Linux processes communicates with the socket between each other. There are tools to list, resolve, provide information about sockets. Ss is one of them. Netstat command can list and resolve the sockets too but it is slow because there is a lot of sockets. Ss gets information about socket from directly Linux kernel.
Linux进程彼此之间通过套接字进行通信。 有一些工具可以列出,解决和提供有关套接字的信息。 Ss是其中之一。 Netstat命令也可以列出和解析套接字,但是它很慢,因为有很多套接字。 Ss直接从Linux内核获取有关套接字的信息。
列出所有连接 (List All Connections)
First of all existing connections, listening Unix and Network sockets can be listed with -l
.
首先,在现有连接中,可以使用-l
列出监听的Unix和网络套接字。
$ ss -l
Netid
column specifies the type of the socket like nl, u_dgr,tcp,udpNetid
列指定套接字的类型,例如nl,u_dgr,tcp,udpState
column specifies current status of socket like listening, established etc.State
列指定套接字的当前状态,例如侦听,已建立等。Recv-Q
column shows received packetsRecv-Q
列显示收到的数据包Send-Q
column shows send packetsSend-Q
列显示发送数据包Local Address:Port
column shows local address and port or equivalent valuesLocal Address:Port
列显示本地地址和端口或等效值Remote Address:Port
column shows remote address and port or equivalent valuesRemote Address:Port
列显示远程地址和端口或等效值
筛选TCP连接(Filter TCP Connections)
Listing all connections will create a lot of output on the terminal especially in busy servers. Or we may need only TCP connections to list and inspect. There is two way to list only TCP connections. One way is using TCP option -t
directly. This will filter and list all ready established TCP connections.
列出所有连接将在终端上创建很多输出,尤其是在繁忙的服务器中。 或者,我们可能只需要TCP连接即可列出和检查。 有两种方法仅列出TCP连接。 一种方法是直接使用TCP选项-t
。 这将筛选并列出所有已建立的TCP连接。
$ ss -t
OR
要么
$ ss -A tcp
As we can see both command have printed the same output because they do same operation just their syntax is different. -A
option is used for simple and complex queries where we will look it below. We specify TCP protocol as query filter to only list TCP connections.
我们可以看到两个命令都打印了相同的输出,因为它们执行相同的操作,只是语法不同。 -A
选项用于简单和复杂的查询,我们将在下面显示。 我们将TCP协议指定为查询过滤器,以仅列出TCP连接。
筛选UDP套接字 (Filter UDP Sockets)
Like filtering TCP connections UDP connections can be filtered like below. In the first example, we will provide a direct option -u
to filter UDP sockets.
像过滤TCP连接一样,可以如下过滤UDP连接。 在第一个示例中,我们将提供直接选项-u
来过滤UDP套接字。
$ ss -ua
OR
要么
$ ss -a -A udp
As we can see previous examples we have provided extra option -a
because UDP is a connectionless protocol and we want to list sockets that can be listed with this option.
我们可以看到前面的示例,我们提供了额外的选项-a
因为UDP是无连接协议,并且我们希望列出可以使用此选项列出的套接字。
列出套接字,连接的所有状态 (List All Statuses of Sockets, Connections)
ss
command by default list only established and connected sockets/connections. Listening sockets will be eliminated. The -a
option will make to list all of them without eliminating.
ss
命令默认情况下仅列出已建立和已连接的套接字/连接。 监听套接字将被消除。 -a
选项将列出所有它们,而不会消除它们。
$ ss -a
过滤Unix套接字(Filter Unix Sockets)
Unix sockets are used for communication and exchange data between processes that resides in same Linux system. This socket mechanism is inherited from old Unix systems. All sockets in a Unix Linux system can be listed with the -x
or --unix
options.
Unix套接字用于在同一Linux系统中的进程之间进行通信和交换数据。 此套接字机制是从旧的Unix系统继承的。 可以使用-x
或--unix
选项列出Unix Linux系统中的所有套接字。
$ ss -x
过滤IPv4连接(Filter IPv4 Connections)
Linux network stack supports different protocols but as we know IPv4 is the most popular one which is mainly used for the internet. While printing network protocols all of them are listed like IPv4, IPv6, Apple Talk, etc. IPv4 protocols connections and sockets can be filtered with -4
or --ipv4
option like below.
Linux网络堆栈支持不同的协议,但是众所周知,IPv4是最流行的协议,主要用于Internet。 在打印网络协议时,将列出所有协议,例如IPv4,IPv6,Apple Talk等。可以使用-4
或--ipv4
选项过滤IPv4协议连接和套接字,如下所示。
$ ss -4
过滤IPv6连接(Filter IPv6 Connections)
As previously done IPv4 filtering for current connections and sockets. The same filtering can be done for IPv6 connections and sockets with -6
or --ipv6
options.
如前所述,对当前连接和套接字进行IPv4过滤。 可以使用-6
或--ipv6
选项对IPv6连接和套接字执行相同的筛选。
$ ss -6 -a
根据端口号过滤连接(Filter Connections According to Port Number)
Connects and sockets can be filtered according to their port numbers. Filtering this type of information requires special syntax and great flexibility to use. We will provide port number syntax by specifying ssh
port.
连接器和套接字可以根据其端口号进行过滤。 过滤这类信息需要特殊的语法和极大的使用灵活性。 我们将通过指定ssh
port提供端口号语法。
$ ss '( dport = :ssh or sport = :ssh )'
使用端口号(Using Port Numbers)
In this example, we have filtered according to both source and destination ports. While expressing ports we have used the protocol name but numbers are OK for port specification like below.
在此示例中,我们根据源端口和目标端口进行了过滤。 在表示端口时,我们使用了协议名称,但是对于如下所示的端口规范,编号是可以的。
$ ss '( dport = :22 or sport = :22 )'
根据IP地址过滤连接(Filter Connections According to IP Address)
We will filter connections according to IP address. Both destination and source hosts have an IP address. These are called
我们将根据IP地址过滤连接。 目标主机和源主机都具有IP地址。 这些叫做
dst
for a destination or remote IP address目的地或远程IP地址的
dst
src
for source or local IP address源或本地IP地址的
src
$ ss dst 192.168.122.1
根据状态过滤TCP连接(Filter TCP Connections According States)
As we know TCP protocol is a stateful protocol. What is stateful? Stateful simply means the source host create sessions for the network connection. TCP has the following states that are popular
众所周知,TCP协议是有状态协议。 什么是有状态的? 有状态只是意味着源主机为网络连接创建会话。 TCP具有下列流行的状态
listen
is used for service listening to a port or socketlisten
用于服务侦听端口或套接字established
used for already created connectionestablished
用于已创建的连接syn-sent
used for session creation is started for the TCP connection but not competed用于会话创建的
syn-sent
已为TCP连接启动,但没有竞争
In this example, we will look for established state TCP ports.
在此示例中,我们将查找已建立状态的TCP端口。
$ ss -t state established
解析主机名(Resolve Host Name)
Resolving hostname will convert and show IP addresses with their related hostnames. This will slow down the listing process but may be more useful and informative.
解析主机名将转换并显示IP地址及其相关主机名。 这将减慢上市过程,但可能会更有用和有用。
$ ss -t -r state established
解析主机名(Resolve Host Name)
Resolving hostname can be a slow down problem and easily disabled with -n
parameter like below.
解析主机名可能是一个缓慢的问题,可以使用-n
参数轻松禁用它,如下所示。
$ ss -t -n
仅显示侦听套接字(Show Only Listening Sockets)
By default only established sockets and ports are listed. To list listening ports and socket -l
option should be provided.
默认情况下,仅列出已建立的套接字和端口。 要列出监听端口,应提供套接字-l
选项。
$ ss -t -l
显示进程名称和进程ID(Show Process Name and Process ID)
While printing existing sockets and ports we may need related process names and IDs. This can be printed with -p
parameter. In this example, we will list the process name and id of the ssh port.
在打印现有的套接字和端口时,我们可能需要相关的进程名称和ID。 可以使用-p
参数进行打印。 在此示例中,我们将列出ssh端口的进程名称和ID。
$ sudo ss -t -p
As we can see the process name is sshd
and process id is 2337
with file descriptor 3
for one connection.
如我们所见,进程名称为sshd
,进程ID为2337
,一个连接的文件描述符为3
。
打印摘要统计 (Print Summary Statistics)
Statistics about the ports and sockets can be printed with -s
parameter.
可以使用-s
参数打印有关端口和套接字的统计信息。
$ sudo ss -s
In this example statistics about the RAW, UDO, TCP, INET and FRAG types with related IP protocol version like IPv4 and IPv6
在此示例中,有关RAW,UDO,TCP,INET和FRAG类型以及相关IP协议版本(例如IPv4和IPv6)的统计信息
显示计时器信息(Display Timer Information)
Timer options will provide information about the socket or connection. Timer information can be seen with -o
parameter.
计时器选项将提供有关套接字或连接的信息。 计时器信息可以通过-o
参数查看。
$ sudo ss -t -o
In this example, we can see the total time of the ssh connections and current TCP keep alive status.
在此示例中,我们可以看到ssh连接和当前TCP保持活动状态的总时间。
翻译自: https://www.poftut.com/linux-ss-command-tutorial-with-examples/