今天给大家要介绍一个笔者最近才接触到的命令ss, 这个命令其实并不冷门, 基本在ubuntu, centos的minimal安装模式下系统都会将ss集成到kernel系统内, 这个命令的优点在于比netstat返回的信息更加简单直观, 语法简洁实用, 而且执行效率更高.

以下就给大家介绍利用ss的一些常用语法去检查本地网络连接状态.

1. 列出所有连接(tcp, udp, unix socket)

$ ss | less
Netid  State      Recv-Q Send-Q   Local Address: Port       Peer Address: Port   
u_str  ESTAB      0      0                    * 15545                 * 15544  
u_str  ESTAB      0      0                    * 12240                 * 12241  
u_str  ESTAB      0      0      @/tmp/dbus-2hQdRvvg49 12726                 * 12159  
u_str  ESTAB      0      0                    * 11808                 * 11256  
u_str  ESTAB      0      0                    * 15204                 * 15205  
.....

2. 分别过滤出tcp, udp, unix连接

1). tcp连接

$ ss -t
State      Recv-Q Send-Q    Local Address:Port        Peer Address:Port   
ESTAB      0      0           192.168.1.2:43839     108.160.162.37:http    
ESTAB      0      0           192.168.1.2:43622     199.59.149.201:https   
ESTAB      0      0           192.168.1.2:33141      83.170.73.249:ircd    
ESTAB      0      0           192.168.1.2:54028     74.125.135.125:xmpp-client

默认 -t 用来显示"establish"或者"connected", 如果要显示"Listening"状态的信息需使用 -at 参数 

2). udp连接

$ ss -ua
State      Recv-Q Send-Q    Local Address:Port        Peer Address:Port   
UNCONN     0      0           192.168.1.2:48268                  *:*       
UNCONN     0      0           192.168.1.2:56575                  *:*       
UNCONN     0      0                     *:40309                  *:*       
UNCONN     0      0           192.168.1.2:56879                  *:*       
UNCONN     0      0                     *:49014                  *:*       
UNCONN     0      0           192.168.1.2:53124                  *:*       
UNCONN     0      0             127.0.1.1:domain                 *:*

3). unix连接

$ ss -x
Netid State      Recv-Q Send-Q          Local Address:Port              Peer Address:Port   
u_str ESTAB      0      0                           * 10415                        * 0      
u_str ESTAB      0      0                           * 10416                        * 0      
u_str ESTAB      0      0                           * 10420                        * 0  
...

3. 不解析域名连接

$ ss -nt
State      Recv-Q Send-Q      Local Address:Port        Peer Address:Port 
ESTAB      0      0             192.168.1.2:43839     108.160.162.37:80    
ESTAB      0      0             192.168.1.2:51350      74.125.200.84:443   
ESTAB      0      0             192.168.1.2:33141      83.170.73.249:6667  
ESTAB      0      0             192.168.1.2:54028     74.125.135.125:5222  
ESTAB      0      0             192.168.1.2:48156      66.196.120.44:5050

4. 显示"Listening" tcp socket 非主机名连接

$ ss -ltn
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      5                 127.0.1.1:53                       *:*     
LISTEN     0      128               127.0.0.1:631                      *:*     
LISTEN     0      128                     ::1:631                     :::*

若要显示utp连接则将t修改成u

5. 显示进程name和id

$ ss -ltp
State      Recv-Q Send-Q    Local Address:Port        Peer Address:Port   
LISTEN     0      100           127.0.0.1:smtp                   *:*       
LISTEN     0      128           127.0.0.1:9050                   *:*       
LISTEN     0      128                   *:90                     *:*       
LISTEN     0      128                   *:db-lsp                 *:*        users:(("dropbox",3566,32))
LISTEN     0      5             127.0.0.1:6600                   *:*       
LISTEN     0      128           127.0.0.1:9000                   *:*        users:(("php5-fpm",1620,0),("php5-fpm",1619,0))

6. 获取统计信息

$ ss -s
Total: 526 (kernel 0)
TCP:   10 (estab 7, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0

Transport Total     IP        IPv6
*	  0         -         -        
RAW	  0         0         0        
UDP	  15        9         6        
TCP	  10        9         1        
INET	  25        18        7        
FRAG	  0         0         0

7. 获取时间信息

$ ss -tn -o
State      Recv-Q Send-Q      Local Address:Port        Peer Address:Port 
ESTAB      0      0             192.168.1.2:43839     108.160.162.37:80    
ESTAB      0      0             192.168.1.2:36335     204.144.140.26:80     timer:(keepalive,26sec,0)
ESTAB      0      0             192.168.1.2:33141      83.170.73.249:6667  
ESTAB      0      0             192.168.1.2:58857      74.121.141.84:80     timer:(keepalive,23sec,0)
ESTAB      0      0             192.168.1.2:42794     173.194.40.239:80     timer:(keepalive,32sec,0)

8. 显示ipv4或者v6的连接

$ ss -tl -f inet
State      Recv-Q Send-Q    Local Address:Port        Peer Address:Port   
LISTEN     0      100           127.0.0.1:smtp                   *:*       
LISTEN     0      128           127.0.0.1:9050                   *:*       
LISTEN     0      128                   *:90                     *:*       
LISTEN     0      128                   *:db-lsp                 *:*       
LISTEN     0      5             127.0.0.1:6600                   *:*

$ ss -tl6
State      Recv-Q Send-Q    Local Address:Port        Peer Address:Port   
LISTEN     0      100                 ::1:smtp                  :::*       
LISTEN     0      128                  :::12865                 :::*       
LISTEN     0      128                  :::http                  :::*       
LISTEN     0      128                  :::ssh                   :::*       
LISTEN     0      128                 ::1:ipp                   :::*

9. 过滤tcp状态连接.

ss命令的好处在于可以过滤具体条件的连接, 常用的信息可以不需要额外利用管道符配合.

他的语法格式:

# ss [条件]  [状态过滤]  [地址过滤]

1). 显示所有ipv4 tcp connected状态的连接

$ ss -t4 state established
Recv-Q Send-Q         Local Address:Port             Peer Address:Port   
0      0                192.168.1.2:54436          165.193.246.23:https   
0      0                192.168.1.2:43386          173.194.72.125:xmpp-client 
0      0                192.168.1.2:38355           199.59.150.46:https   
0      0                192.168.1.2:56198          108.160.162.37:http

2). 显示所有ipv4 tcp time-wait状态的连接

$ ss -t4 state time-wait
Recv-Q Send-Q         Local Address:Port             Peer Address:Port   
0      0                192.168.1.2:42261           199.59.150.39:https   
0      0                  127.0.0.1:43541               127.0.0.1:2633

以下是其他可用的状态

 1. established
 2. syn-sent
 3. syn-recv
 4. fin-wait-1
 5. fin-wait-2
 6. time-wait
 7. closed
 8. close-wait 
 9. last-ack
 10. closing
 11. all - All of the above states
 12. connected - All the states except for listen and closed
 13. synchronized - All the connected states except for syn-sent
 14. bucket - Show states, which are maintained as minisockets, i.e. time-wait and syn-recv.
 15. big - Opposite to bucket state.

10. 通过地址和端口号过滤

除了socket过滤, ss也支持基于地址和端口号的过滤格式.

1). 显示所有源地址和目的地址都为ssh端口的socket连接.

$ ss -at '( dport = :ssh or sport = :ssh )'
State      Recv-Q Send-Q    Local Address:Port        Peer Address:Port   
LISTEN     0      128                   *:ssh                    *:*       
LISTEN     0      128                  :::ssh                   :::*

2). 目的端口为443或80的所有socket连接.

$ ss -nt '( dst :443 or dst :80 )'
State      Recv-Q Send-Q      Local Address:Port        Peer Address:Port 
ESTAB      0      0             192.168.1.2:58844      199.59.148.82:443   
ESTAB      0      0             192.168.1.2:55320     165.193.246.23:443   
ESTAB      0      0             192.168.1.2:56198     108.160.162.37:80    
ESTAB      0      0             192.168.1.2:54889    192.241.177.148:443   
ESTAB      0      0             192.168.1.2:39893      173.255.230.5:80    
ESTAB      0      0             192.168.1.2:33440      38.127.167.38:443

或者可以这么简写

$ ss -nt dst :443 or dst :80

更多例子:

# 通过地址过滤
$ ss -nt dst 74.125.236.178

# 简写子网过滤
$ ss -nt dst 74.125.236.178/16

# 地址和端口过滤
$ ss -nt dst 74.125.236.178:80

# 目的端口过滤
$ ss -nt dport = :80
State      Recv-Q Send-Q      Local Address:Port        Peer Address:Port 
ESTAB      0      0             192.168.1.2:56198     108.160.162.37:80    
ESTAB      0      0             192.168.1.2:39893      173.255.230.5:80    
ESTAB      0      0             192.168.1.2:55043     74.125.236.178:80

# 源地址为127.0.0.1且源端口大于5000的TCP连接
$ ss -nt src 127.0.0.1 sport gt :5000

# 本地smtp (port 25) socket连接
$ ss -ntlp sport eq :smtp

# 端口大于25的连接
$ ss -nt sport gt :25

# 目的地址端口小于100的连接
$ ss -nt dport \< :100

# 连接到远程80端口的连接
$ sudo ss -nt state connected dport = :80

总结

以上所有的例子基本上涵盖了所有ss的常用支持,  更多介绍可以使用man查看他的官方文档