使用ss代替netstat

ss

示例: 显示 Sockets 摘要
列出当前的established, closed, orphaned and waiting TCP sockets:
Total: 319 (kernel 325)
TCP:   75 (estab 16, closed 1, orphaned 0, synrecv 0, timewait 0/0), ports 69
Transport Total     IP        IPv6
*         325       –         –      
RAW       191       191       0      
UDP       6         6         0      
TCP       74        74        0      
INET      271       271       0      
FRAG      0         0         0 
示例: 列出所有打开的网络连接端口
Recv-Q Send-Q                                     Local Address:Port                                         Peer Address:Port 
0      0                                              127.0.0.1:smux                                                    *:*     
0      0                                                      *:8009                                                    *:*     
0      0                                                      *:rsync                                                   *:*     
0      0                                                      *:8080                                                    *:*     
0      0                                                      *:http                                                    *:*     
0      0                                                      *:ftp                                                     *:*     
0      0                                                       *:ssh                                                     *:*     
示例:显示所有TCP Sockets
# ss -t -a
示例:显示所有UDP Sockets
# ss -u -a
示例: 显示所有状态为established的SMTP连接
# ss -o state established ‘( dport = :smtp or sport = :smtp )’
示例: 显示所有状态为Established的HTTP连接
# ss -o state established ‘( dport = :http or sport = :http )’
示例: 查找本地所有连接到的进程 X Server
# ss -x src /tmp/.X11-unix/*
示例:列出所有状态为FIN-WAIT-1的Tcp Sockets
# ss -o state fin-wait-1 ‘( sport = :http or sport = :https )’ dst 202.54.1/24

怎样用TCP 状态过滤Sockets?
使用以下参数:
## tcp ipv4 ##
ss -4 state FILTER-NAME-HERE
## tcp ipv6 ##
ss -6 state FILTER-NAME-HERE 

FILTER-NAME-HERE 可以代表以下任何一个,
established
syn-sent
syn-recv
fin-wait-1
fin-wait-2
time-wait
closed
close-wait
last-ack
listen
closing
all : 所有以上状态
connected : 除了listen and closed的所有状态
synchronized :所有已连接的状态除了syn-sent
bucket : 显示状态为maintained as minisockets,如:time-wait和syn-recv.
big : 和bucket相反.
例子:
输入以下命令查看

怎样匹配远程地址和端口号?
使用以下参数:
#ss dst ADDRESS_PATTERN
## 显示所有连接到远程服务器192.168.1.31的端口##
#ss dst 192.168.1.31
## show all ports connected from remote 192.168.1.31:11212 port##
State      Recv-Q Send-Q                                Local Address:Port                                    Peer Address:Port 
ESTAB      0      0                                      192.168.1.28:58448                                   192.168.1.31:11212 
ESTAB      0      0                                      192.168.1.28:58449                                   192.168.1.31:11212 
ESTAB      0      0                                      192.168.1.28:58450                                   192.168.1.31:11212 
ESTAB      0      0                                      192.168.1.28:58451                                   192.168.1.31:11212 
ESTAB      0      0                                      192.168.1.28:58452                                   192.168.1.31:11212

怎样匹配本地地址和端口号?
#ss src ADDRESS_PATTERN
## Show all ports connected to local 182.168.1.28##
#ss src 182.168.1.28
## http (80) port only ##
#ss src 182.168.1.28:http #ss src 182.168.1.28:80
## smtp (25) port only ##
#ss src 182.168.1.28:ssh #ss src 182.168.1.28:22 

怎样将本地或者远程端口和一个数比较?
使用以下参数:
## 远程端口和一个数比较##
ss dport OP PORT
##本地端口和一个数比较 ##
sport OP PORT
OP 可以代表以下任意一个:
<= or le : 小于或等于端口号
>= or ge : 大于或等于端口号
== or eq : 等于端口号
!= or ne : 不等于端口号
< or gt : 小于端口号
> or lt : 大于端口号
注意: le, gt, eq, ne etc. are use in unix shell and are accepted as well.
### 注意字符问题 ###
#ss  sport = :http
#ss  dport = :http
#ss  dport \> :1024
#ss  sport \> :1024
#ss sport \< :32000
#ss  sport eq :22
#ss  dport != :22
#ss  state connected sport = :http
#ss \( sport = :http or sport = :https \)
#ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1/24

此条目发表在Knowledge分类目录。将固定链接加入收藏夹。