ss often analyzes socket related analysis. Its function is similar to netstat, but faster and more powerful than netstat.
Common options:
- s: print out statistics
- t: print out tcp related information (the information of ESTAB phase is displayed by default)
- l: print out the connection related to listen
- n: do not resolve the domain name and display it in digital font
- 4: show only ipv4 connections
Usage example 1: Show socket connection statistics
[root@admin test]# ss -s Total: 195 (kernel 264) TCP: 16 (estab 8, closed 1, orphaned 0, synrecv 0, timewait 0/0), ports 0 Transport Total IP IPv6 * 264 - - RAW 0 0 0 UDP 5 4 1 TCP 15 14 1 INET 20 18 2 FRAG 0 0 0
Usage example 2: display connection related to ESTAB
[root@admin test]# ss -tn State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 172.17.219.185:53328 100.100.30.26:80 ESTAB 0 0 172.17.219.185:2233 222.65.55.232:50488 ESTAB 0 52 172.17.219.185:2233 222.65.55.232:51986 ESTAB 0 0 172.17.219.185:2233 222.65.55.232:53301 ESTAB 0 0 172.17.219.185:33964 47.99.169.39:443 ESTAB 0 0 172.17.219.185:33960 47.99.169.39:443 ESTAB 0 0 172.17.219.185:41384 47.99.169.39:80 ESTAB 0 0 172.17.219.185:2233 222.65.55.232:50612
Usage example 3: display LISTEN related connections
[root@admin test]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:27017 *:* LISTEN 0 100 *:8009 *:* LISTEN 0 100 *:8080 *:* LISTEN 0 128 *:80 *:* LISTEN 0 128 *:2233 *:* LISTEN 0 1 127.0.0.1:8005 *:* LISTEN 0 128 :::8091 :::*
Usage example 4: display only IPV4 related connections (excluding ipv6)
[root@admin test]# ss -tnl4 State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:27017 *:* LISTEN 0 100 *:8009 *:* LISTEN 0 100 *:8080 *:* LISTEN 0 128 *:80 *:* LISTEN 0 128 *:2233 *:* LISTEN 0 1 127.0.0.1:8005 *:*
Special note: it can be judged by the following explanation
When the socket is in the connected state,
Recv-Q indicates the number of bytes (that is, the length of the receive queue) that the socket buffer has not been fetched by the application.
Send-Q indicates the number of bytes that have not been confirmed by the remote host (that is, the length of the send queue).
When the socket is Listening,
Recv-Q: indicates how many full connection queues are currently used
Send-Q: the maximum value of the full connection queue
Note: the receiving and sending queues here are socket level and non system level.