Ss Command to view connections

Ss Command to view connections
The ss command is used to display the socket status. he can display statistics such as PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, and Unix domain sockets. it displays more tcp and state information than other tools. it is a very practical, fast, and effective new tool for tracking IP connections and sockets. the SS Command provides the following information: All TCP sockets all UDP sockets all ssh/ftp/ttp/https persistent connections all local processes connected to the Xserver use state (for example: connected, synchronized, SYN-RECV, SYN-SENT, TIME-WAIT) filter all state FIN-WAIT-1 tcpsocket connections and many popular Linux releases support ss and many monitoring tools to use ss Order. familiarity with this tool helps you better discover and solve system performance problems. I strongly recommend that you use the ss Command to replace some netstat commands, such as netsat-ant/lnt. compare the number of concurrent connections on the server: netstat # time netstat-ant | grep EST | wc-l3100 real 0m12. 960 suser 0m0. 334 ssys 0m12. 561 s # time ss-o state established | wc-l3204 real 0m0. 030 suser 0m0. 005 ssys 0m0. 026 s netstat # time netstat-ant | grep EST | wc-l3100 real 0m12. 960 suser 0m0. 334 ssys 0m12. 561 s # time ss-o state established | wc-l3204 Real 0m0. 030 suser 0m0. 005 ssys 0m0. the 026s result is obvious. The efficiency of the number of concurrent connections in the ss is defeated by netstat. If the ss can handle this problem, will you still choose netstat? Are you still hesitating? refer to the following example, or go to the Help Page. common ss commands: ss-l show all locally opened ports ss-pl show each process specific opened socketss-t-a show all tcp socketss-u-a show all UDP Socektss-o state established '(dport =: smtp or sport =: smtp) 'display all established SMTP connections ss-o state established' (dport =: http or sport =: http) 'display all established HTTP connections ss-x src/tmp /. x11-unix/* Find all inbound connections to X Server Process ss-s lists the details of the current socket: ss-l show all locally opened ports ss-pl show each process specific opened socketss-t-a show all tcp socketss-u-a show all UDP Socektss-o state established '(dport =: smtp or sport =: smtp) 'display all established SMTP connections ss-o state established' (dport =: http or sport =: http) 'display all established HTTP connections ss-x src/tmp /. x11-unix/* Find out all processes connected to X Server ss-s list current socket details: Show sockets brief information list current connected, closed, waiting tcp connection # ss-sTotal: 3519 (kernel 3691) TCP: 26557 (Estab 3163, closed 23182, orphaned 194, synrecv 0, timewait 23182/0 ), ports 1452 Transport Total IP IPv6 * 3691--RAW 2 2 0UDP 10 7 3TCP 3375 3368 7 INET 3387 3377 10 FRAG 0 0 0 # ss-sTotal: 3519 (kernel 3691) TCP: 26557 (estab 3163, closed 23182, orphaned 194, synrecv 0, timewait 23182/0 ), ports 1452 Transport Total IP IPv6 * 3691--RAW 2 2 0UDP 10 7 3TCP 3375 3368 7 INET 3387 3377 10 FRAG 0 0 0 list current monitor Listen to the Port # ss-lRecv-Q Send-Q Local Address: Port Peer Address: Port0 10 ::: 5989 ::: * 0 5 *: rsync *: * 0 128 ::: sunrpc: * 0 128 *: sunrpc *: * 0 511 *: http *: * 0 128: ssh: * 0 128 *: ssh *: * 0 128: 35766: * 0 128 127.0.0.1: ipp *: * 0 128: 1: ipp: * 0 100: 1: smtp ::: * 0 100 127.0.0.1: smtp *: * 0 511 *: https *: * 0 100: 1311: * 0 5 *: 5666 *: * 0 128 *: 3044 *: * # ss-lRecv-Q Send-Q Local Address: Port Peer Address: Port0 10: 5989: * 0 5 *: rsync *: * 0 128: sunrpc: * 0 128 *: sunrpc *: * 0 511 *: http *: * 0 128: ssh: * 0 128 *: ssh *: * 0 128: 35766 ::: * 0 128 127.0.0.1: ipp *: * 0 128: 1: ipp: * 0 100: 1: smtp: * 0 100 127.0.0.1: smtp *: * 0 511 *: https *: * 0 100: 1311: * 0 5 *: 5666 *: * 0 128 *: 3044 *: * ss lists each process name and its listening port # ss-pl1 # All tcp sockets in the ss-plss column # ss-t-a1 # ss-t-ass lists all udp sockets # ss-u-a1 # ss-u -Ass: List connections in all http connections # ss-o state established '(dport =: http or sport =: http) '1 # ss-o state established' (dport =: http or sport =: http) '. The above includes the 80 externally provided and the 80 externally accessed. Use the above command to replace netstat perfectly to obtain the number of concurrent http connections, ss is often used in monitoring to list which local process is connected to x server # ss-x src/tmp /. x11-unix/* 1 # ss-x src/tmp /. x11-unix/* ss lists http, https connections in the FIN-WAIT-1 state # ss-o state fin-wait-1' (sport =: http or sport =: https) '1 # ss-o state fin-wait- 1' (sport =: http or sport =: https) 'ss common state: establishedsyn-sentsyn-recvfin-wait-1fin-wait-2time-waitclosedclose-waitlast-acklistenclosingall: All of the above statesconnected: All the states available t for listen and closedsynchronized: all the connected states before t for syn-sentbucket: Show states, which are maintained as minisockets, I. e. time-wait and syn-recv.big: Opposite to bucket State. establishedsyn-sentsyn-recvfin-wait-1fin-wait-2time-waitclosedclose-waitlast-acklistenclosingall: All of the above statesconnected: All the states available t for listen and closedsynchronized: All the connected states available t for syn-sentbucket: Show states, which are maintained as minisockets, I. e. time-wait and syn-recv.big: Opposite to bucket state. ss filters ss src ADDRESS_PATTERNsrc by IP Address: Table Show source ADDRESS_PATTERN: indicates the address rule is as follows: ss src 120.33.31.1 # column connecting 33.31.1 # To 120.33.31.1. Port 80 connects ss src 120.33.31.1: httpssr120.33.31.1: 80 ss src ADDRESS_PATTERNsrc: indicates the source ADDRESS_PATTERN: indicates the URL rule as follows: ss src 120.33.31.1 # The 20.33.31.1 connection # is listed to 120.33.31.1, and port 80 is connected to ss src 120.33.31.1: httpssrc 120.33.31.1: 80ss filter ss dport op portop by PORT: PORT dport: Filter target PORT, and PORT: port Dport: indicates to filter the target port. The opposite operator is sportOP: <= or le: less than or equal to> = or ge: greater than or equal to = or eq: equal! = Or ne: not equal to port <or lt: less than this port> or gt: greater than port <= or le: less than or equal to> = or ge: greater than or equal to = or eq: equal! = Or ne: not equal to the port <or lt: less than this port> or gt: greater than the port OP instance ss sport =: http can also be ss sport =: 80ss dport =: httpsdport \>: 1024ss sport \>: 1024ss sport \ <: 32000ss sport eq: 22ss dport! =: 22ss state connected sport =: httpss \ (sport =: http or sport =: https \) ss-o state fin-wait-1 \ (sport =: http or sport =: https \) dst 192.168.1/24 ss sport =: http can also be ss sport =: 80ss dport =: httpsdport \>: 1024ss sport \>: 1024ss sport \ <: 32000ss sport eq: 22ss dport! =: 22ss state connected sport =: httpss \ (sport =: http or sport =: https \) ss-o state fin-wait-1 \ (sport =: http or sport =: https \) dst 192.168.1/24 why ss is faster than netstat: netstat traverses every PID directory under/proc, and ss directly reads statistics under/proc/net. Therefore, the ss consumes resources during execution and the time consumed is much less than netstat. There are a lot of ss Command help # ss-hUsage: ss [OPTIONS] ss [OPTIONS] [FILTER]-h, -- help this message-V, -- version output version information-n, -- numeric don't resolve service names-r, -- resolve host names-, -- all display all sockets-l, -- listening display listening sockets-o, -- options show timer information-e, -- extended show detailed socket information-m, -- memory show socket memory usage-p, -- processes show process using socket-I, -- info show internal TCP information-s, -- summary show socket usage summary-4, -- ipv4 display only IP version 4 sockets-6, -- ipv6 display only IP version 6 sockets-0, -- packet display PACKET sockets-t, -- tcp display only TCP sockets-u, -- udp display only UDP sockets-d, -- dccp display only DCCP sockets-w, -- raw display only RAW sockets-x, -- unix display only Unix domain sockets-f, -- family = FAMILY display sockets of type FAMILY-A, -- query = QUERY, -- socket = QUERY: = {all | inet | tcp | udp | raw | unix | packet | netlink} [, QUERY]-D, -- diag = FILE Dump raw information about TCP sockets to FILE-F, -- filter = FILE read filter information from file filter: = [state TCP-STATE] [EXPRESSION] # ss-hUsage: ss [OPTIONS] ss [OPTIONS] [FILTER]-h, -- help this message-V, -- version output version information-n, -- numeric don't resolve service names-r, -- resolve host names-, -- all display all sockets-l, -- listening display listening sockets-o, -- options show timer information-e, -- extended show detailed socket information-m, -- memory show socket memory usage-p, -- processes show process using socket-I, -- info show internal TCP information-s, -- summary show socket usage summary-4, -- ipv4 display only IP version 4 sockets-6, -- ipv6 display only IP version 6 sockets-0, -- packet display PACKET sockets-t, -- tcp display only TCP sockets-u, -- udp display only UDP sockets-d, -- dccp display only DCCP sockets-w, -- raw display only RAW sockets-x, -- unix display only Unix domain sockets-f, -- family = FAMILY display sockets of type FAMILY-A, -- query = QUERY, -- socket = QUERY: = {all | inet | tcp | udp | raw | unix | packet | netlink} [, QUERY]-D, -- diag = FILE Dump raw information about TCP sockets to FILE-F, -- filter = FILE read filter information from file filter: = [state TCP-STATE] [EXPRESSION]