ss 过滤或者指定过滤

常用选项示例

[root@CentOS7.3 ~]#ss -an               #列出所有的sockets连接。   
[root@CentOS7.3 ~]#ss -tnl              #列出和tcp相关的sockets连接。
[root@CentOS7.3 ~]#ss -unl              #列出和udp相关的sockets连接。

匹配过滤本机ip地址和端口

[root@centos7.3 ~]#ss src :22               #匹配本机端口为22的连接
Netid State      Recv-Q Send-Q  Local Address:Port                   Peer Address:Port                
tcp   ESTAB      0      0      192.168.xxx.xxx:ssh                   192.168.166.1:63892                
tcp   ESTAB      0      52     192.168.xxx.xxx:ssh                   192.168.166.1:63076  
[root@centos7.3 ~]#ss src :ssh              #匹配所有ssh协议的连接
Netid State      Recv-Q Send-Q  Local Address:Port                   Peer Address:Port                
tcp   ESTAB      0      0      192.168.166.137:ssh                   192.168.166.1:63892                
tcp   ESTAB      0      52     192.168.166.137:ssh                   192.168.166.1:63076                
[root@centos7.4-1 ~]#ss src 192.168.1.2:ssh     #匹配单个IP地址的ssh协议连接
Netid State      Recv-Q Send-Q  Local Address:Port                   Peer Address:Port                
tcp   ESTAB      0      0      192.168.166.137:ssh                   192.168.166.1:63892                
tcp   ESTAB      0      52     192.168.166.137:ssh                   192.168.166.1:63076                

匹配过滤远程ip地址和端口

[root@centos7.4-1 ~]#ss dst 119.75.213.61           #匹配单个远程IP的所有连接
Netid State      Recv-Q Send-Q  Local Address:Port                   Peer Address:Port                
tcp   ESTAB      0      0        192.168.0.25:59484                 119.75.213.61:http                 
[root@centos7.4-1 ~]#ss dst 119.75.213.61:80        #只匹配单个IP地址的80端口
Netid State      Recv-Q Send-Q  Local Address:Port                   Peer Address:Port                
tcp   ESTAB      0      0        192.168.0.25:59484                 119.75.213.61:http                 

将本地或者远程端口和一个数比较

[root@centos7.3 ~]# ss  sport = :http 
[root@centos7.3 ~]# ss  dport = :http 
[root@centos7.3 ~]# ss  dport \> :1024 
[root@centos7.3 ~]# ss  sport \> :1024 
[root@centos7.3 ~]# ss sport \< :32000 
[root@centos7.3 ~]# ss  sport eq :22 
[root@centos7.3 ~]# ss  dport != :22 

使用state 过滤sockets信息

显示所有状态为established的http连接

[root@CentOS7.3 ~]#ss -o state established '( dport = :smtp or sport = :http )' 
Netid Recv-Q Send-Q       Local Address:Port                        Peer Address:Port 

显示处于 FIN-WAIT-1状态的源端口为 80或者 443，目标网络为 192.168.1/24所有 tcp套接字

ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 192.168.1/24

使用tcp连接的状态进行过滤

ss -4 state FILTER-NAME-HERE
ss -6 state FILTER-NAME-HERE

FILTER-NAME-HERE 可用状态：

established
syn-sent
syn-recv
fin-wait-1
fin-wait-2
time-wait
closed
close-wait
last-ack
closing
all             #所有以上状态。
connected       #除了listen and closed的所有状态。
synchronized    #所有已连接的状态除了syn-sent。
bucket          #显示状态为maintained as minisockets,如：time-wait和syn-recv。
big             #和bucket相反。

[root@CentOS7.3 ~]#ss -4 state closed
Netid Recv-Q Send-Q       Local Address:Port                        Peer Address:Port                
udp   0      0                        *:mdns                                   *:*                    
udp   0      0                        *:25506                                  *:*                    
udp   0      0            192.168.xxx.1:domain                                 *:*                    
udp   0      0                 *%virbr0:bootps                                 *:*                    
udp   0      0                        *:bootpc                                 *:*                    
udp   0      0                        *:53379                                  *:*