What is it?
ss is the abbreviation of Socket Statistics. As the name implies, the ss command can be used to obtain socket statistics, which can display content similar to netstat. But the advantage of ss is that it can display more detailed information about TCP and connection status, and it is faster and more efficient than netstat.
ss's "brother":
- netstat command
- cat /proc/net/tcp
However, the above two commands, when the number of servers to maintain up, slow and inefficient execution!
ss makes use of tcp_diag in TCP protocol stack. tcp_diag is a module for analysis and statistics. It can get the first-hand information in Linux kernel, which ensures the speed and efficiency of ss (in the absence of tcp_diag, ss can also run normally).
ss and netstat efficiency comparison
Order:
time netstat -at
time ss
[root@localhost ~]# time ss real 0m0.739s user 0m0.019s sys 0m0.013s [root@localhost ~]# [root@localhost ~]# time netstat -at real 2m45.907s user 0m0.063s sys 0m0.067s [root@localhost ~]#
usage
ss [parameter] ([filter])
parameter
-h, --help Help information
-V, --version Program version information
-n, --numeric Not resolving service name
-r, --resolve Resolving Host Name
-a, --all Display all sockets( sockets)
-l, --listening Sockets displaying listening status( sockets)
-o, --options Display timer information
-e, --extended Display detailed sockets( sockets)information
-m, --memory Display socket( socket)Memory usage
-p, --processes Display using sockets( socket)Process
-i, --info display TCP internal information
-s, --summary Display socket( socket)Overview of usage
-4, --ipv4 Display only IPv4 The socket of( sockets)
-6, --ipv6 Display only IPv6 The socket of( sockets)
-0, --packet display PACKET Socket( socket)
-t, --tcp Display only TCP Socket( sockets)
-u, --udp Display only UCP Socket( sockets)
-d, --dccp Display only DCCP Socket( sockets)
-w, --raw Display only RAW Socket( sockets)
-x, --unix Display only Unix Socket( sockets)
-f, --family=FAMILY display FAMILY Type socket( sockets),FAMILY Optional, support unix, inet, inet6, link, netlink
-A, --query=QUERY, --socket=QUERY
QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
-D, --diag=FILE Will be primitive TCP Socket( sockets)Information dumped to file
-F, --filter=FILE De-filter information from files
FILTER := [ state TCP-STATE ] [ EXPRESSION ]Use examples:
Example 1: Display TCP connections
Order:
ss -t -a
Output:
[root@localhost ~]# ss -t -a State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 0 127.0.0.1:smux *:* LISTEN 0 0 *:3690 *:* LISTEN 0 0 *:ssh *:* ESTAB 0 0 192.168.120.204:ssh 10.2.0.68:49368 [root@localhost ~]#
Example 2: Display Sockets Summary
Order:
ss -s
Output:
[root@localhost ~]# ss -s Total: 34 (kernel 48) TCP: 4 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 3 Transport Total IP IPv6 * 48 - - RAW 0 0 0 UDP 5 5 0 TCP 4 4 0 INET 9 9 0 FRAG 0 0 0 [root@localhost ~]#
Example 3: List all open network connection ports
Order:
ss -l
Output:
[root@localhost ~]# ss -l
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 127.0.0.1:smux *:*
0 *:3690 *:*
0 *:ssh *:*
[root@localhost ~]#Example 4: View the socket used by the process
Order:
ss -pl
Output:
[root@localhost ~]# ss -pl
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 127.0.0.1:smux *:* users:(("snmpd",2716,8))
0 *:3690 *:* users:(("svnserve",3590,3))
0 *:ssh *:* users:(("sshd",2735,3))
[root@localhost ~]#
Example 6: Display all UDP Sockets
Order:
ss -u -a
Example 7: Show all SMTP connections with established status
Order:
ss -o state established '( dport = :smtp or sport = :smtp )'
Example 8: Display all HTTP connections with Established status
Order:
ss -o state established '( dport = :http or sport = :http )'
Example 9: List all tcp sockets in FIN-WAIT-1 state with source port 80 or 443 and target network 193.233.7/24
Order:
ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24
Example 10: Filter Sockets with TCP status:
Order:
ss -4 state FILTER-NAME-HERE
ss -6 state FILTER-NAME-HERE
[root@localhost ~]#ss -4 state closing
Recv-Q Send-Q Local Address:Port Peer Address:Port
11094 75.126.153.214:http 192.168.10.42:4669Explain:
FILTER-NAME-HERE may represent any of the following:
established
syn-sent
syn-recv
fin-wait-1
fin-wait-2
time-wait
closed
close-wait
last-ack
listen
closing
all: all of the above states
connected: All states except listen and closed
Synnized: All connected states except syn-sent
Buket: Display status is maintained as minisockets, such as time-wait and syn-recv.
big: Contrary to bucket.
Example 11: Matching remote address and port number
Order:
ss dst ADDRESS_PATTERN
ss dst 192.168.1.5
ss dst 192.168.119.113:http
ss dst 192.168.119.113:smtp
ss dst 192.168.119.113:443
[root@localhost ~]# ss dst 192.168.119.113 State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.119.103:16014 192.168.119.113:20229 ESTAB 0 0 192.168.119.103:16014 192.168.119.113:61056 ESTAB 0 0 192.168.119.103:16014 192.168.119.113:61623 ESTAB 0 0 192.168.119.103:16014 192.168.119.113:60924 ESTAB 0 0 192.168.119.103:16050 192.168.119.113:43701 ESTAB 0 0 192.168.119.103:16073 192.168.119.113:32930 ESTAB 0 0 192.168.119.103:16073 192.168.119.113:49318 ESTAB 0 0 192.168.119.103:16014 192.168.119.113:3844 [root@localhost ~]# ss dst 192.168.119.113:http State Recv-Q Send-Q Local Address:Port Peer Address:Port [root@localhost ~]# ss dst 192.168.119.113:3844 State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.119.103:16014 192.168.119.113:3844 [root@localhost ~]#