Ss Command example

Ss Command example
GuideSs is short for Socket Statistics and can be used to obtain socket Statistics. It can display content similar to netstat. But the advantage of ss is that it can display more detailed information about TCP and connection status, and is faster and more efficient than netstat.

When the number of socket connections on the server becomes very large, the execution speed will be very slow, whether using the netstat command or directly cat/proc/net/tcp. You may not feel it, but when the number of connections maintained by the server reaches tens of thousands, using netstat is a waste of life, and using ss is time-saving. Daily martial arts are only fast. The secret of ss is that it uses tcp_diag in the TCP protocol stack. Tcp_diag is a module used to analyze statistics and obtain first-hand information in the Linux kernel, which ensures the efficiency and efficiency of ss. Of course, if you do not have tcp_diag in your system, the ss can also run normally, but the efficiency will be slightly slower. (But it is still faster than netstat .)

Command Format

Ss [parameters]

Command function

The ss (short for Socket Statistics) command can be used to obtain socket Statistics. The result output by this command is similar to that output by netstat, however, it can display more detailed TCP connection status information and is faster and more efficient than netstat. It uses tcp_diag (a module used for analysis and statistics) in the TCP protocol stack to directly obtain first-hand kernel information, which makes ss commands fast and efficient. In the absence of tcp_diag, the ss can also run normally.

Command Parameters

-H, -- help information-V, -- version program version information-n, -- numeric does not parse service name-r, -- resolve parses host name-, -- all: Display all sockets (sockets)-l, -- listening: Display socket (sockets)-o, -- options: display timer information-e, -- extended displays detailed socket (sockets) information-m, -- memory displays socket (socket) memory usage-p, -- processes displays the process using socket (socket)-I, -- info: TCP internal information-s, -- summary: socket usage overview-4, -- ipv4: Only IPv4 socket (sockets)-6, -- ipv6 only displays the IPv6 socket (sockets)-0, -- packet displays the PACKET socket (socket)-t, -- tcp only displays the TCP socket (sockets)-u, -- udp only displays UCP socket (sockets)-d, -- dccp only displays DCCP socket (sockets)-w, -- raw only displays RAW socket (sockets)-x, -- unix only displays Unix sockets (sockets)-f, -- family = FAMILY: displays socket of the FAMILY type (sockets), FAMILY is optional, supports unix, inet, inet6, link, netlink-A, -- query = QUERY, -- socket = QUERY: = {all | inet | tcp | udp | raw | unix | packet | netlink} [, QUERY]-D, -- diag = FILE dump the original TCP socket (sockets) Information to the FILE-F, -- filter = FILE remove the FILTER information from the FILE filter: = [state TCP-STATE] [EXPRESSION]

Use instance

Instance 1: Display TCP connections

[root@localhost ~]# ss -t -aState      Recv-Q Send-Q                                Local Address:Port                                    Peer Address:Port   LISTEN     0      0                                         127.0.0.1:smux                                               *:*       LISTEN     0      0                                                 *:3690                                               *:*       LISTEN     0      0                                                 *:ssh                                                *:*       ESTAB      0      0                                   192.168.120.204:ssh                                        10.2.0.68:49368   

Example 2: Show Sockets Summary

[root@localhost ~]# ss -sTotal: 34 (kernel 48)TCP: 4 (estab 1, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 3Transport Total IP IPv6* 48 - - RAW 0 0 0 UDP 5 5 0 TCP 4 4 0 INET 9 9 0 FRAG 0 0 0 

: Lists the current established, closed, orphaned and waiting TCP sockets.

Instance 3: List all open network connection ports

[root@localhost ~]# ss -lRecv-Q Send-Q Local Address:Port Peer Address:Port 0 0 127.0.0.1:smux *:* 0 0 *:3690 *:* 0 0 *:ssh *:* 

Instance 4: view the socket used by the Process

[root@localhost ~]# ss -plRecv-Q Send-Q Local Address:Port Peer Address:Port 0 0 127.0.0.1:smux *:* users:(("snmpd",2716,8))0 0 *:3690 *:* users:(("svnserve",3590,3))0 0 *:ssh *:* users:(("sshd",2735,3))

Instance 5: Find the socket/port application

[root@localhost ~]# ss -lp|grep 19350 0 *:1935 *:* users:(("fmsedge",2913,18))0 0 127.0.0.1:19350 *:* users:(("fmsedge",2913,17))[root@localhost ~]# ss -lp|grep 33060 0 *:3306 *:* users:(("mysqld",2871,10))

Instance 6: display all UDP Sockets

[root@localhost ~]# ss -u -aState Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 127.0.0.1:syslog *:* UNCONN 0 0 *:snmp *:* ESTAB 0 0 192.168.120.203:39641 10.58.119.119:domain 

Instance 7: displays all SMTP connections in the "established" status.

[root@localhost ~]# ss -o state established '( dport = :smtp or sport = :smtp )' Recv-Q Send-Q Local Address:Port Peer Address:Port 

Instance 8: displays all HTTP connections in the Established status.

[root@localhost ~]# ss -o state established '( dport = :http or sport = :http )' Recv-Q Send-Q Local Address:Port Peer Address:Port 0 0 75.126.153.214:2164 192.168.10.42:http 

Instance 9: Lists All tcp sockets from the source port 80 or 443 in the FIN-WAIT-1 status and the target network is 193.233.7/24.

[root@localhost ~]# ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24Recv-Q Send-Q Local Address:Port Peer Address:Port

Instance 10: use TCP status to filter Sockets
Command:

ss -4 state FILTER-NAME-HERE ss -6 state FILTER-NAME-HERE

Output:

[root@localhost ~]#ss -4 state closing Recv-Q Send-Q Local Address:Port Peer Address:Port 1 11094 75.126.153.214:http 192.168.10.42:4669 

Note:
FILTER-NAME-HERE can represent any of the following:
Established
Syn-sent
Syn-recv
Fin-wait-1
Fin-wait-2
Time-wait
Closed
Close-wait
Last-ack
Listen
Closing

All: all or more statuses
Connected: All statuses except listen and closed
Synchronized: All connected states except syn-sent
Bucket: The display status is maintained as minisockets, such as time-wait and syn-recv.
Big: opposite to bucket.

Instance 11: match the remote address and port number
Command:

ss dst ADDRESS_PATTERNss dst 192.168.1.5ss dst 192.168.119.113:http ss dst 192.168.119.113:smtp ss dst 192.168.119.113:443

Output:

[root@localhost ~]# ss dst 192.168.119.113State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.119.103:16014 192.168.119.113:20229 ESTAB 0 0 192.168.119.103:16014 192.168.119.113:61056 ESTAB 0 0 192.168.119.103:16014 192.168.119.113:61623 ESTAB 0 0 192.168.119.103:16014 192.168.119.113:60924 ESTAB 0 0 192.168.119.103:16050 192.168.119.113:43701 ESTAB 0 0 192.168.119.103:16073 192.168.119.113:32930 ESTAB 0 0 192.168.119.103:16073 192.168.119.113:49318 ESTAB 0 0 192.168.119.103:16014 192.168.119.113:3844 [root@localhost ~]# ss dst 192.168.119.113:httpState Recv-Q Send-Q Local Address:Port Peer Address:Port [root@localhost ~]# ss dst 192.168.119.113:3844State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.119.103:16014 192.168.119.113:3844 

Instance 12: match the local address and port number
Command:

ss src ADDRESS_PATTERNss src 192.168.119.103ss src 192.168.119.103:httpss src 192.168.119.103:80ss src 192.168.119.103:smtpss src 192.168.119.103:25

Output:

[root@localhost ~]# ss src 192.168.119.103:16021State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.119.103:16021 192.168.119.201:63054 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:62894 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:63055 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:2274 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:44784 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:7233 ESTAB 0 0 192.168.119.103:16021 192.168.119.103:58660 ESTAB 0 0 192.168.119.103:16021 192.168.119.201:44822 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56737 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:57487 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56736 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64652 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56586 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:64653 ESTAB 0 0 192.168.119.103:16021 10.2.1.206:56587 

Instance 13: Compare the local or remote ports with the number
Command:

ss dport OP PORT ss sport OP PORT

Output:

[root@localhost ~]# ss sport = :http [root@localhost ~]# ss dport = :http [root@localhost ~]# ss dport \> :1024 [root@localhost ~]# ss sport \> :1024 [root@localhost ~]# ss sport \< :32000 [root@localhost ~]# ss sport eq :22 [root@localhost ~]# ss dport != :22 [root@localhost ~]# ss state connected sport = :http [root@localhost ~]# ss \( sport = :http or sport = :https \) [root@localhost ~]# ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1/24

Note:
Comparison between the remote PORT and number of ss dport OP ports; comparison between the local PORT and number of ss sport OP ports.
OP can represent any of the following:
<= Or le: less than or equal to the port number> = or ge: greater than or equal to the port number
= Or eq: equal to the port number
! = Or ne: not equal to the port number
<Or gt: less than the port number> or lt: greater than the port number

Instance 14: Comparison of ss and netstat Efficiency
Command:

time netstat -attime ss

Output:

[root@localhost ~]# time ss real 0m0.739suser 0m0.019ssys 0m0.013s[root@localhost ~]# [root@localhost ~]# time netstat -atreal 2m45.907suser 0m0.063ssys 0m0.067s

Note: use the time command to obtain the time used by the program and the summary resource by using the netstat and ss commands respectively. When the number of server connections is large, the efficiency of netstat cannot be compared with that of ss.

From: http://www.cnblogs.com/peida/archive/2013/03/11/2953420.html

Address: http://www.linuxprobe.com/ss-command.html