大家之前都比较常用netstat命令去获取本地server的一些连接信息, 或者利用该命令去编写一些脚本, 这个命令的优点在于已经基本上集成到windows, linux各个发行版内, 算是一个比较老牌的命令. 但对于日新月异的系统更新升级, 他对于高并发连接的系统往往会显露出执行效率缓慢的弊端.
今天给大家要介绍一个笔者最近才接触到的命令ss, 这个命令其实并不冷门, 基本在ubuntu, centos的minimal安装模式下系统都会将ss集成到kernel系统内, 这个命令的优点在于比netstat返回的信息更加简单直观, 语法简洁实用, 而且执行效率更高.
以下就给大家介绍利用ss的一些常用语法去检查本地网络连接状态.
1. 列出所有连接(tcp, udp, unix socket)
$ ss | less Netid State Recv-Q Send-Q Local Address: Port Peer Address: Port u_str ESTAB 0 0 * 15545 * 15544 u_str ESTAB 0 0 * 12240 * 12241 u_str ESTAB 0 0 @/tmp/dbus-2hQdRvvg49 12726 * 12159 u_str ESTAB 0 0 * 11808 * 11256 u_str ESTAB 0 0 * 15204 * 15205 .....
2. 分别过滤出tcp, udp, unix连接
1). tcp连接
$ ss -t State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.1.2:43839 108.160.162.37:http ESTAB 0 0 192.168.1.2:43622 199.59.149.201:https ESTAB 0 0 192.168.1.2:33141 83.170.73.249:ircd ESTAB 0 0 192.168.1.2:54028 74.125.135.125:xmpp-client
默认 -t 用来显示"establish"或者"connected", 如果要显示"Listening"状态的信息需使用 -at 参数
2). udp连接
$ ss -ua State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 192.168.1.2:48268 *:* UNCONN 0 0 192.168.1.2:56575 *:* UNCONN 0 0 *:40309 *:* UNCONN 0 0 192.168.1.2:56879 *:* UNCONN 0 0 *:49014 *:* UNCONN 0 0 192.168.1.2:53124 *:* UNCONN 0 0 127.0.1.1:domain *:*
3). unix连接
$ ss -x Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port u_str ESTAB 0 0 * 10415 * 0 u_str ESTAB 0 0 * 10416 * 0 u_str ESTAB 0 0 * 10420 * 0 ...
3. 不解析域名连接
$ ss -nt State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.1.2:43839 108.160.162.37:80 ESTAB 0 0 192.168.1.2:51350 74.125.200.84:443 ESTAB 0 0 192.168.1.2:33141 83.170.73.249:6667 ESTAB 0 0 192.168.1.2:54028 74.125.135.125:5222 ESTAB 0 0 192.168.1.2:48156 66.196.120.44:5050
4. 显示"Listening" tcp socket 非主机名连接
$ ss -ltn State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 5 127.0.1.1:53 *:* LISTEN 0 128 127.0.0.1:631 *:* LISTEN 0 128 ::1:631 :::*
若要显示utp连接则将t修改成u
5. 显示进程name和id
$ ss -ltp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:smtp *:*
LISTEN 0 128 127.0.0.1:9050 *:*
LISTEN 0 128 *:90 *:*
LISTEN 0 128 *:db-lsp *:* users:(("dropbox",3566,32))
LISTEN 0 5 127.0.0.1:6600 *:*
LISTEN 0 128 127.0.0.1:9000 *:* users:(("php5-fpm",1620,0),("php5-fpm",1619,0))
6. 获取统计信息
$ ss -s Total: 526 (kernel 0) TCP: 10 (estab 7, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0 Transport Total IP IPv6 * 0 - - RAW 0 0 0 UDP 15 9 6 TCP 10 9 1 INET 25 18 7 FRAG 0 0 0
7. 获取时间信息
$ ss -tn -o State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.1.2:43839 108.160.162.37:80 ESTAB 0 0 192.168.1.2:36335 204.144.140.26:80 timer:(keepalive,26sec,0) ESTAB 0 0 192.168.1.2:33141 83.170.73.249:6667 ESTAB 0 0 192.168.1.2:58857 74.121.141.84:80 timer:(keepalive,23sec,0) ESTAB 0 0 192.168.1.2:42794 173.194.40.239:80 timer:(keepalive,32sec,0)
8. 显示ipv4或者v6的连接
$ ss -tl -f inet State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 100 127.0.0.1:smtp *:* LISTEN 0 128 127.0.0.1:9050 *:* LISTEN 0 128 *:90 *:* LISTEN 0 128 *:db-lsp *:* LISTEN 0 5 127.0.0.1:6600 *:*
$ ss -tl6 State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 100 ::1:smtp :::* LISTEN 0 128 :::12865 :::* LISTEN 0 128 :::http :::* LISTEN 0 128 :::ssh :::* LISTEN 0 128 ::1:ipp :::*
9. 过滤tcp状态连接.
ss命令的好处在于可以过滤具体条件的连接, 常用的信息可以不需要额外利用管道符配合.
他的语法格式:
# ss [条件] [状态过滤] [地址过滤]
1). 显示所有ipv4 tcp connected状态的连接
$ ss -t4 state established Recv-Q Send-Q Local Address:Port Peer Address:Port 0 0 192.168.1.2:54436 165.193.246.23:https 0 0 192.168.1.2:43386 173.194.72.125:xmpp-client 0 0 192.168.1.2:38355 199.59.150.46:https 0 0 192.168.1.2:56198 108.160.162.37:http
2). 显示所有ipv4 tcp time-wait状态的连接
$ ss -t4 state time-wait Recv-Q Send-Q Local Address:Port Peer Address:Port 0 0 192.168.1.2:42261 199.59.150.39:https 0 0 127.0.0.1:43541 127.0.0.1:2633
以下是其他可用的状态
1. established 2. syn-sent 3. syn-recv 4. fin-wait-1 5. fin-wait-2 6. time-wait 7. closed 8. close-wait 9. last-ack 10. closing 11. all - All of the above states 12. connected - All the states except for listen and closed 13. synchronized - All the connected states except for syn-sent 14. bucket - Show states, which are maintained as minisockets, i.e. time-wait and syn-recv. 15. big - Opposite to bucket state.
10. 通过地址和端口号过滤
除了socket过滤, ss也支持基于地址和端口号的过滤格式.
1). 显示所有源地址和目的地址都为ssh端口的socket连接.
$ ss -at '( dport = :ssh or sport = :ssh )' State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:ssh *:* LISTEN 0 128 :::ssh :::*
2). 目的端口为443或80的所有socket连接.
$ ss -nt '( dst :443 or dst :80 )' State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.1.2:58844 199.59.148.82:443 ESTAB 0 0 192.168.1.2:55320 165.193.246.23:443 ESTAB 0 0 192.168.1.2:56198 108.160.162.37:80 ESTAB 0 0 192.168.1.2:54889 192.241.177.148:443 ESTAB 0 0 192.168.1.2:39893 173.255.230.5:80 ESTAB 0 0 192.168.1.2:33440 38.127.167.38:443
或者可以这么简写
$ ss -nt dst :443 or dst :80
更多例子: