Linux Network Status Tool SS command

Source: Internet
Author: User

The SS command is used to display the socket status. He can display statistics such as packet sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and so on. It shows more TCP and state information than other tools. It is a very practical, fast and efficient new tool for tracking IP connections and sockets. The SS command can provide the following information:

    • All TCP sockets
    • All UDP sockets
    • All Ssh/ftp/ttp/https Persistent connections
    • All local processes connected to the Xserver
    • Use state (for example: Connected, synchronized, SYN-RECV, syn-sent,time-wait), address, port filtering
    • All state fin-wait-1 tcpsocket connections and more

Many popular Linux distributions support SS as well as many monitoring tools using the SS command. Familiarity with this tool will help you better identify and resolve system performance issues. I strongly recommend that you use the SS command instead of the netstat part of the command, such as NETSAT-ANT/LNT.
Show him before you make a comparison, count the number of server concurrent connections

netstat# Time Netstat-ant | grep EST | Wc-l3100real 0m12.960suser 0m0.334ssys 0m12.561s# time Ss-o State established | Wc-l3204real 0m0.030suser 0m0.005ssys 0m0.026s

The result is obviously SS statistics concurrent connection number efficiency Netstat, in SS can be done, you will also choose Netstat, still hesitate, see the following example, or jump to help page.

Common SS Commands:

Ss-l Show all ports open locally SS-PL show each process specific open socketss-t-a display all TCP Socketss-u-a displays all UDP Socektss-o State established ' (Dport = : SMTP or sport =: SMTP) ' Show all established SMTP connections Ss-o state established ' (Dport =: http or sport =: http) ' Displays all established HTTP connections ss-x src/tmp/. x11-unix/* find out all the processes connecting the X server ss-s list The current socket details:

Display sockets brief information
Lists the TCP connections that are currently connected, closed, and waiting

# ss-stotal:3519 (kernel 3691) tcp:26557 (estab 3163, closed 23182, orphaned 194, SYNRECV 0, timewait 23182/0), ports 14 52Transport Total IP ipv6* 3691--raw 2 2 0UDP 7 3TCP 3375 3368 7INET 3387 3377 10FRAG 0 0 0

List Current listening ports

# ss-lrecv-q send-q Local address:port Peer address:port0::: 5989:::* 0 5 *:rsync *:* 0::: Sunrpc:::* 0-*:SUNRP c *:* 0 511 *:http *:* 0 ()::: SSH:::* 0, *:ssh *:* 0::: 35766:::* 0, 127.0.0.1:ipp *:* 0:: 1:ipp:::* 0 100:: 1 : SMTP:::* 0 127.0.0.1:smtp *:* 0 511 *:https *:* 0::: 1311:::* 0 5 *:5666 *:* 0 * *:3044 *:*

SS lists each process name and the port it listens on

# SS-PL

SS-Column all TCP sockets

# SS-T-A

SS Lists all UDP sockets

# Ss-u-A

SS lists connections in all HTTP connections

# Ss-o State established ' (Dport =: http or sport =: http) '

• The above includes 80 externally provided, and access to the external 80

• Use the above command as a perfect alternative to netstat get the number of HTTP concurrent connections, commonly used in monitoring

SS lists which processes are locally connected to X server

# Ss-x src/tmp/. x11-unix/*

SS lists HTTP, HTTPS connections in the FIN-WAIT-1 state

# Ss-o State fin-wait-1 ' (sport =: http or sport =: HTTPS) '

SS Common State States :

Establishedsyn-sentsyn-recvfin-wait-1fin-wait-2time-waitclosedclose-waitlast-acklistenclosingall:all of the above Statesconnected:all the states except for listen and closedsynchronized:all the connected states except for SYN-SENTBU Cket:show states, which is maintained as minisockets, i.e. time-wait and syn-recv.big:opposite to buckets state.

SS uses IP address filtering

SS Src Address_patternsrc: Represents the source Address_pattern: Represents the address rule as follows: SS SRC 120.33.31.1 # List the connections to 20.33.31.1 # listed to 120.33.31.1, 80-Port Connection ss SRC 120.33.31.1:httpss src 120.33.31.1:80

SS uses port filtering

SS Dport OP Portop: Is operator Port: dport: Indicates that the target port is filtered and the opposite has sport

The OP operator is as follows:

<= or le: less than or equal to >= or GE: greater than equals = = or eq: equals! = or ne: Not equal to Port < or LT: Less than this port > or GT: Greater than port

OP instances

SS Sport =: HTTP can also be SS sport =: 80ss dport =: Httpss dport \>: 1024ss Sport \>: 1024SS Sport \<: 32000SS Sport EQ:22SS dport! =: 22SS state Connected sport =: HTTPSS \ (sport =: http or sport =: HTTPS \) ss-o state fin-wait-1 \ (SPO RT =: http or sport =: HTTPS \) DST 192.168.1/24

Why SS is faster than Netstat:

Netstat is the statistic that traverses the/proc below each PID directory, the SS direct read/proc/net. So when the SS executes, it consumes less resources and consumes more time than netstat.

SS Command Help

# SS-HUSAGE:SS [Options]        SS [Options] [FILTER]   -H,--h elp           This message   -V,--version         output version information   -N,--numeric         don ' t resolve service names   -R,--resolve        Resolve host names   -A,--all             Display all sockets   -L,--listening      display listening sockets& nbsp;  -O,--options       show timer information   -E,-- extended      Show detailed socket information   -M,--memory         Show Socket Memory usage   -p,--processes      Show process using socket   -I,--info            Show Internal TCP information   -S,--summary         Show socket usage summary    -4,--ipv4           Display only IP version 4 sockets   -6,--ipv6     & nbsp;    Display only IP version 6 sockets   -0,--packet display packet Sockets &nbs p; -T,--tcp            display only TCP sockets    -U,--udp            display only UDP sockets    -D,--dccp           display only DCCP sockets    -W,--RAW&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBsp;    Display only RAW sockets   -X,--unix            display only Unix domain sockets   -F,--family=family display sockets of type FA mily   -A,--query=query,--socket=query        query: = {all| inet|tcp|udp|raw|unix|packet|netlink}[,query]   -D,--diag=file      Dump Raw information about TCP sockets to file   -F,--filter=file   read filter information fro M file        FILTER: = [State Tcp-state] [EXPRESSION]
from:http://blog.sae.sina.com.cn/archives/3714

Linux Network Status Tool SS command

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.