Linux 下 ss 命令使用示例

2018/10 29 15:10

netstat 已经过时了, ss网络命令 是功能更强大的命令 。

(本文译自 http://www.sanfoundry.com/ss-command-usage-examples-in-linux/

这篇教程解释了Linux 的“ss”命令,并通过举例给出了一些用法。

ss – socket statistics

描述

ss 用来倒出socket 的统计数据。 它显示跟 netstat 类似的信息,但能显示比其它工具更详细的TCP 状态信息。

用法
ss [选项] [过滤]

选项
如果没有指定任何选项,ss 列出所有已经建立、并不处在listen的TCP 套接字。

-h, –help

列出选项概要

-V,–version
输出版本信息

-n, –numeric
不尝试解析服务的名字

-r,–resolve
尝试解析数字地址/端口

-a,–all
显示处在listening 和 非listening 状态的套接字(对TCP来说,这意味所有已建立的连接)。

-l,–listening
只显示处在 listening 状态的套接字(默认情况下它们是被忽略的)

* -o, –options*
显示定时器信息

-e,–extended
显示详细的套接字信息

-m,–memory
显示套接字的内存使用信息

-p, –process
显示使用套接字的进程

-i, –info
显示TCP内部信息

-s,–summary
显示概要统计。该选项不分析来自不同来源的套接字概要信息。 当套接字的数量很大导致分析/proc/net/tcp 很痛苦时,它很有用。

-Z,–context
同 -p 选项,不过还显示进程的安全上下文

-z,–contexts
同 -Z, 不过还显示套接字的上下文。 该套接字上下文是从inode里取出的、并不是内核持有的实际的socket上下文。 套接子通常以创建它的进程上下文标记, 但该上下文会反映已应用上的policy role, type and/or range , 因此这是个很有用的参考。

-b,-bpf
显示套接字的BPF过滤(只有管理员能获取这些信息)

-4,–ipv4
只显示IPv4 套接字(-f inet的别名)

-6,–ipv6
只显示IPv6 套接字(-f inet6的别名)

-0,–packet
显示PACKET 套接字(-f link的别名)

-t,–tcp
显示 TCP 套接字

-u,–udp
显示UDP 套接字

-d,–dccp
显示 DCCP 套接字

-w,–raw
显示 RAW 套接字

-x,–unix
显示 Unix Domain 套接字(-f unix的别名)

-f FAMILY,–family=FAMILY
显示类型为FAMILY的套接字。 支持以下几个family: unix, inet,inet6,link,netlink

-A QUERY, –query=QUERY, –socket=QUERY 
列出需要倒出的套接字列表,用逗号隔开。 支持以下标识符: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream, unix_seqpacket, packet_raw, packet_dgram

-D FILE, –diag=FILE
不显示任何内容,仅把原始TCP套接字信息存入文件FILE。 如果FILE为 – , 则使用stdout作为输出。

-F FILE, –filter=FILE
从文件FILE中读取信息。 文件的每一行被认为是单个命令行参数。 如果FILE为 – , 则使用stdin。

* FILTER := [ state TCP-STATE ] [ EXPRESSION ] *
请参考filter的官方文档(debian 包 iproute-doc).

例子
1. 显示所有的连接

 $ ss | less
Netid  State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port   
u_str  ESTAB      0      0                    * 207499                * 207500 
u_str  ESTAB      0      0      @/tmp/dbus-HulwP2Cqbm 207393                * 207392 
u_str  ESTAB      0      0      @/tmp/.X11-unix/X0 206529                * 206528 
u_str  ESTAB      0      0                    * 206446                * 206447 
u_str  ESTAB      0      0      @/tmp/dbus-HulwP2Cqbm 205775                * 205774 
u_str  ESTAB      0      0      @/tmp/dbus-HulwP2Cqbm 205578                * 205577 
u_str  ESTAB      0      0      @/tmp/dbus-HulwP2Cqbm 207082                * 207081 
u_str  ESTAB      0      0      @/dbus-vfs-daemon/socket-eEA5oIcY 228375                * 0      
u_str  ESTAB      0      0                    * 206971                * 206972 
u_str  ESTAB      0      0                    * 205301                * 205302 
u_str  ESTAB      0      0      @/tmp/dbus-HulwP2Cqbm 206668                * 206667 
u_str  ESTAB      0      0      @/dbus-vfs-daemon/socket-rCip3gc7 205882                * 205881 
u_str  ESTAB      0      0                    * 205170                * 205171 
u_str  ESTAB      0      0                    * 7967                  * 7968 
....
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17

2.把TCP连接过滤出来:

 $ ss -aA tcp
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
LISTEN     0      5               127.0.1.1:domain                   *:*       
LISTEN     0      128             127.0.0.1:ipp                      *:*       
CLOSE-WAIT 1      0          192.168.42.250:58390      103.245.222.184:http    
TIME-WAIT  0      0          192.168.10.148:56833        74.125.236.99:http    
CLOSE-WAIT 1      0          192.168.10.140:35766      103.245.222.184:http    
CLOSE-WAIT 1      0          192.168.42.250:58392      103.245.222.184:http    
TIME-WAIT  0      0          192.168.10.148:49839         23.57.219.27:http    
ESTAB      0      0          192.168.10.148:53060        173.194.36.41:https   
CLOSE-WAIT 1      0          192.168.10.140:35765      103.245.222.184:http    
TIME-WAIT  0      0          192.168.10.148:47000        74.125.28.100:http    
CLOSE-WAIT 1      0          192.168.42.250:58391      103.245.222.184:http    
TIME-WAIT  0      0          192.168.10.148:38878        173.194.36.46:http    
CLOSE-WAIT 1      0          192.168.10.140:35763      103.245.222.184:http    
CLOSE-WAIT 1      0          192.168.10.140:35764      103.245.222.184:http    
CLOSE-WAIT 1      0          192.168.42.250:58389      103.245.222.184:http    
LISTEN     0      128                   ::1:ipp                     :::*       
CLOSE-WAIT 1      0                     ::1:55327                  ::1:ipp
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19

$ ss -at
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
LISTEN     0      5               127.0.1.1:domain                   *:*       
LISTEN     0      128             127.0.0.1:ipp                      *:*       
CLOSE-WAIT 1      0          192.168.42.250:58390      103.245.222.184:http    
TIME-WAIT  0      0          192.168.10.148:56833        74.125.236.99:http    
CLOSE-WAIT 1      0          192.168.10.140:35766      103.245.222.184:http    
CLOSE-WAIT 1      0          192.168.42.250:58392      103.245.222.184:http    
TIME-WAIT  0      0          192.168.10.148:49839         23.57.219.27:http    
ESTAB      0      0          192.168.10.148:53060        173.194.36.41:https   
CLOSE-WAIT 1      0          192.168.10.140:35765      103.245.222.184:http    
TIME-WAIT  0      0          192.168.10.148:47000        74.125.28.100:http    
CLOSE-WAIT 1      0          192.168.42.250:58391      103.245.222.184:http    
TIME-WAIT  0      0          192.168.10.148:38878        173.194.36.46:http    
CLOSE-WAIT 1      0          192.168.10.140:35763      103.245.222.184:http    
CLOSE-WAIT 1      0          192.168.10.140:35764      103.245.222.184:http    
CLOSE-WAIT 1      0          192.168.42.250:58389      103.245.222.184:http    
LISTEN     0      128                   ::1:ipp                     :::*       
CLOSE-WAIT 1      0                     ::1:55327                  ::1:ipp
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19

3.过滤出UDP连接

 $ ss -aA udp
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
UNCONN     0      0                       *:58718                    *:*       
UNCONN     0      0               127.0.1.1:domain                   *:*       
UNCONN     0      0                       *:bootpc                   *:*       
UNCONN     0      0                       *:mdns                     *:*       
UNCONN     0      0                       *:27412                    *:*       
UNCONN     0      0                      :::62912                   :::*       
UNCONN     0      0                      :::mdns                    :::*       
UNCONN     0      0                      :::46372                   :::*
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10

$ ss -au
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
UNCONN     0      0                       *:58718                    *:*       
UNCONN     0      0               127.0.1.1:domain                   *:*       
UNCONN     0      0                       *:bootpc                   *:*       
UNCONN     0      0                       *:mdns                     *:*       
UNCONN     0      0                       *:27412                    *:*       
UNCONN     0      0                      :::62912                   :::*       
UNCONN     0      0                      :::mdns                    :::*       
UNCONN     0      0                      :::46372                   :::*
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10

4.不解析主机名
为了加快输出的速度,用”n”选项防止ss 解析IP地址到主机名。不过这同样阻止了对端口名的解析。

 $ ss -nt
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
CLOSE-WAIT 1      0            192.168.42.250:58390      103.245.222.184:80    
ESTAB      0      0            192.168.10.148:56390       63.245.216.132:443   
CLOSE-WAIT 1      0            192.168.10.140:35766      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.42.250:58392      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.10.140:35765      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.42.250:58391      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.10.140:35763      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.10.140:35764      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.42.250:58389      103.245.222.184:80    
CLOSE-WAIT 1      0                       ::1:55327                  ::1:631
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12

5.只显示监听的套接字

$ ss -lnt
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      5                 127.0.1.1:53                       *:*     
LISTEN     0      128               127.0.0.1:631                      *:*     
LISTEN     0      128                     ::1:631                     :::*
  • 1
  • 2
  • 3
  • 4
  • 5

6.打印进程名和进程号

# ss -ltp
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
LISTEN     0      5               127.0.1.1:domain                   *:*        users:(("dnsmasq",1199,5))
LISTEN     0      128             127.0.0.1:ipp                      *:*        users:(("cupsd",793,10))
LISTEN     0      128                   ::1:ipp                     :::*        users:(("cupsd",793,9))
  • 1
  • 2
  • 3
  • 4
  • 5

7.打印统计概要

$ ss -s
Total: 648 (kernel 0)
TCP:   12 (estab 0, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0

Transport Total     IP        IPv6
*     0         -         -        
RAW   0         0         0        
UDP   8         5         3        
TCP   12        10        2        
INET      20        15        5        
FRAG      0         0         0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

8.仅显示IPv4 或 IPv6 连接

$ ss -tl -f inet
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
LISTEN     0      5               127.0.1.1:domain                   *:*       
LISTEN     0      128             127.0.0.1:ipp                      *:*


$ ss -tl6
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
LISTEN     0      128                   ::1:ipp                     :::*
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

10 列出处在 time-wait 状态的 IPv4 套接字


$ ss -t4 state time-wait
Recv-Q Send-Q         Local Address:Port             Peer Address:Port   
0      0                192.168.1.2:42261           199.59.150.39:https   
0      0                  127.0.0.1:43541               127.0.0.1:2633
  • 1
  • 2
  • 3
  • 4
  • 5

注意: 状态可以是以下任意一种

stablished
yn-sent
yn-recv
in-wait-1
in-wait-2
ime-wait
losed
lose-wait
ast-ack
closing
all – All of the above states
connected – All the states except for listen and closed
synchronized – All the connected states except for syn-sent
bucket – Show states, which are maintained as minisockets, i.e. time-wait and syn-recv.
big – Opposite to bucket state.

11 显示所有源端口或目的端口为 ssh 的套接字

$ ss -at '( dport = :ssh or sport = :ssh )'
State      Recv-Q Send-Q    Local Address:Port        Peer Address:Port   
LISTEN     0      128                   *:ssh                    *:*       
LISTEN     0      128                  :::ssh                   :::*
  • 1
  • 2
  • 3
  • 4

12 显示目的端口是443或80的套接字


$ ss -nt '( dst :443 or dst :80 )'
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
CLOSE-WAIT 1      0            192.168.42.250:58390      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.10.140:35766      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.42.250:58392      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.10.140:35765      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.42.250:58391      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.10.140:35763      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.10.140:35764      103.245.222.184:80    
CLOSE-WAIT 1      0            192.168.42.250:58389      103.245.222.184:80
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

13 对地址和端口过滤

$ ss -nt dst 103.245.222.184:80
State Recv-Q Send-Q Local Address:Port Peer Address:Port
CLOSE-WAIT 1 0 192.168.42.250:58390 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.10.140:35766 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.42.250:58392 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.10.140:35765 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.42.250:58391 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.10.140:35763 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.10.140:35764 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.42.250:58389 103.245.222.184:80

14 仅过滤端口

$ ss -nt dport = :80
State Recv-Q Send-Q Local Address:Port Peer Address:Port
CLOSE-WAIT 1 0 192.168.42.250:58390 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.10.140:35766 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.42.250:58392 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.10.140:35765 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.42.250:58391 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.10.140:35763 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.10.140:35764 103.245.222.184:80
CLOSE-WAIT 1 0 192.168.42.250:58389 103.245.222.184:80

15 显示对方端口号小于100的套接字

# ss -nt dport \< :100

16 显示端口号大于1024的套接字

# sudo ss -nt sport gt :1024

17 显示对方端口是 80的套接字

sudo ss -nt state connected dport = :80

--转载请注明: http://91o.cc/linux-%e4%b8%8b-ss-%e5%91%bd%e4%bb%a4%e4%bd%bf%e7%94%a8%e7%a4%ba%e4%be%8b/

发表回复

(必填)