阿川CH
学海无涯,上栽上栽!
Toggle navigation
阿川CH
主页
归档
标签
Linux命令: ss
Linux
Linux命令
2018-03-09 16:57:03
0
0
0
cqc
Linux
Linux命令
# ss命令 `ss`应该是socket statistics的简写,表示socket的统计信息。和`netstat`的命令相似,但比其能显示更多的信息 ## 语法 ss [options] [ FILTER ] ## 选项 ### -h, --help 帮助 ### -V, --version 显示ss版本 ### -n, --numeric 将host显示成IP,将端口名称(`ftp`)转成数字 ### -r, --resolve 尝试将ip、端口转成对应的host和端口名称 ### -a, --all 显示所有的sockets ### -l, --listening 仅显示处于监听的sockets ### -o, --options 显示timer。 `timer:(keepalive,114min,0)` `114min`是距离下次发keepalive的间隔 `0` 表示已经发送过几个keepalive 下面是相关的几个参数 ``` # 表示发送keepalive的时间间隔,单位:秒 cat /proc/sys/net/ipv4/tcp_keepalive_time => 7200 # 表示最多发送9次keepalive探测包,若对端还未回应则关闭连接 cat /proc/sys/net/ipv4/tcp_keepalive_probes => 9 # 表示每次发送keepalive探测包的时间间隔,单位:秒 cat /proc/sys/net/ipv4/tcp_keepalive_intvl => 75 ``` `netstat`的timer有点不同,参考这个[文章](https://superuser.com/questions/240456/how-to-interpret-the-output-of-netstat-o-netstat-timers) ### -e, --extended 显示详细信息 ``` $ ss -ntp dport = :10000 | head State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 69980 0 10.111.96.255:53510 10.111.96.255:10000 ESTAB 0 0 10.111.96.255:60738 10.111.96.255:10000 ESTAB 113522 0 10.111.96.255:35746 10.111.96.255:10000 ESTAB 103886 0 10.111.96.255:52482 10.111.96.255:10000 ESTAB 114003 0 10.111.96.255:40306 10.111.96.255:10000 ESTAB 29420 0 10.111.96.255:36822 10.111.96.255:10000 ESTAB 0 0 10.111.96.255:53620 10.111.96.255:10000 ESTAB 46 0 10.111.96.255:59628 10.111.96.255:10000 ESTAB 73423 0 10.111.96.255:53444 10.111.96.255:10000 $ ss -ntpe dport = :10000 | head State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 69980 0 10.111.96.255:53510 10.111.96.255:10000 timer:(keepalive,56min,0) uid:1013 ino:504630510 sk:ffff881e44b964c0 <-> ESTAB 0 0 10.111.96.255:60738 10.111.96.255:10000 timer:(keepalive,47min,0) uid:1013 ino:504782353 sk:ffff881a89f8dd00 <-> ESTAB 113522 0 10.111.96.255:35746 10.111.96.255:10000 timer:(keepalive,54min,0) uid:1013 ino:505099885 sk:ffff880a38b6ae80 <-> ESTAB 103886 0 10.111.96.255:52482 10.111.96.255:10000 timer:(keepalive,55min,0) uid:1013 ino:504625727 sk:ffff881b78f69740 <-> ESTAB 114003 0 10.111.96.255:40306 10.111.96.255:10000 timer:(keepalive,47min,0) uid:1013 ino:505091859 sk:ffff881b4f3a3640 <-> ESTAB 29420 0 10.111.96.255:36822 10.111.96.255:10000 timer:(keepalive,54min,0) uid:1013 ino:504803958 sk:ffff881e46ecb640 <-> ESTAB 0 0 10.111.96.255:53620 10.111.96.255:10000 timer:(keepalive,42min,0) uid:1013 ino:504667513 sk:ffff881ca92a45c0 <-> ESTAB 46 0 10.111.96.255:59628 10.111.96.255:10000 timer:(keepalive,47min,0) uid:1013 ino:509119803 sk:ffff881a1166c5c0 <-> ESTAB 73423 0 10.111.96.255:53444 10.111.96.255:10000 timer:(keepalive,57min,0) uid:1013 ino:504624485 sk:ffff880123de7440 <-> ``` ### -m, --memory 显示内存使用 ``` State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 69980 0 10.111.96.255:53510 10.111.96.255:10000 skmem:(r72696,rb1061296,t0,tb2626560,f1032,w0,o0,bl0) ``` ### -p, --processes 显示相关的进程信息(需要启动用户或root才能显示进程) ``` sudo ss -ntpm dport = :10000 State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 69980 0 10.111.96.255:53510 10.111.96.255:10000 users:(("java",pid=16607,fd=557)) ``` ### -i, --info Show internal TCP information. ``` sudo ss -nti dport = :10000 | head State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 69980 0 10.111.96.255:53510 10.111.96.255:10000 cubic wscale:7,7 rto:204 rtt:3.725/7.328 ato:40 mss:65468 cwnd:10 ssthresh:7 bytes_acked:64493 bytes_received:620668 segs_out:977 segs_in:1549 send 1406.0Mbps lastsnd:76924115 lastrcv:76924086 lastack:4812456 pacing_rate 2811.6Mbps rcv_rtt:3830 rcv_space:43690 ``` ### -s, --summary 输出摘要信息 ``` sudo ss -s Total: 1417 (kernel 2653) TCP: 1563 (estab 1049, closed 430, orphaned 0, synrecv 0, timewait 417/0), ports 0 Transport Total IP IPv6 * 2653 - - RAW 0 0 0 UDP 17 15 2 TCP 1133 1133 0 INET 1150 1148 2 FRAG 0 0 0 ``` ### -4, --ipv4 Display only IP version 4 sockets (alias for -f inet). ### -6, --ipv6 Display only IP version 6 sockets (alias for -f inet6). ### -0, --packet Display PACKET sockets. ### -t, --tcp Display only TCP sockets. ### -u, --udp Display only UDP sockets. ### -d, --dccp Display only DCCP sockets. ### -w, --raw Display only RAW sockets. ### -x, --unix Display only Unix domain sockets. ### -f FAMILY, --family=FAMILY Display sockets of type FAMILY. Currently the following families are supported: unix, inet, inet6, link, netlink. ### -A QUERY, --query=QUERY, --socket=QUERY List of socket tables to dump, separated by commas. The following identifiers are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream, packet_raw, packet_dgram. ### -D FILE, --diag=FILE Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used. ### -F FILE, --filter=FILE Read filter information from FILE. Each line of FILE is interpreted like single command line option. If FILE is - stdin is used. ### FILTER := [ state TCP-STATE ] [ EXPRESSION ] Please take a look at the official documentation (Debian package iproute-doc) for details regarding filters. 每个filter间是and关系,若需or关系需要使用`(filter1 or filter2)`的形式 ``` ss -o state fin-wait-1 ’( sport = :http or sport = :https )’ dst 193.233.7/24 ``` ## 实践 ```bash # 根据端口 ss sport = :80 ss sport = :http ss dport = :80 ss '(sport = :80 or dport = :80)' # 根据ip ss src xxx.xxx.xxx.xxx ss dst xxx.xxx.xxx.xxx # 根据ip:port ss src xxx.xxx.xxx.xxx:80 ss dst xxx.xxx.xxx.xxx:80 # 根据结果进行排序 ss sport = :80 | sort -n -r -k 3 # 显示已建立连接的ssh ss -o state established ’( dport = :ssh or sport = :ssh )’ ```
上一篇:
基于流的方式在传输或存取时进行加减密
下一篇:
mysql操作
文档导航
cqc
