Detailed explanation of the use of the latest CentOS network status tool ss commands
The ss command is used to display the socket status. he can display statistics such as PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, and Unix domain sockets. it displays more tcp and state information than other tools. it is a very practical, fast, and effective new tool for tracking IP connections and sockets. the SS Command provides the following information:
- All TCP sockets
- All UDP sockets
- All ssh/ftp/ttp/https persistent connections
- All local processes connected to Xserver
- Use state (e.g.: connected, synchronized, SYN-RECV, SYN-SENT, TIME-WAIT), address, port Filter
- All state FIN-WAIT-1 tcpsocket connections and more
Many popular Linux distributions support ss and many monitoring tools using ss commands. familiarity with this tool helps you better discover and solve system performance problems. I strongly recommend that you use the ss Command to replace some netstat commands, such as netsat-ant/lnt.
Compare the number of concurrent connections on the server
Netstat # time netstat-ant | grep EST | wc-l3100real 0m12. 960 suser 0m0. 334 ssys 0m12. 561 s # time ss-o state established | wc-l3204real 0m0. 030 suser 0m0. 005 ssys 0m0. 026 s
The result is obvious that the efficiency of the number of concurrent connections in ss statistics has been defeated by netstat. If the ss can handle this problem, will you still choose netstat? Are you still hesitating? refer to the following example, or go to the Help Page.
Common ss commands:
Ss-l show all locally opened ports ss-pl show each process specific opened socketss-t-a show all tcp socketss-u-a show all UDP Socektss-o state established '(dport =: smtp or sport =: smtp) 'display all established SMTP connections ss-o state established' (dport =: http or sport =: http) 'display all established HTTP connections ss-x src/tmp /. x11-unix/* Find all processes that connect to X Server ss-s to list the current socket details:
Show brief sockets Information
Lists tcp connections that are currently connected, closed, and waiting
# Ss-sTotal: 3519 (kernel 3691) TCP: 26557 (estab 3163, closed 23182, orphaned 194, synrecv 0, timewait 23182/0 ), ports 1452 Transport Total IP IPv6 * 3691--RAW 2 2 0UDP 10 7 3TCP 3375 3368 7 INET 3387 3377 10 FRAG 0 0 0
List current listening ports
# Ss-lRecv-Q Send-Q Local Address: Port Peer Address: Port0 10 ::: 5989 ::: * 0 5 *: rsync *: * 0 128 ::: sunrpc: * 0 128 *: sunrpc *: * 0 511 *: http *: * 0 128: ssh: * 0 128 *: ssh *: * 0 128: 35766: * 0 128 127.0.0.1: ipp *: * 0 128: 1: ipp: * 0 100: 1: smtp ::: * 0 100 127.0.0.1: smtp *: * 0 511 *: https *: * 0 100: 1311: * 0 5 *: 5666 *: * 0 128 *: 3044 *:*
Ss lists each process name and its listening port
# Ss-pl
All tcp sockets in the ss Column# Ss-t-
Ss lists all udp sockets# Ss-u-
Ss lists all connections in http connections# Ss-o state established '(dport =: http or sport =: http )'
· The above includes 80 provided externally and 80 accessed externally
· Use the above command to perfectly replace netstat to get the number of concurrent http connections, which is often used in monitoring
Ss lists which processes are locally connected to x server
# Ss-x src/tmp/. X11-unix /*
Ss lists http and https connections in the FIN-WAIT-1 Status
# Ss-o state fin-wait-1 '(sport =: http or sport =: https )'
Common state states of ss:Establishedsyn-sentsyn-recvfin-wait-1fin-wait-2time-waitclosedclose-waitlast-acklistenclosingall: All of the above statesconnected: All the states available t for listen and closedsynchronized: All the connected states available t for syn-sentbucket: Show states, which are maintained as minisockets, I. e. time-wait and syn-recv.big: Opposite to bucket state.
Ss IP address filteringSs src ADDRESS_PATTERNsrc: indicates the source ADDRESS_PATTERN: indicates the URL rule as follows: ss src 120.33.31.1 # columns the connection to ipv33.31.1 # columns to 120.33.31.1 and port 80 connects to ss src 120.33.31.1: httpssrc 120.33.31.1: 80
Filter ports used by ssSs dport op portop: PORT: Indicates PORT dport: Indicates filtering the target PORT. The opposite is sport.
The OP operator is as follows:<= Or le: less than or equal to> = or ge: greater than or equal to = or eq: equal! = Or ne: not equal to the port <or lt: less than this port> or gt: greater than the port
OP instanceSs sport =: http can also be ss sport =: 80ss dport =: httpss dport \>: 1024ss sport \>: 1024ss sport \ <: 32000ss sport eq: 22ss dport! =: 22ss state connected sport =: httpss \ (sport =: http or sport =: https \) ss-o state fin-wait-1 \ (sport =: http or sport =: https \) dst 192.168.1/24
Why is ss faster than netstat:
Netstat traverses each PID directory under/proc, and ss directly reads the statistics under/proc/net. Therefore, the resource consumption and time consumption during ss execution are much less than netstat.
Ss Command help
# Ss-hUsage: ss [OPTIONS] ss [OPTIONS] [FILTER]-h, -- help this message-V, -- version output version information-n, -- numeric don't resolve service names-r, -- resolve host names-a, -- all display all sockets-l, -- listening display listening sockets-o, -- options show timer information-e, -- extended show detailed socket information-m, -- memory show socket memory usage-p, -- processes show process using socket-I, -- info show internal TCP information-s, -- summary show socket usage summary-4, -- ipv4 display only IP version 4 sockets-6, -- ipv6 display only IP version 6 sockets-0, -- packet display PACKET sockets-t, -- tcp display only TCP sockets-u, -- udp display only UDP sockets-d, -- dccp display only DCCP sockets-w, -- raw display only RAW sockets-x, -- unix display only Unix domain sockets-f, -- family = FAMILY display sockets of type FAMILY-A, -- query = QUERY, -- socket = QUERYQUERY: = {all | inet | tcp | udp | raw | unix | packet | netlink} [, QUERY]-D, -- diag = FILE Dump raw information about TCP sockets to a FILE-F, -- filter = FILE read filter information from FILEFILTER: = [state TCP-STATE] [EXPRESSION]Reference: http://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html