用途
输出socket统计,无任何参数时默认显示的是已建立socket连接的列表
用法
ss [options] [ FILTER ]常用选项
-h, --help
显示帮助信息
-V, --version
显示版本信息
-n, --numeric
数字代替名字显示
-r, --resolve
正好和-n选项相反
-a, --all
显示所有状态的连接
-l, --listening
仅显示监听状态的连接
-o, --options
显示定时器信息
-e, --extended
显示详细的socket信息
-m, --memory
显示socket内存使用
-p, --processes
显示进程名
-i, --info
显示tcp内部的统计信息
-s, --summary
输出网络连接统计信息
-4, --ipv4
仅显示ipv4的socket
-6, --ipv6
仅显示ipv6的socket
-0, --packet
显示packet的socket
-t, --tcp
显示tcp
-u, --udp
显示udp
-d, --dccp
显示dccp
-w, --raw
显示raw
-x, --unix
显示unix domain sockets
-f FAMILY, --family=FAMILY
显示的协议族,目前只支持;unix, inet, inet6, link,netlink
-A QUERY, --query=QUERY, --socket=QUERY
List of socket tables to dump, separated by commas. The following identifiers are understood: all, inet,tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream, packet_raw, packet_dgram.
-D FILE, --diag=FILE
Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used.
-F FILE, --filter=FILE
Read filter information from FILE. Each line of FILE is interpreted like single command line option. If FILE is - stdin is used.
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
Please take a look at the official documentation (Debian package iproute-doc) for details regarding filters.
实践
1 显示所有的tcp连接
ss -t -a
2 显示所有的udp连接
ss -u -a
3 显示所有已建立的ssh连接
[root@vm ~]# ss -o state established '( dport = :ssh or sport = :ssh )'
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 10.0.2.4:ssh 10.0.2.2:51447 timer:(keepalive,87min,0)
0 0 10.0.2.4:ssh 10.0.2.2:51445 timer:(keepalive,86min,0)4 查询连接到本地X server的进程
[root@vm ~]# ss -x src /tmp/.X11-unix/*
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
You have new mail in /var/spool/mail/root5 找出状态为fin-wait-1且目的网络段是193.233.7/24的http(s)连接
[root@vm ~]# ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24
Recv-Q Send-Q Local Address:Port Peer Address:Port
You have new mail in /var/spool/mail/root参考资料
【1】man ss
