简介
ss 是 Socket Statistics 的缩写。顾名思义, ss 命令可以用来获取 socket 统计信息,它可以显示和 netstat 类似的内容。 ss 的优势在于它能够显示更多更详细的有关 TCP 和连接状态的信息,而且比 netstat更快速更高效。
当服务器的 socket 连接数量变得非常大时,无论是使用 netstat 命令还是直接 cat /proc/net/tcp ,执行速度都会很慢。
ss 快的秘诀在于,它利用到了 TCP 协议栈中 tcp_diag **。 tcp_diag 是一个用于分析统计的模块,可以获得 Linux 内核中第一手**的信息,这就确保了 ss 的快捷高效。
常见命令参数
$ ss -help Usage: ss [ OPTIONS ] ss [ OPTIONS ] [ FILTER ] -h, --help this message -V, --version output version information -n, --numeric don't resolve service names -r, --resolve resolve host names -a, --all display all sockets -l, --listening display listening sockets -o, --options show timer information -e, --extended show detailed socket information -m, --memory show socket memory usage -p, --processes show process using socket -i, --info show internal TCP information --tipcinfo show internal tipc socket information -s, --summary show socket usage summary --tos show tos and priority information -b, --bpf show bpf filter socket information -E, --events continually display sockets as they are destroyed -Z, --context display process SELinux security contexts -z, --contexts display process and socket SELinux security contexts -N, --net switch to the specified network namespace name -4, --ipv4 display only IP version 4 sockets -6, --ipv6 display only IP version 6 sockets -0, --packet display PACKET sockets -t, --tcp display only TCP sockets -S, --sctp display only SCTP sockets -u, --udp display only UDP sockets -d, --dccp display only DCCP sockets -w, --raw display only RAW sockets -x, --unix display only Unix domain sockets --tipc display only TIPC sockets --vsock display only vsock sockets -f, --family=FAMILY display sockets of type FAMILY FAMILY := {inet|inet6|link|unix|netlink|vsock|tipc|xdp|help} -K, --kill forcibly close sockets, display what was closed -H, --no-header Suppress header line -O, --oneline socket's data printed on a single line -A, --query=QUERY, --socket=QUERY QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram|tipc}[,QUERY] -D, --diag=FILE Dump raw information about TCP sockets to FILE -F, --filter=FILE read filter information from FILE FILTER := [ state STATE-FILTER ] [ EXPRESSION ] STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES} TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listening|closing} connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing} synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing} bucket := {syn-recv|time-wait} big := {established|syn-sent|fin-wait-{1,2}|closed|close-
