1.Socket Statistics ~~SS
1 ss是Socket Statistics的縮寫。顧名思義,ss命令可以用來獲取socket統計信息,它可以顯示和netstat類似的內容。ss的優勢在於它能夠顯示更多更詳細的有關TCP和連接狀態的信息,而且比netstat更快速更高效。 2 3 當服務器的socket連接數量變得非常大時,無論是使用netstat命令還是直接cat /proc/net/tcp,執行速度都會很慢。 4 5 ss快的秘訣在於,它利用到了TCP協議棧中tcp_diag。tcp_diag是一個用於分析統計的模塊,可以獲得Linux 內核中第一手的信息,這就確保了ss的快捷高效。
2.語法
[root@db01 ~19:52:51]# ss --help Usage: ss [ OPTIONS ] ss [ OPTIONS ] [ FILTER ] -h, --help this message -V, --version output version information -n, --numeric don't resolve service names -r, --resolve resolve host names -a, --all display all sockets -l, --listening display listening sockets -o, --options show timer information -e, --extended show detailed socket information -m, --memory show socket memory usage -p, --processes show process using socket -i, --info show internal TCP information -s, --summary show socket usage summary -b, --bpf show bpf filter socket information -E, --events continually display sockets as they are destroyed -Z, --context display process SELinux security contexts -z, --contexts display process and socket SELinux security contexts -N, --net switch to the specified network namespace name -4, --ipv4 display only IP version 4 sockets -6, --ipv6 display only IP version 6 sockets -0, --packet display PACKET sockets -t, --tcp display only TCP sockets -S, --sctp display only SCTP sockets -u, --udp display only UDP sockets -d, --dccp display only DCCP sockets -w, --raw display only RAW sockets -x, --unix display only Unix domain sockets --vsock display only vsock sockets -f, --family=FAMILY display sockets of type FAMILY FAMILY := {inet|inet6|link|unix|netlink|vsock|help} -K, --kill forcibly close sockets, display what was closed -H, --no-header Suppress header line -A, --query=QUERY, --socket=QUERY QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram}[,QUERY] -D, --diag=FILE Dump raw information about TCP sockets to FILE -F, --filter=FILE read filter information from FILE FILTER := [ state STATE-FILTER ] [ EXPRESSION ] STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES} TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listen|closing} connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing} synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing} bucket := {syn-recv|time-wait} big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listen|closing}
3.查看進程使用的socket
[root@db01 ~19:56:55]# ss -pl Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port nl UNCONN 0 0 rtnl:kernel * nl UNCONN 0 0 rtnl:NetworkManager/6525 * nl UNCONN 0 0 rtnl:NetworkManager/6525 * nl UNCONN 768 0 tcpdiag:kernel * nl UNCONN 4352 0 tcpdiag:ss/10983 * nl UNCONN 0 0 xfrm:kernel * nl UNCONN 0 0 selinux:kernel * nl UNCONN 0 0 audit:kernel * nl UNCONN 0 0 audit:auditd/6368 * nl UNCONN 0 0 audit:systemd/1 * nl UNCONN 0 0 fiblookup:kernel * nl UNCONN 0 0 connector:kernel * nl UNCONN 0 0 uevent:-4119 * nl UNCONN 0 0 uevent:-4118 * nl UNCONN 0 0 uevent:-4117 * nl UNCONN 0 0 uevent:tuned/7134 * nl UNCONN 0 0 uevent:-4107 * nl UNCONN 0 0 uevent:systemd-logind/6529 * nl UNCONN 0 0 uevent:systemd/1 * nl UNCONN 0 0 uevent:NetworkManager/6525 * nl UNCONN 0 0 uevent:kernel * nl UNCONN 0 0 uevent:-4120 * nl UNCONN 0 0 uevent:tuned/7134 * nl UNCONN 0 0 uevent:-4120 * nl UNCONN 0 0 uevent:NetworkManager/6525 * nl UNCONN 0 0 uevent:-4119 * nl UNCONN 0 0 uevent:-4118 * nl UNCONN 0 0 uevent:-4117 * nl UNCONN 0 0 uevent:systemd-logind/6529 * nl UNCONN 0 0 uevent:-4107 * nl UNCONN 0 0 uevent:systemd/1 * nl UNCONN 0 0 genl:kernel * nl UNCONN 0 0 scsi-trans:kernel * p_dgr UNCONN 0 0 arp:eth1 * users:(("NetworkManager",pid=6525,fd=23)) p_dgr UNCONN 0 0 arp:eth0 * users:(("NetworkManager",pid=6525,fd=20)) u_str LISTEN 0 100 private/tlsmgr 40796 * 0 users:(("master",pid=7277,fd=29)) u_str LISTEN 0 100 private/rewrite 40799 * 0 users:(("master",pid=7277,fd=32)) u_str LISTEN 0 100 private/bounce 40802 * 0 users:(("master",pid=7277,fd=35)) u_str LISTEN 0 100 private/defer 40805 * 0 users:(("master",pid=7277,fd=38)) u_str LISTEN 0 100 private/trace 40808 * 0 users:(("master",pid=7277,fd=41)) u_str LISTEN 0 100 private/verify 40811 * 0 users:(("master",pid=7277,fd=44)) u_str LISTEN 0 100 private/proxymap 40817 * 0 users:(("master",pid=7277,fd=50)) u_str LISTEN 0 128 /var/run/rpcbind.sock 35101 * 0 users:(("rpcbind",pid=6501,fd=3),("systemd",pid=1,fd=33)) u_str LISTEN 0 100 private/proxywrite 40820 * 0 users:(("master",pid=7277,fd=53)) u_str LISTEN 0 100 private/smtp 40823 * 0 users:(("master",pid=7277,fd=56)) u_str LISTEN 0 100 private/relay 40826 * 0 users:(("master",pid=7277,fd=59)) u_str LISTEN 0 100 private/error 40832 * 0 users:(("master",pid=7277,fd=65)) u_str LISTEN 0 100 private/retry 40835 * 0 users:(("master",pid=7277,fd=68)) u_str LISTEN 0 100 private/discard 40838 * 0 users:(("master",pid=7277,fd=71)) u_str LISTEN 0 100 private/local 40841 * 0 users:(("master",pid=7277,fd=74)) u_str LISTEN 0 100 private/virtual 40844 * 0 users:(("master",pid=7277,fd=77)) u_str LISTEN 0 100 private/lmtp 40847 * 0 users:(("master",pid=7277,fd=80)) u_str LISTEN 0 100 private/anvil 40850 * 0 users:(("master",pid=7277,fd=83)) u_str LISTEN 0 128 /run/dbus/system_bus_socket 35110 * 0 users:(("dbus-daemon",pid=6504,fd=3),("systemd",pid=1,fd=35)) u_str LISTEN 0 100 private/scache 40853 * 0 users:(("master",pid=7277,fd=86)) u_str LISTEN 0 100 public/pickup 40785 * 0 users:(("pickup",pid=10810,fd=6),("master",pid=7277,fd=18)) u_str LISTEN 0 100 public/cleanup 40789 * 0 users:(("master",pid=7277,fd=22)) u_str LISTEN 0 100 public/qmgr 40792 * 0 users:(("qmgr",pid=7288,fd=6),("master",pid=7277,fd=25)) u_str LISTEN 0 128 /run/systemd/private 21077 * 0 users:(("systemd",pid=1,fd=12)) u_seq LISTEN 0 128 /run/udev/control 21098 * 0 users:(("systemd-udevd",pid=3010,fd=4),("systemd",pid=1,fd=22)) u_dgr UNCONN 0 0 /run/systemd/shutdownd 21103 * 0 users:(("systemd",pid=1,fd=26)) u_str LISTEN 0 70 /tmp/mysqlx.sock 78888 * 0 users:(("mysqld",pid=10620,fd=22)) u_str LISTEN 0 128 /tmp/mysql.sock 78891 * 0 users:(("mysqld",pid=10620,fd=28)) u_str LISTEN 0 10 /var/lib/gssproxy/default.sock 35815 * 0 users:(("gssproxy",pid=6505,fd=8)) u_str LISTEN 0 10 /var/run/abrt/abrt.socket 36018 * 0 users:(("abrtd",pid=6493,fd=8)) u_str LISTEN 0 100 public/flush 40814 * 0 users:(("master",pid=7277,fd=47)) u_str LISTEN 0 100 public/showq 40829 * 0 users:(("master",pid=7277,fd=62)) u_str LISTEN 0 32 /var/run/vmware/guestServicePipe 36556 * 0 users:(("VGAuthService",pid=6490,fd=8)) u_dgr UNCONN 0 0 /var/run/chrony/chronyd.sock 35810 * 0 users:(("chronyd",pid=6508,fd=8)) u_str LISTEN 0 10 /run/gssproxy.sock 35816 * 0 users:(("gssproxy",pid=6505,fd=9)) u_dgr UNCONN 0 0 /run/systemd/notify 8936 * 0 users:(("systemd",pid=1,fd=24)) u_dgr UNCONN 0 0 /run/systemd/cgroups-agent 8938 * 0 users:(("systemd",pid=1,fd=25)) u_str LISTEN 0 128 /run/systemd/journal/stdout 8952 * 0 users:(("systemd-journal",pid=2986,fd=3),("systemd",pid=1,fd=28)) u_dgr UNCONN 0 0 /run/systemd/journal/socket 8955 * 0 users:(("systemd-journal",pid=2986,fd=4),("systemd",pid=1,fd=29)) u_dgr UNCONN 0 0 /dev/log 8957 * 0 users:(("systemd-journal",pid=2986,fd=5),("systemd",pid=1,fd=30)) u_dgr UNCONN 0 0 * 36020 * 0 users:(("abrtd",pid=6493,fd=9)) u_dgr UNCONN 0 0 * 100181 * 8957 users:(("sshd",pid=10877,fd=4)) u_dgr UNCONN 0 0 * 92915 * 8957 users:(("pickup",pid=10810,fd=7)) u_dgr UNCONN 0 0 * 36709 * 8957 users:(("crond",pid=6550,fd=4)) u_dgr UNCONN 0 0 * 21970 * 21969 users:(("systemd-udevd",pid=3010,fd=10)) u_dgr UNCONN 0 0 * 35775 * 8957 users:(("gssproxy",pid=6505,fd=3)) u_dgr UNCONN 0 0 * 35794 * 8957 users:(("chronyd",pid=6508,fd=3)) u_dgr UNCONN 0 0 * 21450 * 8936 users:(("systemd-journal",pid=2986,fd=11)) u_dgr UNCONN 0 0 * 40749 * 8957 users:(("master",pid=7277,fd=3)) u_dgr UNCONN 0 0 * 21883 * 8955 users:(("systemd-udevd",pid=3010,fd=5)) u_dgr UNCONN 0 0 * 21969 * 21970 users:(("systemd-udevd",pid=3010,fd=9)) u_dgr UNCONN 0 0 * 21531 * 8955 users:(("systemd",pid=1,fd=32)) u_dgr UNCONN 0 0 * 36955 * 8957 users:(("dbus-daemon",pid=6504,fd=13)) u_dgr UNCONN 0 0 * 40891 * 8957 users:(("qmgr",pid=7288,fd=7)) u_dgr UNCONN 0 0 * 40155 * 8957 users:(("rsyslogd",pid=7131,fd=4)) u_dgr UNCONN 0 0 * 35835 * 0 users:(("VGAuthService",pid=6490,fd=3)) u_dgr UNCONN 0 0 * 100400 * 8957 users:(("sshd",pid=10903,fd=4)) u_dgr UNCONN 0 0 * 36845 * 8957 users:(("NetworkManager",pid=6525,fd=5)) u_dgr UNCONN 0 0 * 36393 * 8955 users:(("systemd-logind",pid=6529,fd=3)) u_dgr UNCONN 0 0 * 34415 * 8957 users:(("auditd",pid=6368,fd=8)) u_dgr UNCONN 0 0 * 36812 * 8957 users:(("polkitd",pid=6483,fd=11)) raw UNCONN 0 0 :::ipv6-icmp :::* users:(("NetworkManager",pid=6525,fd=17)) raw UNCONN 0 0 :::ipv6-icmp :::* users:(("NetworkManager",pid=6525,fd=15)) udp UNCONN 0 0 *:sunrpc *:* users:(("rpcbind",pid=6501,fd=6)) udp UNCONN 0 0 *:721 *:* users:(("rpcbind",pid=6501,fd=7)) udp UNCONN 0 0 127.0.0.1:323 *:* users:(("chronyd",pid=6508,fd=5)) udp UNCONN 0 0 :::sunrpc :::* users:(("rpcbind",pid=6501,fd=9)) udp UNCONN 0 0 :::721 :::* users:(("rpcbind",pid=6501,fd=10)) udp UNCONN 0 0 ::1:323 :::* users:(("chronyd",pid=6508,fd=6)) tcp LISTEN 0 128 *:sunrpc *:* users:(("rpcbind",pid=6501,fd=8)) tcp LISTEN 0 128 *:ssh *:* users:(("sshd",pid=7135,fd=3)) tcp LISTEN 0 100 127.0.0.1:smtp *:* users:(("master",pid=7277,fd=13)) tcp LISTEN 0 128 :::mysql :::* users:(("mysqld",pid=10620,fd=26)) tcp LISTEN 0 128 :::sunrpc :::* users:(("rpcbind",pid=6501,fd=11)) tcp LISTEN 0 128 :::ssh :::* users:(("sshd",pid=7135,fd=4)) tcp LISTEN 0 100 ::1:smtp :::* users:(("master",pid=7277,fd=14)) tcp LISTEN 0 70 :::33060 :::*
4.顯示所有UDP Sockets
[root@db01 ~20:02:07]# ss -u -a State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:sunrpc *:* UNCONN 0 0 *:721 *:* UNCONN 0 0 127.0.0.1:323 *:* UNCONN 0 0 :::sunrpc :::* UNCONN 0 0 :::721 :::* UNCONN 0 0 ::1:323 :::* 55.
5.查看建立的 TCP 連接
[root@db01 ~20:02:10]# ss -tna State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:111 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* ESTAB 0 0 10.0.0.51:22 10.0.0.1:3664 ESTAB 0 36 10.0.0.51:22 10.0.0.1:3670 LISTEN 0 128 :::3306 :::* LISTEN 0 128 :::111 :::* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 70 :::33060 :::*6.
6.使用 -p 選項查看監聽端口的程序名稱
[root@db01 ~20:06:37]# ss -tlp State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:sunrpc *:* users:(("rpcbind",pid=6501,fd=8)) LISTEN 0 128 *:ssh *:* users:(("sshd",pid=7135,fd=3)) LISTEN 0 100 127.0.0.1:smtp *:* users:(("master",pid=7277,fd=13)) LISTEN 0 128 :::mysql :::* users:(("mysqld",pid=10620,fd=26)) LISTEN 0 128 :::sunrpc :::* users:(("rpcbind",pid=6501,fd=11)) LISTEN 0 128 :::ssh :::* users:(("sshd",pid=7135,fd=4)) LISTEN 0 100 ::1:smtp :::* users:(("master",pid=7277,fd=14)) LISTEN 0 70 :::33060 :::*
6.常用參數
常用選項 -h, --help 幫助 -V, --version 顯示版本號 -t, --tcp 顯示 TCP 協議的 sockets -u, --udp 顯示 UDP 協議的 sockets -x, --unix 顯示 unix domain sockets,與 -f 選項相同 -n, --numeric 不解析服務的名稱,如 "22" 端口不會顯示成 "ssh" -l, --listening 只顯示處於監聽狀態的端口 -p, --processes 顯示監聽端口的進程(Ubuntu 上需要 sudo) -a, --all 對 TCP 協議來說,既包含監聽的端口,也包含建立的連接 -r, --resolve 把 IP 解釋為域名,把端口號解釋為協議名稱