ss--分析套接字實用工具

時間 2019-12-20

標籤分析實用工具简体版

原文原文鏈接

ss經常使用分析套接字相關的分析，功能和netstat相似，但比netstat速度更快、功能更多
bash

經常使用選項：tcp

-s：打印出統計信息
ide

-t：打印出tcp相關的信息（默認顯示ESTAB相的信息）
spa

-l：打印出listen相關的鏈接
隊列

-n：不解析域名、協議、端口號等
ip

-4：只顯示ipv4的鏈接
域名

用法示例一：顯示套接字鏈接統計信息it

[root@admin test]# ss -s
Total: 195 (kernel 264)
TCP:   16 (estab 8, closed 1, orphaned 0, synrecv 0, timewait 0/0), ports 0

Transport Total     IP        IPv6
*	  264       -         -        
RAW	  0         0         0        
UDP	  5         4         1        
TCP	  15        14        1        
INET	  20        18        2        
FRAG	  0         0         0

用法示例二：顯示ESTAB相關的鏈接
class

 [root@admin test]# ss -tn
State      Recv-Q Send-Q                      Local Address:Port                                     Peer Address:Port              
ESTAB      0      0                          172.17.219.185:53328                                   100.100.30.26:80                 
ESTAB      0      0                          172.17.219.185:2233                                    222.65.55.232:50488              
ESTAB      0      52                         172.17.219.185:2233                                    222.65.55.232:51986              
ESTAB      0      0                          172.17.219.185:2233                                    222.65.55.232:53301              
ESTAB      0      0                          172.17.219.185:33964                                    47.99.169.39:443                
ESTAB      0      0                          172.17.219.185:33960                                    47.99.169.39:443                
ESTAB      0      0                          172.17.219.185:41384                                    47.99.169.39:80                 
ESTAB      0      0                          172.17.219.185:2233                                    222.65.55.232:50612

用法示例三：顯示LISTEN相關的鏈接test

[root@admin test]# ss -tnl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      128       127.0.0.1:27017                         *:*                  
LISTEN      0      100               *:8009                          *:*                  
LISTEN      0      100               *:8080                          *:*                  
LISTEN      0      128               *:80                            *:*                  
LISTEN      0      128               *:2233                          *:*                  
LISTEN      0      1         127.0.0.1:8005                          *:*                  
LISTEN      0      128              :::8091                         :::*

用法示例四：只顯示IPV4相關的鏈接（排除ipv6）

[root@admin test]# ss -tnl4
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      128       127.0.0.1:27017                         *:*                  
LISTEN      0      100               *:8009                          *:*                  
LISTEN      0      100               *:8080                          *:*                  
LISTEN      0      128               *:80                            *:*                  
LISTEN      0      128               *:2233                          *:*                  
LISTEN      0      1         127.0.0.1:8005                          *:*

特別注意點：能夠經過Recv-Q和Send-Q判斷進行的隊列狀態

當套接字處於鏈接狀態（Established）時，

Recv-Q 表示套接字緩衝尚未被應用程序取走的字節數（即接收隊列長度）。

而 Send-Q 表示尚未被遠端主機確認的字節數（即發送隊列長度）。

當套接字處於監聽狀態（Listening）時，

Recv-Q ：表示全鏈接隊列當前使用了多少

Send-Q：表示全鏈接隊列的最大值

注：此處接收、發送隊列是套接字級的，非系統級的