Meaning of SS socket state
1. view links
[admin@v035114 ~]$ ssState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:1023 10.232.16.13:nfs ESTAB 0 0 10.232.35.114:54487 10.232.36.75:ssh ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 SYN-SENT 0 1 10.232.35.114:37613 10.232.14.220:webcache ESTAB 0 0 10.232.35.114:34337 10.232.17.73:ssh ESTAB 0 0 10.232.35.114:44849 10.232.36.86:ssh ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:ssh ESTAB 0 0 10.232.35.114:38479 10.232.36.88:ssh ESTAB 0 0 10.232.35.114:60156 10.232.36.88:ssh ESTAB 0 0 10.232.35.114:51222 10.232.36.86:ssh ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:65432 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50906 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:51239 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:53277 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813
The first column indicates the status
Meaning of send-Q and Recv-Q in the second and third columns
Send-QThe other party does not receive the data or Ack, or the local buffer.
Count of bytes not acknowledged by the remote host.
Recv-QThe data has received the buffer locally, but there is no Recv ()
The Count of bytes not copied by the user program connected to this socket.
2 Option-N indicates that the service name is not resolved
[admin@v035114 ~]$ ss -nState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:22 ESTAB 0 0 10.232.35.114:60156 10.232.36.88:22 ESTAB 0 0 10.232.35.114:51222 10.232.36.86:22 ESTAB 0 0 ::ffff:10.232.35.114:22 ::ffff:10.13.44.35:3114 ESTAB 0 0 ::ffff:10.232.35.114:22 ::ffff:10.13.44.34:50813
Port 22 corresponds to SSH
3
SS-l displays all listener ports opened locally
[admin@v035114 ~]$ ss -lRecv-Q Send-Q Local Address:Port Peer Address:Port 0 0 127.0.0.1:15777 *:* 0 0 127.0.0.1:15778 *:* 0 0 127.0.0.1:smux *:* 0 0 *:50410 *:* 0 0 *:netbios-ssn *:* 0 0 *:sunrpc *:* 0 0 *:http *:* 0 0 *:43698 *:* 0 0 *:socks *:* 0 0 *:microsoft-ds *:* 0 0 :::ssh :::*
Use-N to check the port used by the Service
[admin@v035114 ~]$ ss -lnRecv-Q Send-Q Local Address:Port Peer Address:Port 0 0 127.0.0.1:15777 *:* 0 0 127.0.0.1:15778 *:* 0 0 127.0.0.1:199 *:* 0 0 *:50410 *:* 0 0 *:139 *:* 0 0 *:111 *:* 0 0 *:80 *:* 0 0 *:43698 *:* 0 0 *:1080 *:* 0 0 *:445 *:* 0 0 :::22 :::*
22 SSH
80 corresponds to HTTP
111 SunRPC
139 corresponds to NetBIOS-SSN
4-s Abstract
[admin@v035114 ~]$ ss -s Total: 89 (kernel 114)TCP: 44 (estab 9, closed 23, orphaned 0, synrecv 0, timewait 22/0), ports 80Transport Total IP IPv6* 114 - - RAW 0 0 0 UDP 16 13 3 TCP 21 17 4 INET 37 30 7 FRAG 0 0 0
What does orphaned mean?
What does the last port 80 mean?
What does raw, Inet, and frag mean?
Is there a number of rows in the column of IPv6 not 0?
5-T display TCP Connection
[admin@v035114 ~]$ ss -tState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:59861 10.235.144.41:ssh ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:ssh ESTAB 0 0 10.232.35.114:60156 10.232.36.88:ssh ESTAB 0 0 10.232.35.114:51222 10.232.36.86:ssh ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.50:54354
6-u displays UDP connections
[admin@v035114 ~]$ ss -tState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:59861 10.235.144.41:ssh ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:ssh ESTAB 0 0 10.232.35.114:60156 10.232.36.88:ssh ESTAB 0 0 10.232.35.114:51222 10.232.36.86:ssh ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.50:54354
7-P indicates that the socket PID is used. The first time this command is used, the-P option is used to find the Java PID, and then the jstack Java Process, SS-p | grep "DB-IP"
[admin@v035114 ~]$ ss -pState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:59861 10.235.144.41:ssh users:(("ssh",20182,3))ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:ssh users:(("ssh",19281,3))SYN-SENT 0 1 10.232.35.114:46842 10.232.14.220:webcache ESTAB 0 0 10.232.35.114:60156 10.232.36.88:ssh users:(("ssh",10249,3))ESTAB 0 0 10.232.35.114:51222 10.232.36.86:ssh users:(("ssh",10346,3))ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad ESTAB 0 180 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.50:54354
I don't know what the 3rd bits in the brackets mean?
The last line: fffff: What does it mean?
8-O display timer Information
[admin@v035114 ~]$ ss -oState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:59861 10.235.144.41:ssh timer:(keepalive,21min,0)ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 timer:(keepalive,6.248ms,0)ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:ssh timer:(keepalive,19min,0)SYN-SENT 0 1 10.232.35.114:56005 10.232.14.220:webcache timer:(on,1.092ms,0)ESTAB 0 0 10.232.35.114:60156 10.232.36.88:ssh timer:(keepalive,32min,0)ESTAB 0 0 10.232.35.114:51222 10.232.36.86:ssh timer:(keepalive,30min,0)ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad timer:(keepalive,11min,0)ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813 timer:(keepalive,18min,0)ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.50:54354 timer:(keepalive,21min,0)
What do I mean when I see two types of timer?
On
Keepalive
9-I: Internal TCP information is displayed. Only the last few columns are printed.
[admin@v035114 ~]$ ss -i Local Address:Port Peer Address:Port 10.232.35.114:59861 10.235.144.41:ssh rto:0.212 ato:0.04 cwnd:3 ssthresh:100 qack:11 10.232.35.114:43583 10.235.171.2:15888 rto:0.204 ato:0.04 cwnd:3 ssthresh:100 10.232.35.114:33943 10.235.171.1:13888 rto:0.212 ato:0.04 cwnd:3 ssthresh:100 10.232.35.114:59068 10.20.142.112:ssh rto:0.212 ato:0.04 cwnd:20 ssthresh:100 10.232.35.114:43376 10.232.14.220:webcache 10.232.35.114:60156 10.232.36.88:ssh rto:0.204 ato:0.04 ssthresh:100 bidir 10.232.35.114:51222 10.232.36.86:ssh rto:0.204 ato:0.04 cwnd:3 ssthresh:100 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad rto:0.256 ato:0.04 cwnd:3 ssthresh:3 qack:14 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813 rto:0.476 ato:0.04 cwnd:5 ssthresh:100 bidir ::ffff:10.232.35.114:ssh ::ffff:10.13.44.50:54354 rto:0.316 ato:0.04 cwnd:4 ssthresh:100 qack:1
RTO
Ato
Cwnd
What does ssthresh mean?
10 example of filter Filtering
SS-o State established '(dport =: SMTP or sport =: SMTP )'Show all created SMTP connections
SS-o State established '(dport =: HTTP or sport =: http )'Show all established HTTP connections
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
