ss的含義 Socket State
1 查看連結
[admin@v035114 ~]$ ssState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:1023 10.232.16.13:nfs ESTAB 0 0 10.232.35.114:54487 10.232.36.75:ssh ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 SYN-SENT 0 1 10.232.35.114:37613 10.232.14.220:webcache ESTAB 0 0 10.232.35.114:34337 10.232.17.73:ssh ESTAB 0 0 10.232.35.114:44849 10.232.36.86:ssh ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:ssh ESTAB 0 0 10.232.35.114:38479 10.232.36.88:ssh ESTAB 0 0 10.232.35.114:60156 10.232.36.88:ssh ESTAB 0 0 10.232.35.114:51222 10.232.36.86:ssh ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:65432 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50906 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:51239 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:53277 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813
第一列表示狀態
第二列和第三列的Send-Q和Recv-Q含義
Send-Q 對方沒有收到的資料或者說沒有Ack的,還是本地緩衝區。
count of bytes not acknowledged by the remote host.
Recv -Q 資料已經在本地接收緩衝,但是還沒有recv()
The count of bytes not copied by the user program connected to this socket.
2 選項-n表示不解析服務名
[admin@v035114 ~]$ ss -nState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:22 ESTAB 0 0 10.232.35.114:60156 10.232.36.88:22 ESTAB 0 0 10.232.35.114:51222 10.232.36.86:22 ESTAB 0 0 ::ffff:10.232.35.114:22 ::ffff:10.13.44.35:3114 ESTAB 0 0 ::ffff:10.232.35.114:22 ::ffff:10.13.44.34:50813
連接埠22對應ssh
3
ss -l 顯示本地開啟的所有監聽連接埠
[admin@v035114 ~]$ ss -lRecv-Q Send-Q Local Address:Port Peer Address:Port 0 0 127.0.0.1:15777 *:* 0 0 127.0.0.1:15778 *:* 0 0 127.0.0.1:smux *:* 0 0 *:50410 *:* 0 0 *:netbios-ssn *:* 0 0 *:sunrpc *:* 0 0 *:http *:* 0 0 *:43698 *:* 0 0 *:socks *:* 0 0 *:microsoft-ds *:* 0 0 :::ssh :::*
使用-n看看服務使用的連接埠
[admin@v035114 ~]$ ss -lnRecv-Q Send-Q Local Address:Port Peer Address:Port 0 0 127.0.0.1:15777 *:* 0 0 127.0.0.1:15778 *:* 0 0 127.0.0.1:199 *:* 0 0 *:50410 *:* 0 0 *:139 *:* 0 0 *:111 *:* 0 0 *:80 *:* 0 0 *:43698 *:* 0 0 *:1080 *:* 0 0 *:445 *:* 0 0 :::22 :::*
22 對應ssh
80 對應http
111 對應sunrpc
139 對應netbios-ssn
4 -s 摘要
[admin@v035114 ~]$ ss -s Total: 89 (kernel 114)TCP: 44 (estab 9, closed 23, orphaned 0, synrecv 0, timewait 22/0), ports 80Transport Total IP IPv6* 114 - - RAW 0 0 0 UDP 16 13 3 TCP 21 17 4 INET 37 30 7 FRAG 0 0 0
orphaned什麼意思?
最後的 ports 80 什麼意思?
RAW、INET、FRAG什麼意思?
IPv6 那一 列有好幾行數值不為0 設麼意思?
5 -t 顯示TCP串連
[admin@v035114 ~]$ ss -tState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:59861 10.235.144.41:ssh ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:ssh ESTAB 0 0 10.232.35.114:60156 10.232.36.88:ssh ESTAB 0 0 10.232.35.114:51222 10.232.36.86:ssh ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.50:54354
6 -u顯示UDP串連
[admin@v035114 ~]$ ss -tState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:59861 10.235.144.41:ssh ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:ssh ESTAB 0 0 10.232.35.114:60156 10.232.36.88:ssh ESTAB 0 0 10.232.35.114:51222 10.232.36.86:ssh ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.50:54354
7 -p顯示使用socket的pid,第一次使用這個命令就是利用-p選項找java的pid,然後jstack java進程, ss -p | grep "db-ip"
[admin@v035114 ~]$ ss -pState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:59861 10.235.144.41:ssh users:(("ssh",20182,3))ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:ssh users:(("ssh",19281,3))SYN-SENT 0 1 10.232.35.114:46842 10.232.14.220:webcache ESTAB 0 0 10.232.35.114:60156 10.232.36.88:ssh users:(("ssh",10249,3))ESTAB 0 0 10.232.35.114:51222 10.232.36.86:ssh users:(("ssh",10346,3))ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad ESTAB 0 180 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813 ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.50:54354
括弧裡面第3位不知道什麼意思?
最後一行的::fffff:是什麼意思?
8 -o顯示定時器資訊
[admin@v035114 ~]$ ss -oState Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 10.232.35.114:59861 10.235.144.41:ssh timer:(keepalive,21min,0)ESTAB 0 0 10.232.35.114:43583 10.235.171.2:15888 ESTAB 0 0 10.232.35.114:33943 10.235.171.1:13888 timer:(keepalive,6.248ms,0)ESTAB 1392 0 10.232.35.114:59068 10.20.142.112:ssh timer:(keepalive,19min,0)SYN-SENT 0 1 10.232.35.114:56005 10.232.14.220:webcache timer:(on,1.092ms,0)ESTAB 0 0 10.232.35.114:60156 10.232.36.88:ssh timer:(keepalive,32min,0)ESTAB 0 0 10.232.35.114:51222 10.232.36.86:ssh timer:(keepalive,30min,0)ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad timer:(keepalive,11min,0)ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813 timer:(keepalive,18min,0)ESTAB 0 0 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.50:54354 timer:(keepalive,21min,0)
看到兩個類型的timer,都不知道什麼意思?
on
keepalive
9 -i 顯示內部TCP資訊,只列印後幾列
[admin@v035114 ~]$ ss -i Local Address:Port Peer Address:Port 10.232.35.114:59861 10.235.144.41:ssh rto:0.212 ato:0.04 cwnd:3 ssthresh:100 qack:11 10.232.35.114:43583 10.235.171.2:15888 rto:0.204 ato:0.04 cwnd:3 ssthresh:100 10.232.35.114:33943 10.235.171.1:13888 rto:0.212 ato:0.04 cwnd:3 ssthresh:100 10.232.35.114:59068 10.20.142.112:ssh rto:0.212 ato:0.04 cwnd:20 ssthresh:100 10.232.35.114:43376 10.232.14.220:webcache 10.232.35.114:60156 10.232.36.88:ssh rto:0.204 ato:0.04 ssthresh:100 bidir 10.232.35.114:51222 10.232.36.86:ssh rto:0.204 ato:0.04 cwnd:3 ssthresh:100 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.35:ccmad rto:0.256 ato:0.04 cwnd:3 ssthresh:3 qack:14 ::ffff:10.232.35.114:ssh ::ffff:10.13.44.34:50813 rto:0.476 ato:0.04 cwnd:5 ssthresh:100 bidir ::ffff:10.232.35.114:ssh ::ffff:10.13.44.50:54354 rto:0.316 ato:0.04 cwnd:4 ssthresh:100 qack:1
rto
ato
cwnd
ssthresh 都是什麼意思啊?
10 Filter過濾的例子
ss -o state established '( dport = :smtp or sport = :smtp )' 顯示所有已建立的SMTP串連
ss -o state established '( dport = :http or sport = :http )' 顯示所有已建立的HTTP串連
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
