One Linux command per day (--SS) command

The SS is the abbreviation for the socket statistics. As the name implies, the SS command can be used to get socket statistics, which can display and netstat similar content. But the advantage of the SS is that it can show more and more detailed information about TCP and connection status, and is faster and more efficient than netstat.

When the number of socket connections for a server becomes very large, the execution speed is slow, either with the netstat command or the cat/proc/net/tcp. You may not have a personal feeling, but please believe me, when the server maintains a connection of tens of thousands of times, the use of netstat equals wasting life, and the SS is to save time.

The World martial arts only fast not broken.   The secret of the SS quick is that he leverages the TCP protocol stack for TCP_DIAG. Tcp_diag is a module for analyzing statistics that gives you first-hand information in the Linux kernel, which ensures that the SS is fast and efficient. Of course, if you do not have tcp_diag,ss in your system, you can run normally, but the efficiency will become slightly slower. (but still faster than Netstat.) ）

1. Command format:

SS [Parameter]

SS [Parameter] [filter]

2. Command function:

SS (Socket statistics abbreviation), which can be used to get the statistics of the socket, the output of this command is similar to the content of the netstat output, but it can display more detailed TCP connection status information, and faster and more efficient than netstat. It uses the TCP protocol stack Tcp_diag (is a module for analyzing statistics), can directly from the first-hand kernel information, which makes the SS command fast and efficient. It can run normally without tcp_diag,ss.

3. Command parameters:

-N--numeric does not resolve service name

-R--resolve Resolving host name

-L--listening Socket (sockets) showing listening status

-A--all Show all sockets

-O--options Display timer information

-e--extended Show detailed socket (socket) Memory usage

-P--processed Show processes using sockets

-I--info displaying TCP internal information

-S--summary display socket (socket) Usage overview

-4--ipv4 only IPV4 sockets are displayed

-6

-0 (0)--packet display packet sockets

-T--tcp show only TCP sockets

-u--udp only display UDP sockets

-D--DCCP Show only DCCP sockets

-W--raw Show only raw sockets

-X--unix only display Unix sockets

-F--family=family Display family type of socket, family optional Unix, inet, Inet6, link, netlink

-A--query=query,--socket=query

Query: = {all| inet| tcp| UDP | raw | unix | packet | netlink} [query]

-D--diag=file Dump raw TCP socket information to a file

-F--filter=file filtering information from the file

Fliter: = [State Tcp-state] [EXPRESSION]

4 Usage Examples:

Example 1: Displaying a TCP connection

Command: Ss-t-A

Example 2: Display sockets summary

Command: Ss-s

Lists the current established, closed, orphaned, and waiting TCP sockets

Example 3:

Ss-l

Example 4: View the socket used by the process

Command:

Ss-pl

Example 5: Find out the open socket/port application

Command:

Ss-lp | grep 3306

Example 6: Show all UDP sockets

Command:

Ss-u-A

Example 7: Show all SMTP connections with established status

Command:

Ss-o State established ' (Dport =: SMTP or sport =: SMTP) '

Example 8: Show all HTTP connections with established status

Command:

Ss-o State established ' (Dport =: http or sport =: http) '

Example 9: Enumerate all TCP sockets in the Fin-wait-1 state where the source port is 80 or 443 and the destination network is 192.168.1/24

Command:

Ss-o state fin-wait-1 ' (sport =: http or sport =: HTTPS) ' DST 192.168.1/24

Example 10: Filtering Sockets with TCP status:

Command:

Ss-4 State Filter-name-here

Ss-6 State Filter-name-here

Filter-name-here can represent any one of the following

Established

Syn-sent

Syn-recv

Fin-wait-1

Fin-wait-2

Time-wait

Closed

Close-wait

Last-ack

Listen

Closing

All above states

Connected all states except listen and closed

Synchronized all connected states in addition to Syn-sent

Buckets show states as maintained as minisockets, such as time-wait and SYN-RECV.

Big and bucket opposite

Example 11: Matching remote address and port number

Command:

SS DST Adderss_pattern

SS DST 192.168.1.1

SS DST 192.168.1.1:8080

Example 12: Matching local address and port number

Command:

SS Src Address_pattern

SS Src 192.168.1.1

SS Src 192.168.1.1:80

Example 13: Compare a local or remote port to a number

Command:

SS Dport OP Port remote port and a number comparison; destination port

SS Sport OP Port Local port and a number comparison; source port

Op--option:

<= or LE, >= or ge, = = or EQ,

! = or NE < or GT > or LT

Example 14:SS and netstat efficiency comparison

Command:

Time Netstat-at

Time SS

Use the time command to obtain, respectively, the Times used by the Netstat and SS commands to get the resource occupied by the program. When the number of server connections is more, netstat efficiency is completely unable to compare with SS.

　　

One Linux command per day (--SS) command