查看網路連線狀況的指令 ss

DAY 20

蠻可愛的指令與程式系列第 20 篇

鐵人賽蠻可愛的

一級屠豬士

2014-10-20 23:13:38

6756 瀏覽

分享至

一般Linux的書籍提到查看網路連線狀況,
通常會介紹netstat, 這是屬於 basic net-tools package.

ss 是屬於 iproute package,不見得標準安裝會裝,需要自行安裝.

ss 是 socket statistics 之意.

直接打 ss 就會列出目前連線(ESTAB)的tcp socket,
不像netstat 會列出一些系統使用的,其他用途的socket,
這樣對我們只想要了解網路連線狀況時,使用ss會較快,也方便.
避免過多的資訊,還要做過濾.

ss
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
ESTAB      0      0           192.168.1.101:53578      108.160.162.115:http    
ESTAB      0      0           192.168.1.101:42323       182.235.215.84:56539   
ESTAB      4550   0           192.168.1.101:52914        108.168.151.6:http    
ESTAB      4504   0           192.168.1.101:42824       173.192.82.195:http    
ESTAB      0      0           192.168.1.101:46969           64.4.61.84:https   
ESTAB      0      0           192.168.1.101:38663       219.85.169.113:10360   
ESTAB      0      0           192.168.1.101:40612        61.230.92.115:59072   
ESTAB      0      0           192.168.1.101:59662        157.55.56.173:40018   
ESTAB      0      0           192.168.1.101:34552       199.59.149.198:https   
ESTAB      0      0           192.168.1.101:53868       157.56.116.210:12350

ss 要查看 UNIX Socket也是可以的使用 ss -u 列出目前使用中的, ss -ua 也會把目前 UNCONN
未連線的也列出.

列出udp 所有連線可以用以下方式.

ss -a -A udp

列出目前本機有哪些在 listening的tcp port
可以用

ss -ltn
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      128                      :::111                     :::*     
LISTEN     0      128                       *:111                      *:*     
LISTEN     0      128                      :::80                      :::*     
LISTEN     0      128                       *:4369                     *:*     
LISTEN     0      50         ::ffff:127.0.0.1:7473                    :::*     
LISTEN     0      50         ::ffff:127.0.0.1:7474                    :::*     
LISTEN     0      128                       *:40789                    *:*     
LISTEN     0      128                      :::22                      :::*     
LISTEN     0      128                       *:22                       *:*     
LISTEN     0      100                       *:47543                    *:*     
LISTEN     0      128               127.0.0.1:5432                     *:*     
LISTEN     0      128                     ::1:5432                    :::*     
LISTEN     0      50         ::ffff:127.0.0.1:1337                    :::*     
LISTEN     0      128                      :::443                     :::*     
LISTEN     0      128                       *:17500                    *:*     
LISTEN     0      50                       :::58301                   :::*     
LISTEN     0      50                       :::2181                    :::*     
LISTEN     0      50                       :::60294                   :::*     
LISTEN     0      128               127.0.0.1:199                      *:*     
LISTEN     0      128                      :::39399                   :::*     
LISTEN     0      80                        *:3306                     *:*

要知道哪些process 在listening 可以用以下方式

ss -ltp
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
LISTEN     0      128                    :::sunrpc                  :::*       
LISTEN     0      128                     *:sunrpc                   *:*       
LISTEN     0      128                    :::http                    :::*       
LISTEN     0      128                     *:epmd                     *:*        users:(("epmd",18366,3))
LISTEN     0      50       ::ffff:127.0.0.1:rise                    :::*       
LISTEN     0      50       ::ffff:127.0.0.1:7474                    :::*       
LISTEN     0      128                     *:40789                    *:*       
LISTEN     0      128                    :::ssh                     :::*       
LISTEN     0      128                     *:ssh                      *:*       
LISTEN     0      100                     *:47543                    *:*        users:(("skype",3524,53))
LISTEN     0      128             127.0.0.1:postgres                  *:*       
LISTEN     0      128                   ::1:postgres                 :::*       
LISTEN     0      50       ::ffff:127.0.0.1:menandmice-dns                 :::*       
LISTEN     0      128                    :::https                   :::*       
LISTEN     0      128                     *:17500                    *:*        users:(("dropbox",3410,34))
LISTEN     0      50                     :::58301                   :::*       
LISTEN     0      50                     :::eforward                 :::*       
LISTEN     0      50                     :::60294                   :::*       
LISTEN     0      128             127.0.0.1:smux                     *:*       
LISTEN     0      128                    :::39399                   :::*       
LISTEN     0      80                      *:mysql                    *:*

可以看到有 mysql, postgres兩種資料庫, 因為ss幫我們把 3306 port與mysql對應了,
這樣子很方便.

socket狀況的統計,可以用 -s

ss -s
Total: 971 (kernel 1006)
TCP:   35 (estab 7, closed 7, orphaned 0, synrecv 0, timewait 0/0), ports 26

Transport Total     IP        IPv6
*	  1006      -         -        
RAW	  0         0         0        
UDP	  21        14        7        
TCP	  28        16        12       
INET	  49        30        19       
FRAG	  0         0         0

查看連線的時間,可以加上 -o

ss -tp -o
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
ESTAB      0      0           192.168.1.101:53578      108.160.162.115:http     users:(("dropbox",3410,20))
ESTAB      4776   0           192.168.1.101:52914        108.168.151.6:http     timer:(keepalive,5min16sec,0) users:(("firefox",3618,86))
ESTAB      4730   0           192.168.1.101:42824       173.192.82.195:http     timer:(keepalive,9min3sec,0) users:(("firefox",3618,100))
ESTAB      0      0           192.168.1.101:46969           64.4.61.84:https    users:(("skype",3524,102))
ESTAB      0      0           192.168.1.101:59662        157.55.56.173:40018    users:(("skype",3524,112))
ESTAB      0      0           192.168.1.101:34552       199.59.149.198:https    users:(("firefox",3618,66))
ESTAB      0      0           192.168.1.101:53868       157.56.116.210:12350    users:(("skype",3524,58))

查看哪些process在連線中

ss -p
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   
ESTAB      0      0           192.168.1.101:50779        50.31.164.188:http     users:(("firefox",3618,104))
ESTAB      0      0           192.168.1.101:51520       117.18.237.139:https    users:(("firefox",3618,83))
ESTAB      0      0           192.168.1.101:53578      108.160.162.115:http     users:(("dropbox",3410,20))
ESTAB      0      0           192.168.1.101:55018        96.126.98.110:http     users:(("firefox",3618,88))
ESTAB      4800   0           192.168.1.101:52914        108.168.151.6:http     users:(("firefox",3618,86))
ESTAB      0      0           192.168.1.101:58937       173.194.72.102:https    users:(("firefox",3618,87))
ESTAB      0      0           192.168.1.101:55019        96.126.98.110:http     users:(("firefox",3618,93))
ESTAB      4756   0           192.168.1.101:42824       173.192.82.195:http     users:(("firefox",3618,100))
ESTAB      0      0           192.168.1.101:46969           64.4.61.84:https    users:(("skype",3524,102))
ESTAB      0      0           192.168.1.101:44202       173.194.72.113:http     users:(("firefox",3618,96))
ESTAB      0      0           192.168.1.101:59662        157.55.56.173:40018    users:(("skype",3524,112))
ESTAB      0      0           192.168.1.101:51519       117.18.237.139:https    users:(("firefox",3618,77))
ESTAB      0      0           192.168.1.101:51521       117.18.237.139:https    users:(("firefox",3618,84))
ESTAB      0      0           192.168.1.101:34552       199.59.149.198:https    users:(("firefox",3618,66))
ESTAB      0      0           192.168.1.101:53868       157.56.116.210:12350    users:(("skype",3524,58))

ss提供了新的方式,讓我們對系統的連線狀況進行了解.