                                        10.0.0.1:park-agent            timer:(keepalive,2min28sec,0)
[root@node1 ~]# ss -o state established '( sport = :ssh )'
Netid  Recv-Q Send-Q                  Local Address:Port                                   Peer Address:Port                
tcp    0      0                           10.0.0.61:ssh                                        10.0.0.1:park-agent            timer:(keepalive,1min57sec,0)

  列出所有http的连接

[root@node1 ~]# ss -o state established '( sport = :http or dport = :http )'

  

  ss列出本地哪个进程连接到x server

 

[root@node1 ~]# ss -x src /tmp/.X11-unix/* 

   

  ss列出处在FIN-WAIT-1状态的http、https连接

 

[root@node1 ~]# ss -o state fin-wait-1 '( sport = :http or sport = :https )'

 

  ss常用的state状态:   

 

established
syn-sent
syn-recv
fin-wait-1
fin-wait-2
time-wait
closed
close-wait
last-ack
listen
closing
all : All of  the above states
connected: all the states except for listen and closed
synchronized - all the connected states except for syn-sent
bucket - states, which are maintained as minisockets, i.e.  time-wait and syn-recv
big - opposite to bucket

 ss使用IP地址进行筛选

ss src ADDRESS_PATTERN:proto/port
src   表示源地址
dst   表示目标地址
ADDRESS_PATTERN  表示地址规则(可以是一个地址段)
proto/port  为协议或者端口

示例:

1、列出所有源地址为10.0.0.61的连接

[root@node1 ~]# ss src 10.0.0.61
Netid  State      Recv-Q Send-Q             Local Address:Port                                      Peer Address:Port                
udp    ESTAB      0      0                      10.0.0.61:51808                                    10.0.0.62:kerberos             
tcp    ESTAB      0      0                      10.0.0.61:55082                                10.0.0.61:mysql                
tcp    FIN-WAIT-2 0      0                      10.0.0.61:44396                                10.0.0.61:eforward             
tcp    ESTAB      0      0                      10.0.0.61:54070                                10.0.0.61:mysql                
tcp    ESTAB      0      0                      10.0.0.61:51742                                10.0.0.61:7182    

2、列出所有源地址是10.0.0.61的mysql连接

[root@node1 ~]# ss src 10.0.0.61:mysql
Netid  State      Recv-Q Send-Q             Local Address:Port                              Peer Address:Port                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54066                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:55154                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54926                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54068                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:42944                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:44244                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54150                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54920                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:55408                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54924      

3、列出所有目标地址是10.0.0.61的mysql连接

[root@node1 ~]# ss dst 10.0.0.61:3306
Netid  State      Recv-Q Send-Q             Local Address:Port                              Peer Address:Port                
tcp    ESTAB      0      0                      10.0.0.61:55082                                10.0.0.61:mysql                
tcp    ESTAB      0      0                      10.0.0.61:54070                                10.0.0.61:mysql                
tcp    ESTAB      0      0                      10.0.0.61:54922                                10.0.0.61:mysql                
tcp    ESTAB      0      0                      10.0.0.61:55152                                10.0.0.61:mysql                
tcp    ESTAB      0      0                      10.0.0.61:54928                                10.0.0.61:mysql                
tcp    ESTAB      0      0                      10.0.0.61:39996                                10.0.0.61:mysql

 筛选端口

ss dport/sport  OP  PORT
OP:运算符
PORT:端口
dport/sport: 过滤的目标/源端口

运算符有:
<= or le:      小于等于
>= or ge:   大于等于
== or eq:     等于
!= :             不等于
< or lt:       小于
> or gt:       大于

示例:
[root@node1 ~]# ss sport = :mysql
Netid  State      Recv-Q Send-Q             Local Address:Port                              Peer Address:Port                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54066                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:55154                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54926                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54068     


[root@node1 ~]# ss sport = :3306
Netid  State      Recv-Q Send-Q             Local Address:Port                              Peer Address:Port                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54066                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:55154       

[root@node1 ~]# ss dport \> :1024
Netid  State      Recv-Q Send-Q             Local Address:Port                              Peer Address:Port                
u_str  ESTAB      0      0                              * 16252                                        * 16253                
u_str  ESTAB      0      0                              * 35028                                        * 35027                
u_str  ESTAB      0      0                              * 16791                                        * 16813                
u_str  ESTAB      0      0                              * 297984                                       * 299009  

[root@node1 ~]# ss sport \> :20000
Netid  State      Recv-Q Send-Q             Local Address:Port                              Peer Address:Port                
u_str  ESTAB      0      0                              * 35028                                        * 35027                
u_str  ESTAB      0      0                              * 297984                                       * 299009               
u_str  ESTAB      0      0                              * 41350                                        * 0                    
u_str  ESTAB      0      0                              * 23010                                        * 23009                
u_str  ESTAB      0      0                              * 38302                                        * 0                    
u_str  ESTAB      0      0                              * 37222                                        * 0          

[root@node1 ~]# ss \( sport = :mysql or sport = :ssh \)
Netid  State      Recv-Q Send-Q             Local Address:Port                              Peer Address:Port                
tcp    ESTAB      0      0                      10.0.0.61:ssh                                   10.0.0.1:5449                 
tcp    ESTAB      0      0                      10.0.0.61:ssh                                   10.0.0.1:6034                 
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54066                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:55154                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54926                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54068                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:50806                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:42944                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:44244     

[root@node1 ~]# ss state connected sport = :mysql
Netid  State      Recv-Q Send-Q             Local Address:Port                              Peer Address:Port                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54066                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:55154                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54926                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54068                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:50806                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:42944                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:44244                
tcp    ESTAB      0      0               ::ffff:10.0.0.61:mysql                         ::ffff:10.0.0.61:54150     

[root@node1 ~]# ss -o state fin-wait-1 \( dport = :mysql or sport = :ssh \)
或者用单引号的形式
[root@node1 ~]# ss -o state fin-wait-1 '( dport = :mysql or sport = :ssh )'

  

显示连接 X server服务器的进程

 

[root@node1 ~]# ss -x src /tmp/.X11-unix/*

  

 

posted on 2019-11-01 21:45  hopeless-dream  阅读(1136)  评论(0编辑  收藏  举报