http://blog.lifeibo.com/?p=244
在实际工作中,熟练使用工具,可以为我们提高不少效率。今天我们简单了解下ss工具的使用。ss即socket state,也就是说,是可以查看系统中socket的状态的。我们可以用netstat,但为什么还要用ss这个工具呢,当然ss也是有好处的。当我们打开的socket数量很多时,netstat就会变得慢了。
我们先来看看ss的使用格式:
- $ ss [ OPTIONS ] [ STATE-FILTER ] [ ADDRESS-FILTER ]
$ ss [ OPTIONS ] [ STATE-FILTER ] [ ADDRESS-FILTER ]
options我从man手册里摘了过来:
-h – show help page
-? – the same, of course
-v, -V – print version of ss and exit
-s – print summary statistics. This option does not parse socket lists obtaining summary from various sources. It is useful when amount of sockets is so huge that parsing /proc/net/tcp is painful.
-D FILE – do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is – stdout is used.
-F FILE – read continuation of filter from FILE. Each line of FILE is interpreted like single command line option. If FILE is – stdin is used.
-r – try to resolve numeric address/ports
-n – do not try to resolve ports
-o – show some optional information, f.e. TCP timers
-i – show some infomration specific to TCP (RTO, congestion window, slow start threshould etc.)
-e – show even more optional information
-m – show extended information on memory used by the socket. It is available only with tcp_diag enabled.
-p – show list of processes owning the socket
-f FAMILY – default address family used for parsing addresses. Also this option limits listing to sockets supporting given address family. Currently the following families are supported: unix, inet, inet6, link, netlink.
-4 – alias for -f inet
-6 – alias for -f inet6
-0 – alias for -f link
-A LIST-OF-TABLES – list of socket tables to dump, separated by commas. The following identifiers are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream, packet_raw, packet_dgram.
-x – alias for -A unix
-t – alias for -A tcp
-u – alias for -A udp
-w – alias for -A raw
-a – show sockets of all the states. By default sockets in states LISTEN, TIME-WAIT, SYN_RECV and CLOSE are skipped.
-l – show only sockets in state LISTEN
ss的强大之处,大于可以设定过滤条件,我们可以根据socket的状态来进行过滤,也可通过端口与ip地址进行过滤。也就是我们在命令格式里面看到的STATE-FILTER与ADDRESS-FILTER。
首先看看STATE-FILTER,STATE-FILTER可用的过滤条件有:
1. 所有的TCP状态,包含:established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing.
2. all,包含所有的状态。
3. connected,除了listen与closed的所有其它状态。
4. synchronized,除了syn-sent的所有connected的状态。
5. bucket
6. big
使用时,如:
- $ ss state connected
$ ss state connected
再看看ADDRESS-FILTER,ADDRESS-FILTER用于过滤端口与地址。而且可以进行表达式组合。可用的子表达式有:
1. dst ADDRESS_PATTERN
2. src ADDRESS_PATTERN
3. dport RELOP PORT
4. sport RELOP PORT
5. autobound
其中ADDRESS_PATTERN为ip地址与端口匹配,ip:port,可以用*代替。RELOP为<= >=或==。
如:
- $ ss dst 192.168.0.1:80
- $ ss dport == 80
$ ss dst 192.168.0.1:80 $ ss dport == 80
多个子表达式之间可以组合,当然跟tcpdump一样,可以用or and not来组合。但括号要用转义符号表示。
如:
- $ ss -o state fin-wait-1 sport=:httporsport=:https sport=:httporsport=:https dst 193.233.7/24
$ ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 193.233.7/24
看看几个例子:
查看系统总体信息:
- $ ss -s
- Total: 85 (kernel 108)
- TCP: 15 (estab 4, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 12
- Transport Total IP IPv6
- * 108 - -
- RAW 0 0 0
- UDP 10 7 3
- TCP 15 12 3
- INET 25 19 6
- FRAG 0 0 0
$ ss -sTotal: 85 (kernel 108)TCP: 15 (estab 4, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 12Transport Total IP IPv6* 108 - -RAW 0 0 0UDP 10 7 3TCP 15 12 3INET 25 19 6FRAG 0 0 0
想看当前机器的8088端口被谁占用了:
- $ ss -lp src :8088
- Recv-Q Send-Q Local Address:P
- 0 0 *:8ers:(("nginx",2942,5),("nginx",2943,5))
$ ss -lp src :8088 Recv-Q Send-Q Local Address:P0 0 *:8ers:(("nginx",2942,5),("nginx",2943,5))
我们可以看到,是一个叫nginx的进程,进程id是2942。
当然,用lsof工具也可以看到,还会更简单呢。lsof -i :80
好吧,就先简单介绍到这了。
再分享一下我老师大神的人工智能教程吧。零基础!通俗易懂!风趣幽默!还带黄段子!希望你也加入到我们人工智能的队伍中来!https://blog.csdn.net/jiangjunshow
扫一扫
769
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
