http://blog.lifeibo.com/?p=244
在實際工作中,熟練使用工具,可以為我們提高不少效率。今天我們簡單瞭解下ss工具的使用。ss即socket state,也就是說,是可以查看系統中socket的狀態的。我們可以用netstat,但為什麼還要用ss這個工具呢,當然ss也是有好處的。當我們開啟的socket數量很多時,netstat就會變得慢了。
我們先來看看ss的使用格式:
- $ ss [ OPTIONS ] [ STATE-FILTER ] [ ADDRESS-FILTER ]
$ ss [ OPTIONS ] [ STATE-FILTER ] [ ADDRESS-FILTER ]
options我從man手冊裡摘了過來:
-h – show help page
-? – the same, of course
-v, -V – print version of ss and exit
-s – print summary statistics. This option does not parse socket lists obtaining summary from various sources. It is useful when amount of sockets is so huge that parsing /proc/net/tcp is painful.
-D FILE – do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is – stdout is used.
-F FILE – read continuation of filter from FILE. Each line of FILE is interpreted like single command line option. If FILE is – stdin is used.
-r – try to resolve numeric address/ports
-n – do not try to resolve ports
-o – show some optional information, f.e. TCP timers
-i – show some infomration specific to TCP (RTO, congestion window, slow start threshould etc.)
-e – show even more optional information
-m – show extended information on memory used by the socket. It is available only with tcp_diag enabled.
-p – show list of processes owning the socket
-f FAMILY – default address family used for parsing addresses. Also this option limits listing to sockets supporting given address family. Currently the following families are supported: unix, inet, inet6, link, netlink.
-4 – alias for -f inet
-6 – alias for -f inet6
-0 – alias for -f link
-A LIST-OF-TABLES – list of socket tables to dump, separated by commas. The following identifiers are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream, packet_raw, packet_dgram.
-x – alias for -A unix
-t – alias for -A tcp
-u – alias for -A udp
-w – alias for -A raw
-a – show sockets of all the states. By default sockets in states LISTEN, TIME-WAIT, SYN_RECV and CLOSE are skipped.
-l – show only sockets in state LISTEN
ss的強大之處,大於可以設定過濾條件,我們可以根據socket的狀態來進行過濾,也可通過連接埠與ip地址進行過濾。也就是我們在命令格式裡面看到的STATE-FILTER與ADDRESS-FILTER。
首先看看STATE-FILTER,STATE-FILTER可用的過濾條件有:
1. 所有的TCP狀態,包含:established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing.
2. all,包含所有的狀態。
3. connected,除了listen與closed的所有其它狀態。
4. synchronized,除了syn-sent的所有connected的狀態。
5. bucket
6. big
使用時,如:
- $ ss state connected
$ ss state connected
再看看ADDRESS-FILTER,ADDRESS-FILTER用於過濾連接埠與地址。而且可以進行運算式組合。可用的子運算式有:
1. dst ADDRESS_PATTERN
2. src ADDRESS_PATTERN
3. dport RELOP PORT
4. sport RELOP PORT
5. autobound
其中ADDRESS_PATTERN為ip地址與連接埠匹配,ip:port,可以用*代替。RELOP為<= >=或==。
如:
- $ ss dst 192.168.0.1:80
- $ ss dport == 80
$ ss dst 192.168.0.1:80 $ ss dport == 80
多個子運算式之間可以組合,當然跟tcpdump一樣,可以用or and not來組合。但括弧要用轉義符號表示。
如:
- $ ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 193.233.7/24
$ ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 193.233.7/24
看看幾個例子:
查看系統總體資訊:
- $ ss -s
- Total: 85 (kernel 108)
- TCP: 15 (estab 4, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 12
-
- Transport Total IP IPv6
- * 108 - -
- RAW 0 0 0
- UDP 10 7 3
- TCP 15 12 3
- INET 25 19 6
- FRAG 0 0 0
$ ss -sTotal: 85 (kernel 108)TCP: 15 (estab 4, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 12Transport Total IP IPv6* 108 - -RAW 0 0 0UDP 10 7 3TCP 15 12 3INET 25 19 6FRAG 0 0 0
想看當前機器的8088連接埠被誰佔用了:
view plaincopy to clipboardprint?
- $ ss -lp src :8088
- Recv-Q Send-Q Local Address:P
- 0 0 *:8ers:(("nginx",2942,5),("nginx",2943,5))
$ ss -lp src :8088 Recv-Q Send-Q Local Address:P0 0 *:8ers:(("nginx",2942,5),("nginx",2943,5))
我們可以看到,是一個叫nginx的進程,進程id是2942。
當然,用lsof工具也可以看到,還會更簡單呢。lsof -i :80
好吧,就先簡單介紹到這了。