Linux command – ss (Socket Statistics)

Loading

以前會用 netstat – https://benjr.tw/22383 來監控網路連線狀態,這邊介紹另外一隻功能相似,功能更強的 新工具 ss (Socket Statistics).

測試環境為 CentOS 7 x86_64.

# ss [options] [ FILTER ]

直接來看一下 man ss 提供的範例.

Display all TCP sockets.

[root@localhost ~]$ ss -t -a
State      Recv-Q Send-Q    Local Address:Port                     Peer Address:Port                
LISTEN     0      128                   *:sunrpc                              *:*                    
LISTEN     0      5         192.168.122.1:domain                              *:*                    
LISTEN     0      128                   *:ssh                                 *:*                    
LISTEN     0      128           127.0.0.1:ipp                                 *:*                    
ESTAB      0      0         172.16.15.132:ssh                       172.16.15.1:51647                
LISTEN     0      128                  :::sunrpc                             :::*                    
LISTEN     0      128                  :::ssh                                :::*                    
LISTEN     0      128                 ::1:ipp                                :::*  

參數:

  • -t, –tcp
    Display TCP sockets.
  • -a, –all
    Display both listening and non-listening (for TCP this means established connections) sockets.

Display all TCP sockets with process SELinux security contexts.

[root@localhost ~]$ ss -t -a -Z
State      Recv-Q Send-Q    Local Address:Port                     Peer Address:Port                
LISTEN     0      128                   *:sunrpc                              *:*                     users:(("systemd",pid=1,proc_ctx=system_u:system_r:init_t:s0,fd=47))
LISTEN     0      5         192.168.122.1:domain                              *:*                     users:(("dnsmasq",pid=1462,proc_ctx=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023,fd=6))
LISTEN     0      128                   *:ssh                                 *:*                     users:(("sshd",pid=1057,proc_ctx=system_u:system_r:sshd_t:s0-s0:c0.c1023,fd=3))
LISTEN     0      128           127.0.0.1:ipp                                 *:*                     users:(("cupsd",pid=1059,proc_ctx=system_u:system_r:cupsd_t:s0-s0:c0.c1023,fd=12))
ESTAB      0      0         172.16.15.132:ssh                       172.16.15.1:51647                 users:(("sshd",pid=2617,proc_ctx=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023,fd=3))
LISTEN     0      128                  :::sunrpc                             :::*                     users:(("systemd",pid=1,proc_ctx=system_u:system_r:init_t:s0,fd=46))
LISTEN     0      128                  :::ssh                                :::*                     users:(("sshd",pid=1057,proc_ctx=system_u:system_r:sshd_t:s0-s0:c0.c1023,fd=4))
LISTEN     0      128                 ::1:ipp                                :::*                     users:(("cupsd",pid=1059,proc_ctx=system_u:system_r:cupsd_t:s0-s0:c0.c1023,fd=11))
  • -Z, –context
    As the -p option but also shows process security context.

Display all UDP sockets.

[root@localhost ~]$ ss -u -a
State      Recv-Q Send-Q    Local Address:Port                     Peer Address:Port                
UNCONN     0      0         192.168.122.1:domain                              *:*                    
UNCONN     0      0              *%virbr0:bootps                              *:*                    
UNCONN     0      0                     *:bootpc                              *:*                    
UNCONN     0      0                     *:43723                               *:*                    
UNCONN     0      0                     *:mdns                                *:*                    
UNCONN     0      0             127.0.0.1:323                                 *:*                    
UNCONN     0      0                     *:34670                               *:*                    
UNCONN     0      0                    :::26308                              :::*                    
UNCONN     0      0                   ::1:323                                :::*   
  • -u, –udp
    Display UDP sockets.

Display all established ssh connections.

[root@localhost ~]$ ss -o state established dport = :ssh
Netid  Recv-Q Send-Q      Local Address:Port                       Peer Address:Port                
[root@localhost ~]$ ss -o state established sport = :ssh
Netid  Recv-Q Send-Q      Local Address:Port                       Peer Address:Port                
tcp    0      0           172.16.15.132:ssh                         172.16.15.1:51647                 timer:(keepalive,93min,0)

List all the tcp sockets in state FIN-WAIT

[root@localhost ~]$ ss -o state fin-wait-1 sport = :http
Netid  Recv-Q Send-Q  Local Address:Port                   Peer Address:Port 
  • -o, –options
    Show timer information.
  • STATE-FILTER
    All standard TCP states: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing.
  • dport – Destination Port
  • sport – Source Port

Find all local processes connected to X server.

[root@localhost ~]$ ss -x src /tmp/.X11-unix/*
Netid  State      Recv-Q Send-Q Local Address:Port                  Peer Address:Port   
  • -x, –unix
    Display Unix domain sockets.
沒有解決問題,試試搜尋本站其他內容

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料