linux ss的使用方法

http://blog.csdn.net/arkblue/article/details/7876210

ss的含义 Socket State

1 查看链接

[html]  view plain copy

  1. [admin@v035114 ~]$ ss  
  2. State      Recv-Q Send-Q                       Local Address:Port                           Peer Address:Port     
  3. ESTAB      0      0                            10.232.35.114:43583                          10.235.171.2:15888     
  4. ESTAB      0      0                            10.232.35.114:1023                           10.232.16.13:nfs       
  5. ESTAB      0      0                            10.232.35.114:54487                          10.232.36.75:ssh       
  6. ESTAB      0      0                            10.232.35.114:33943                          10.235.171.1:13888     
  7. SYN-SENT   0      1                            10.232.35.114:37613                         10.232.14.220:webcache   
  8. ESTAB      0      0                            10.232.35.114:34337                          10.232.17.73:ssh       
  9. ESTAB      0      0                            10.232.35.114:44849                          10.232.36.86:ssh       
  10. ESTAB      1392   0                            10.232.35.114:59068                         10.20.142.112:ssh       
  11. ESTAB      0      0                            10.232.35.114:38479                          10.232.36.88:ssh       
  12. ESTAB      0      0                            10.232.35.114:60156                          10.232.36.88:ssh       
  13. ESTAB      0      0                            10.232.35.114:51222                          10.232.36.86:ssh       
  14. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.35:ccmad     
  15. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.34:65432     
  16. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.34:50906     
  17. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.34:51239     
  18. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.34:53277     
  19. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.34:50813     

第一列表示状态

第二列和第三列的Send-Q和Recv-Q含义

Send-Q 对方没有收到的数据或者说没有Ack的,还是本地缓冲区。

count of bytes not acknowledged by the remote host.

Recv -Q 数据已经在本地接收缓冲,但是还没有recv()

The count of bytes not copied by the user program connected to this socket.

2 选项-n表示不解析服务名

[plain]  view plain copy

  1. [admin@v035114 ~]$ ss -n  
  2. State      Recv-Q Send-Q                         Local Address:Port                           Peer Address:Port   
  3. ESTAB      0      0                              10.232.35.114:43583                          10.235.171.2:15888   
  4. ESTAB      0      0                              10.232.35.114:33943                          10.235.171.1:13888   
  5. ESTAB      1392   0                              10.232.35.114:59068                         10.20.142.112:22      
  6. ESTAB      0      0                              10.232.35.114:60156                          10.232.36.88:22      
  7. ESTAB      0      0                              10.232.35.114:51222                          10.232.36.86:22      
  8. ESTAB      0      0                       ::ffff:10.232.35.114:22                       ::ffff:10.13.44.35:3114    
  9. ESTAB      0      0                       ::ffff:10.232.35.114:<span style="BACKGROUND-COLOR: #999900">22</span>                       ::ffff:10.13.44.34:50813   

端口22对应ssh

ss -l 显示本地打开的所有监听端口

[plain]  view plain copy

  1. [admin@v035114 ~]$ ss -l  
  2. Recv-Q Send-Q                            Local Address:Port                                Peer Address:Port     
  3. 0      0                                     127.0.0.1:15777                                          *:*         
  4. 0      0                                     127.0.0.1:15778                                          *:*         
  5. 0      0                                     127.0.0.1:smux                                           *:*         
  6. 0      0                                             *:50410                                          *:*         
  7. 0      0                                             *:netbios-ssn                                        *:*         
  8. 0      0                                             *:sunrpc                                         *:*         
  9. 0      0                                             *:http                                           *:*         
  10. 0      0                                             *:43698                                          *:*         
  11. 0      0                                             *:socks                                          *:*         
  12. 0      0                                             *:microsoft-ds                                        *:*         
  13. 0      0                                            :::ssh                                           :::*         

使用-n看看服务使用的端口

[plain]  view plain copy

  1. [admin@v035114 ~]$ ss -ln  
  2. Recv-Q Send-Q                              Local Address:Port                                Peer Address:Port   
  3. 0      0                                       127.0.0.1:15777                                          *:*       
  4. 0      0                                       127.0.0.1:15778                                          *:*       
  5. 0      0                                       127.0.0.1:199                                            *:*       
  6. 0      0                                               *:50410                                          *:*       
  7. 0      0                                               *:139                                            *:*       
  8. 0      0                                               *:111                                            *:*       
  9. 0      0                                               *:80                                             *:*       
  10. 0      0                                               *:43698                                          *:*       
  11. 0      0                                               *:1080                                           *:*       
  12. 0      0                                               *:445                                            *:*       
  13. 0      0                                              :::22                                            :::*       

22 对应ssh

80 对应http

111 对应sunrpc

139 对应netbios-ssn

4 -s 摘要

[plain]  view plain copy

  1. [admin@v035114 ~]$ ss -s   
  2. Total: 89 (kernel 114)  
  3. TCP:   44 (estab 9, closed 23, orphaned 0, synrecv 0, timewait 22/0), ports 80  
  4.   
  5. Transport Total     IP        IPv6  
  6. *         114       -         -          
  7. RAW       0         0         0          
  8. UDP       16        13        3          
  9. TCP       21        17        4          
  10. INET      37        30        7          
  11. FRAG      0         0         0         

orphaned什么意思?

最后的 ports 80 什么意思?

RAW、INET、FRAG什么意思?

IPv6 那一 列有好几行数值不为0 设么意思?

5 -t 显示TCP连接

[plain]  view plain copy

  1. [admin@v035114 ~]$ ss -t  
  2. State      Recv-Q Send-Q                       Local Address:Port                           Peer Address:Port     
  3. ESTAB      0      0                            10.232.35.114:59861                         10.235.144.41:ssh       
  4. ESTAB      0      0                            10.232.35.114:43583                          10.235.171.2:15888     
  5. ESTAB      0      0                            10.232.35.114:33943                          10.235.171.1:13888     
  6. ESTAB      1392   0                            10.232.35.114:59068                         10.20.142.112:ssh       
  7. ESTAB      0      0                            10.232.35.114:60156                          10.232.36.88:ssh       
  8. ESTAB      0      0                            10.232.35.114:51222                          10.232.36.86:ssh       
  9. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.35:ccmad     
  10. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.34:50813     
  11. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.50:54354     

6 -u显示UDP连接

[plain]  view plain copy

  1. [admin@v035114 ~]$ ss -t  
  2. State      Recv-Q Send-Q                       Local Address:Port                           Peer Address:Port     
  3. ESTAB      0      0                            10.232.35.114:59861                         10.235.144.41:ssh       
  4. ESTAB      0      0                            10.232.35.114:43583                          10.235.171.2:15888     
  5. ESTAB      0      0                            10.232.35.114:33943                          10.235.171.1:13888     
  6. ESTAB      1392   0                            10.232.35.114:59068                         10.20.142.112:ssh       
  7. ESTAB      0      0                            10.232.35.114:60156                          10.232.36.88:ssh       
  8. ESTAB      0      0                            10.232.35.114:51222                          10.232.36.86:ssh       
  9. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.35:ccmad     
  10. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.34:50813     
  11. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.50:54354     

7 -p显示使用socket的pid,第一次使用这个命令就是利用-p选项找java的pid,然后jstack java进程, ss -p | grep "db-ip"

[plain]  view plain copy

  1. [admin@v035114 ~]$ ss -p  
  2. State      Recv-Q Send-Q                       Local Address:Port                           Peer Address:Port     
  3. ESTAB      0      0                            10.232.35.114:59861                         10.235.144.41:ssh      users:(("ssh",<span style="BACKGROUND-COLOR: #999900">20182</span>,3))  
  4. ESTAB      0      0                            10.232.35.114:43583                          10.235.171.2:15888     
  5. ESTAB      0      0                            10.232.35.114:33943                          10.235.171.1:13888     
  6. ESTAB      1392   0                            10.232.35.114:59068                         10.20.142.112:ssh      users:(("ssh",<span style="BACKGROUND-COLOR: #999900">19281</span>,3))  
  7. SYN-SENT   0      1                            10.232.35.114:46842                         10.232.14.220:webcache   
  8. ESTAB      0      0                            10.232.35.114:60156                          10.232.36.88:ssh      users:(("ssh",<span style="BACKGROUND-COLOR: #999900">10249</span>,3))  
  9. ESTAB      0      0                            10.232.35.114:51222                          10.232.36.86:ssh      users:(("ssh",<span style="BACKGROUND-COLOR: #999900">10346</span>,3))  
  10. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.35:ccmad     
  11. ESTAB      0      180                   ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.34:50813     
  12. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.50:54354     

括号里面第3位不知道什么意思?
最后一行的::fffff:是什么意思?

8 -o显示定时器信息

[plain]  view plain copy

  1. [admin@v035114 ~]$ ss -o  
  2. State      Recv-Q Send-Q                       Local Address:Port                           Peer Address:Port     
  3. ESTAB      0      0                            10.232.35.114:59861                         10.235.144.41:ssh      timer:(keepalive,21min,0)  
  4. ESTAB      0      0                            10.232.35.114:43583                          10.235.171.2:15888     
  5. ESTAB      0      0                            10.232.35.114:33943                          10.235.171.1:13888    timer:(keepalive,6.248ms,0)  
  6. ESTAB      1392   0                            10.232.35.114:59068                         10.20.142.112:ssh      timer:(keepalive,19min,0)  
  7. SYN-SENT   0      1                            10.232.35.114:56005                         10.232.14.220:webcache  timer:(on,1.092ms,0)  
  8. ESTAB      0      0                            10.232.35.114:60156                          10.232.36.88:ssh      timer:(keepalive,32min,0)  
  9. ESTAB      0      0                            10.232.35.114:51222                          10.232.36.86:ssh      timer:(keepalive,30min,0)  
  10. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.35:ccmad    timer:(keepalive,11min,0)  
  11. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.34:50813    timer:(keepalive,18min,0)  
  12. ESTAB      0      0                     ::ffff:10.232.35.114:ssh                      ::ffff:10.13.44.50:54354    timer:(keepalive,21min,0)  

看到两个类型的timer,都不知道什么意思?

on

keepalive

9 -i 显示内部TCP信息,只打印后几列

[plain]  view plain copy

  1. [admin@v035114 ~]$ ss -i  
  2.         Local Address:Port              Peer Address:Port     
  3.         10.232.35.114:59861            10.235.144.41:ssh      rto:0.212 ato:0.04 cwnd:3 ssthresh:100 qack:11  
  4.         10.232.35.114:43583             10.235.171.2:15888    rto:0.204 ato:0.04 cwnd:3 ssthresh:100  
  5.         10.232.35.114:33943             10.235.171.1:13888    rto:0.212 ato:0.04 cwnd:3 ssthresh:100  
  6.         10.232.35.114:59068            10.20.142.112:ssh      rto:0.212 ato:0.04 cwnd:20 ssthresh:100  
  7.         10.232.35.114:43376            10.232.14.220:webcache   
  8.         10.232.35.114:60156             10.232.36.88:ssh      rto:0.204 ato:0.04 ssthresh:100 bidir  
  9.         10.232.35.114:51222             10.232.36.86:ssh      rto:0.204 ato:0.04 cwnd:3 ssthresh:100  
  10.  ::ffff:10.232.35.114:ssh         ::ffff:10.13.44.35:ccmad    rto:0.256 ato:0.04 cwnd:3 ssthresh:3 qack:14  
  11.  ::ffff:10.232.35.114:ssh         ::ffff:10.13.44.34:50813    rto:0.476 ato:0.04 cwnd:5 ssthresh:100 bidir  
  12.  ::ffff:10.232.35.114:ssh         ::ffff:10.13.44.50:54354    rto:0.316 ato:0.04 cwnd:4 ssthresh:100 qack:1  


rto

ato

cwnd

ssthresh 都是什么意思啊?

10  Filter过滤的例子

ss -o state established '( dport = :smtp or sport = :smtp )'   显示所有已建立的SMTP连接
ss -o state established '( dport = :http or sport = :http )'  显示所有已建立的HTTP连接

本文链接:https://my.lmcjl.com/post/1106.html

展开阅读全文

4 评论

留下您的评论.