ss--分析套接字实用工具

时间 2019-12-20

标签分析实用工具繁體版

原文原文链接

ss经常使用分析套接字相关的分析，功能和netstat相似，但比netstat速度更快、功能更多
bash

经常使用选项：tcp

-s：打印出统计信息
ide

-t：打印出tcp相关的信息（默认显示ESTAB相的信息）
spa

-l：打印出listen相关的链接
队列

-n：不解析域名、协议、端口号等
ip

-4：只显示ipv4的链接
域名

用法示例一：显示套接字链接统计信息it

[root@admin test]# ss -s
Total: 195 (kernel 264)
TCP:   16 (estab 8, closed 1, orphaned 0, synrecv 0, timewait 0/0), ports 0

Transport Total     IP        IPv6
*	  264       -         -        
RAW	  0         0         0        
UDP	  5         4         1        
TCP	  15        14        1        
INET	  20        18        2        
FRAG	  0         0         0

用法示例二：显示ESTAB相关的链接
class

 [root@admin test]# ss -tn
State      Recv-Q Send-Q                      Local Address:Port                                     Peer Address:Port              
ESTAB      0      0                          172.17.219.185:53328                                   100.100.30.26:80                 
ESTAB      0      0                          172.17.219.185:2233                                    222.65.55.232:50488              
ESTAB      0      52                         172.17.219.185:2233                                    222.65.55.232:51986              
ESTAB      0      0                          172.17.219.185:2233                                    222.65.55.232:53301              
ESTAB      0      0                          172.17.219.185:33964                                    47.99.169.39:443                
ESTAB      0      0                          172.17.219.185:33960                                    47.99.169.39:443                
ESTAB      0      0                          172.17.219.185:41384                                    47.99.169.39:80                 
ESTAB      0      0                          172.17.219.185:2233                                    222.65.55.232:50612

用法示例三：显示LISTEN相关的链接test

[root@admin test]# ss -tnl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      128       127.0.0.1:27017                         *:*                  
LISTEN      0      100               *:8009                          *:*                  
LISTEN      0      100               *:8080                          *:*                  
LISTEN      0      128               *:80                            *:*                  
LISTEN      0      128               *:2233                          *:*                  
LISTEN      0      1         127.0.0.1:8005                          *:*                  
LISTEN      0      128              :::8091                         :::*

用法示例四：只显示IPV4相关的链接（排除ipv6）

[root@admin test]# ss -tnl4
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      128       127.0.0.1:27017                         *:*                  
LISTEN      0      100               *:8009                          *:*                  
LISTEN      0      100               *:8080                          *:*                  
LISTEN      0      128               *:80                            *:*                  
LISTEN      0      128               *:2233                          *:*                  
LISTEN      0      1         127.0.0.1:8005                          *:*

特别注意点：能够经过Recv-Q和Send-Q判断进行的队列状态

当套接字处于链接状态（Established）时，

Recv-Q 表示套接字缓冲尚未被应用程序取走的字节数（即接收队列长度）。

而 Send-Q 表示尚未被远端主机确认的字节数（即发送队列长度）。

当套接字处于监听状态（Listening）时，

Recv-Q ：表示全链接队列当前使用了多少

Send-Q：表示全链接队列的最大值

注：此处接收、发送队列是套接字级的，非系统级的