• Home
  • Articles
    • 日志
    • 妍小言
    • 舒小书
    • 浩然说
    • 生活日记
  • All Tags

Linux指令ss学习

26 Jun 2018

Reading time ~2 minutes

Linux的ss指令用于查看网络链接的状态,主要用来查看TCP链接的状态,今天主要记录一下对该指令的学习和使用。

  • 使用方式:ss [ OPTIONS ] 和 ss [ OPTIONS ] [ FILTER ]
  • 获取帮助:ss -h
Usage: ss [ OPTIONS ]
       ss [ OPTIONS ] [ FILTER ]
   -h, --help          this message
   -V, --version       output version information
   -n, --numeric       don't resolve service names
   -r, --resolve       resolve host names
   -a, --all           display all sockets
   -l, --listening     display listening sockets
   -o, --options       show timer information
   -e, --extended      show detailed socket information
   -m, --memory        show socket memory usage
   -p, --processes     show process using socket
   -i, --info          show internal TCP information
   -s, --summary       show socket usage summary
   -b, --bpf           show bpf filter socket information
   -Z, --context       display process SELinux security contexts
   -z, --contexts      display process and socket SELinux security contexts
   -N, --net           switch to the specified network namespace name

   -4, --ipv4          display only IP version 4 sockets
   -6, --ipv6          display only IP version 6 sockets
   -0, --packet        display PACKET sockets
   -t, --tcp           display only TCP sockets
   -S, --sctp          display only SCTP sockets
   -u, --udp           display only UDP sockets
   -d, --dccp          display only DCCP sockets
   -w, --raw           display only RAW sockets
   -x, --unix          display only Unix domain sockets
   -f, --family=FAMILY display sockets of type FAMILY

   -A, --query=QUERY, --socket=QUERY
       QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink}[,QUERY]

   -D, --diag=FILE     Dump raw information about TCP sockets to FILE
   -F, --filter=FILE   read filter information from FILE
       FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
       STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES}
         TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listen|closing}
          connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
       synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
             bucket := {syn-recv|time-wait}
                big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listen|closing}
  • Filter使用方式:对state进行过滤,如上所描述的,可以使用所有单独的一种确定的TCP状态,如 ss -t state time-wait,也可以使用状态的合集,如:ss -t state bucket。
  • 表达式: filter后可跟表达式,也可单独使用表达式,表达式主要是用来对ip端口的判断,如 
    # 使用表达式
ss -t src 172.16.0.6
ss -t sport = :ssh
ss -t sport = :ssh and src 172.16.0.6
ss -t sport = :ssh and src 172.16.0.6 and dst 218.104.155.137 and dport = :60794
# 使用filter过滤状态 + 表达式
ss -t state established sport = :ssh and src 172.16.0.6 and dst 218.104.155.137 and dport = :60794

linuxtcp