The SS command is used to display the socket status It can display PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets and other statistics It displays more tcp and state information than other tools It is a very practical, fast and effective new tool to track IP connections and sockets SS command The following information can be provided:
- All TCP sockets
- All UDP sockets
- All ssh/ftp/ttp/https persistent connections
- All local processes connected to Xserver
- Use state (for example: connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), address and port filtering
- All state FIN-WAIT-1 tcpsocket connections and more
Many popular Linux distributions support ss and many monitoring tools use ss commands Being familiar with this tool will help you better find and solve system performance problems I strongly recommend using ss command to replace some commands of netstat, such as netsat -ant/lnt, etc
Show him to make a comparison and count the number of concurrent connections to the server
netstat # time netstat -ant | grep EST | wc -l 3100 real 0m12.960s user 0m0.334s sys 0m12.561s # time ss -o state established | wc -l 3204 real 0m0.030s user 0m0.005s sys 0m0.026s
It is obvious that the efficiency of ss in counting the number of concurrent connections is better than netstat. If ss can handle it, will you still choose netstat or hesitate? Take the following example or jump to the help page
Common ss commands:
- ss -l displays all ports opened locally
- ss -pl displays the specific open socket s of each process
- ss -t -a displays all TCP sockets
- ss -u -a displays all UDP Socekt
- SS - O state established '(dport =: SMTP or sport =: SMTP)' displays all established SMTP connections
- SS - O state established '(dport =: http or sport =: HTTP)' displays all established HTTP connections
- ss -x src /tmp/. X11 UNIX / * find out all processes connected to the X server
- ss -s lists the current socket details:
Displays the brief information of sockets, and lists the tcp connections that are currently connected, closed, and waiting
# ss -s Total: 3519 (kernel 3691) TCP: 26557 (estab 3163, closed 23182, orphaned 194, synrecv 0, timewait 23182/0), ports 1452 Transport Total IP IPv6 * 3691 - - RAW 2 2 0 UDP 10 7 3 TCP 3375 3368 7 INET 3387 3377 10 FRAG 0 0 0
List current listening ports
# ss -lRecv-Q Send-Q Local Address:Port Peer Address:Port 0 10 :::5989 :::* 0 5 *:rsync *:* 0 128 :::sunrpc :::* 0 128 *:sunrpc *:* 0 511 *:http *:* 0 128 :::ssh :::* 0 128 *:ssh *:* 0 128 :::35766 :::* 0 128 127.0.0.1:ipp *:* 0 128 ::1:ipp :::* 0 100 ::1:smtp :::* 0 100 127.0.0.1:smtp *:* 0 511 *:https *:* 0 100 :::1311 :::* 0 5 *:5666 *:* 0 128 *:3044 *:*
ss lists each process name and the port it listens on
# ss -pl
ss column all tcp sockets
# ss -t -a
ss list all udp sockets
# ss -u -a
ss lists the connections in all http connections
# ss -o state established '( dport = :http or sport = :http )'
The above includes 80 provided externally and 80 accessed externally Use the above command to perfectly replace netstat to obtain the number of http concurrent connections, which is commonly used in monitoring
ss lists which local process is connected to the x server
# ss -x src /tmp/.X11-unix/*
ss lists the http and https connections in FIN-WAIT-1 status
# ss -o state fin-wait-1 '( sport = :http or sport = :https )'
ss common state status:
- established
- syn-sent
- syn-recv
- fin-wait-1
- fin-wait-2
- time-wait
- closed
- close-wait
- last-ack
- listen
- closing
- all : All of the above states
- connected : All the states except for listen and closed
- synchronized : All the connected states except for syn-sent
- bucket : Show states, which are maintained as minisockets, i.e. time-wait and syn-recv.
- big : Opposite to bucket state.
ss use IP address filtering
- ss src ADDRESS_PATTERN
- src: indicates the source
- ADDRESS_PATTERN: indicates the address rule
As follows:
ss src 120.33.31.1 #Connections listed in 20.33.31.1
# List to 120.33.31.1,80 Port connection ss src 120.33.31.1:http ss src 120.33.31.1:8
ss using port filtering
- ss dport OP PORT
- OP: Yes operator
- PORT: indicates the PORT
- dport: indicates the target port for filtering. Conversely, there is sport
OP operators are as follows:
<= or le : Less than or equal to >= or ge : Greater than or equal to == or eq : be equal to != or ne : Not equal to port < or lt : Less than this port > or gt : Greater than port
OP instance
ss sport = :http It can also be ss sport = :80 ss dport = :http ss dport > :1024 ss sport > :1024 ss sport < :32000 ss sport eq :22 ss dport != :22 ss state connected sport = :http ss ( sport = :http or sport = :https ) ss -o state fin-wait-1 ( sport = :http or sport = :https ) dst 192.168.1/24
Why ss is faster than netstat:
Netstat traverses each PID directory under / proc, and ss directly reads the statistics under / proc/net. Therefore, ss consumes much less resources and time than netstat
ss command help
# ss -h
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, --help this message
-V, --version output version information
-n, --numeric don't resolve service names
-r, --resolve resolve host names
-a, --all display all sockets
-l, --listening display listening sockets
-o, --options show timer information
-e, --extended show detailed socket information
-m, --memory show socket memory usage
-p, --processes show process using socket
-i, --info show internal TCP information
-s, --summary show socket usage summary
-4, --ipv4 display only IP version 4 sockets
-6, --ipv6 display only IP version 6 sockets
-0, --packet display PACKET sockets
-t, --tcp display only TCP sockets
-u, --udp display only UDP sockets
-d, --dccp display only DCCP sockets
-w, --raw display only RAW sockets
-x, --unix display only Unix domain sockets
-f, --family=FAMILY display sockets of type FAMILY
-A, --query=QUERY, --socket=QUERY
QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
-D, --diag=FILE Dump raw information about TCP sockets to FILE
-F, --filter=FILE read filter information from FILE
FILTER := [ state TCP-STATE ] [ EXPRESSION ]Source: www.ttlsa.com com/linux-command/ss-replace-netstat/
