當前位置：首頁 > 运维知识 > linux >内容正文

linux

Linux指令--traceroute，netstat，ss

發布時間：2024/3/7 linux 37 豆豆

生活随笔收集整理的這篇文章主要介紹了 Linux指令--traceroute，netstat，ss 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

通過traceroute我們可以知道信息從你的計算機到互聯網另一端的主機是走的什么路徑。當然每次數據包由某一同樣的出發點（source）到達某一同樣的目的地(destination)走的路徑可能會不一樣，但基本上來說大部分時候所走的路由是相同的。linux系統中，我們稱之為traceroute,在MS?Windows中為tracert。?traceroute通過發送小的數據包到目的設備直到其返回，來測量其需要多長時間。一條路徑上的每個設備traceroute要測3次。輸出結果中包括每次測試的時間(ms)和設備的名稱（如有的話）及其IP地址。

在大多數情況下，我們會在linux主機系統下，直接執行命令行：

traceroute?hostname

而在Windows系統下是執行tracert的命令：

tracert?hostname

1.命令格式：

traceroute[參數][主機]

2.命令功能：

traceroute指令讓你追蹤網絡數據包的路由途徑，預設數據包大小是40Bytes，用戶可另行設置。

具體參數格式：traceroute?[-dFlnrvx][-f<存活數值>][-g<網關>...][-i<網絡界面>][-m<存活數值>][-p<通信端口>][-s<來源地址>][-t<服務類型>][-w<超時秒數>][主機名稱或IP地址][數據包大小]

3.命令參數：

-d?使用Socket層級的排錯功能。

-f?設置第一個檢測數據包的存活數值TTL的大小。

-F?設置勿離斷位。

-g?設置來源路由網關，最多可設置8個。

-i?使用指定的網絡界面送出數據包。

-I?使用ICMP回應取代UDP資料信息。

-m?設置檢測數據包的最大存活數值TTL的大小。

-n?直接使用IP地址而非主機名稱。

-p?設置UDP傳輸協議的通信端口。

-r?忽略普通的Routing?Table，直接將數據包送到遠端主機上。

-s?設置本地主機送出數據包的IP地址。

-t?設置檢測數據包的TOS數值。

-v?詳細顯示指令的執行過程。

-w?設置等待遠端主機回報的時間。

-x?開啟或關閉數據包的正確性檢驗。

4.使用實例：

實例1：traceroute?用法簡單、最常用的用法

命令：

traceroute?www.baidu.com?

輸出：

[root@localhost?~]#?traceroute?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.125),?30?hops?max,?40?byte?packets
?1??192.168.74.2?(192.168.74.2)??2.606?ms??2.771?ms??2.950?ms
?2??211.151.56.57?(211.151.56.57)??0.596?ms??0.598?ms??0.591?ms
?3??211.151.227.206?(211.151.227.206)??0.546?ms??0.544?ms??0.538?ms
?4??210.77.139.145?(210.77.139.145)??0.710?ms??0.748?ms??0.801?ms
?5??202.106.42.101?(202.106.42.101)??6.759?ms??6.945?ms??7.107?ms
?6??61.148.154.97?(61.148.154.97)??718.908?ms?*?bt-228-025.bta.net.cn?(202.106.228.25)??5.177?ms
?7??124.65.58.213?(124.65.58.213)??4.343?ms??4.336?ms??4.367?ms
?8??202.106.35.190?(202.106.35.190)??1.795?ms?61.148.156.138?(61.148.156.138)??1.899?ms??1.951?ms
?9??*?*?*
30??*?*?*
[root@localhost?~]#?

說明：

記錄按序列號從1開始，每個紀錄就是一跳?，每跳表示一個網關，我們看到每行有三個時間，單位是?ms，其實就是-q的默認參數。探測數據包向每個網關發送三個數據包后，網關響應后返回的時間；如果您用?traceroute?-q?4?www.58.com?，表示向每個網關發送4個數據包。

有時我們traceroute?一臺主機時，會看到有一些行是以星號表示的。出現這樣的情況，可能是防火墻封掉了ICMP的返回信息，所以我們得不到什么相關的數據包返回數據。

有時我們在某一網關處延時比較長，有可能是某臺網關比較阻塞，也可能是物理設備本身的原因。當然如果某臺DNS出現問題時，不能解析主機名、域名時，也會?有延時長的現象；您可以加-n?參數來避免DNS解析，以IP格式輸出數據。

如果在局域網中的不同網段之間，我們可以通過traceroute?來排查問題所在，是主機的問題還是網關的問題。如果我們通過遠程來訪問某臺服務器遇到問題時，我們用到traceroute?追蹤數據包所經過的網關，提交IDC服務商，也有助于解決問題；但目前看來在國內解決這樣的問題是比較困難的，就是我們發現問題所在，IDC服務商也不可能幫助我們解決。

實例2：跳數設置

命令：

traceroute?-m?10?www.baidu.com

輸出：

[root@localhost?~]#?traceroute?-m?10?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.105),?10?hops?max,?40?byte?packets
?1??192.168.74.2?(192.168.74.2)??1.534?ms??1.775?ms??1.961?ms
?2??211.151.56.1?(211.151.56.1)??0.508?ms??0.514?ms??0.507?ms
?3??211.151.227.206?(211.151.227.206)??0.571?ms??0.558?ms??0.550?ms
?4??210.77.139.145?(210.77.139.145)??0.708?ms??0.729?ms??0.785?ms
?5??202.106.42.101?(202.106.42.101)??7.978?ms??8.155?ms??8.311?ms
?6??bt-228-037.bta.net.cn?(202.106.228.37)??772.460?ms?bt-228-025.bta.net.cn?(202.106.228.25)??2.152?ms?61.148.154.97?(61.148.154.97)??772.107?ms
?7??124.65.58.221?(124.65.58.221)??4.875?ms?61.148.146.29?(61.148.146.29)??2.124?ms?124.65.58.221?(124.65.58.221)??4.854?ms
?8??123.126.6.198?(123.126.6.198)??2.944?ms?61.148.156.6?(61.148.156.6)??3.505?ms?123.126.6.198?(123.126.6.198)??2.885?ms
?9??*?*?*
10??*?*?*
[root@localhost?~]#

說明：

實例3：顯示IP地址，不查主機名

命令：

traceroute?-n?www.baidu.com

輸出：

[root@localhost?~]#?traceroute?-n?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.125),?30?hops?max,?40?byte?packets
?1??211.151.74.2??5.430?ms??5.636?ms??5.802?ms
?2??211.151.56.57??0.627?ms??0.625?ms??0.617?ms
?3??211.151.227.206??0.575?ms??0.584?ms??0.576?ms
?4??210.77.139.145??0.703?ms??0.754?ms??0.806?ms
?5??202.106.42.101??23.683?ms??23.869?ms??23.998?ms
?6??202.106.228.37??247.101?ms?*?*
?7??61.148.146.29??5.256?ms?124.65.58.213??4.386?ms??4.373?ms
?8??202.106.35.190??1.610?ms?61.148.156.138??1.786?ms?61.148.3.34??2.089?ms
?9??*?*?*
30??*?*?*
[root@localhost?~]#?traceroute?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.125),?30?hops?max,?40?byte?packets
?1??211.151.74.2?(211.151.74.2)??4.671?ms??4.865?ms??5.055?ms
?2??211.151.56.57?(211.151.56.57)??0.619?ms??0.618?ms??0.612?ms
?3??211.151.227.206?(211.151.227.206)??0.620?ms??0.642?ms??0.636?ms
?4??210.77.139.145?(210.77.139.145)??0.720?ms??0.772?ms??0.816?ms
?5??202.106.42.101?(202.106.42.101)??7.667?ms??7.910?ms??8.012?ms
?6??bt-228-025.bta.net.cn?(202.106.228.25)??2.965?ms??2.440?ms?61.148.154.97?(61.148.154.97)??431.337?ms
?7??124.65.58.213?(124.65.58.213)??5.134?ms??5.124?ms??5.044?ms
?8??202.106.35.190?(202.106.35.190)??1.917?ms??2.052?ms??2.059?ms
?9??*?*?*
30??*?*?*
[root@localhost?~]#?

說明：

實例4：探測包使用的基本UDP端口設置6888

命令：

traceroute?-p?6888?www.baidu.com

輸出：

[root@localhost?~]#?traceroute?-p?6888?www.baidu.com
traceroute?to?www.baidu.com?(220.181.111.147),?30?hops?max,?40?byte?packets
?1??211.151.74.2?(211.151.74.2)??4.927?ms??5.121?ms??5.298?ms
?2??211.151.56.1?(211.151.56.1)??0.500?ms??0.499?ms??0.509?ms
?3??211.151.224.90?(211.151.224.90)??0.637?ms??0.631?ms??0.641?ms
?4??*?*?*
?5??220.181.70.98?(220.181.70.98)??5.050?ms??5.313?ms??5.596?ms
?6??220.181.17.94?(220.181.17.94)??1.665?ms?!X?*?*
[root@localhost?~]#?

說明：

實例5：把探測包的個數設置為值4

命令：

traceroute?-q?4?www.baidu.com

輸出：

[root@localhost?~]#?traceroute?-q?4?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.125),?30?hops?max,?40?byte?packets
?1??211.151.74.2?(211.151.74.2)??40.633?ms??40.819?ms??41.004?ms??41.188?ms
?2??211.151.56.57?(211.151.56.57)??0.637?ms??0.633?ms??0.627?ms??0.619?ms
?3??211.151.227.206?(211.151.227.206)??0.505?ms??0.580?ms??0.571?ms??0.569?ms
?4??210.77.139.145?(210.77.139.145)??0.753?ms??0.800?ms??0.853?ms??0.904?ms
?5??202.106.42.101?(202.106.42.101)??7.449?ms??7.543?ms??7.738?ms??7.893?ms
?6??61.148.154.97?(61.148.154.97)??316.817?ms?bt-228-025.bta.net.cn?(202.106.228.25)??3.695?ms??3.672?ms?*
?7??124.65.58.213?(124.65.58.213)??3.056?ms??2.993?ms??2.960?ms?61.148.146.29?(61.148.146.29)??2.837?ms
?8??61.148.3.34?(61.148.3.34)??2.179?ms??2.295?ms??2.442?ms?202.106.35.190?(202.106.35.190)??7.136?ms
?9??*?*?*?*
30??*?*?*?*
[root@localhost?~]#?

說明：

實例6：繞過正常的路由表，直接發送到網絡相連的主機

命令：

?traceroute?-r?www.baidu.com

輸出：

[root@localhost?~]#?traceroute?-r?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.125),?30?hops?max,?40?byte?packets
connect:?網絡不可達
[root@localhost?~]#??

說明：

實例7：把對外發探測包的等待響應時間設置為3秒

命令：

traceroute?-w?3?www.baidu.com

輸出：

[root@localhost?~]#?traceroute?-w?3?www.baidu.com
traceroute?to?www.baidu.com?(61.135.169.105),?30?hops?max,?40?byte?packets
?1??211.151.74.2?(211.151.74.2)??2.306?ms??2.469?ms??2.650?ms
?2??211.151.56.1?(211.151.56.1)??0.621?ms??0.613?ms??0.603?ms
?3??211.151.227.206?(211.151.227.206)??0.557?ms??0.560?ms??0.552?ms
?4??210.77.139.145?(210.77.139.145)??0.708?ms??0.761?ms??0.817?ms
?5??202.106.42.101?(202.106.42.101)??7.520?ms??7.774?ms??7.902?ms
?6??bt-228-025.bta.net.cn?(202.106.228.25)??2.890?ms??2.369?ms?61.148.154.97?(61.148.154.97)??471.961?ms
?7??124.65.58.221?(124.65.58.221)??4.490?ms??4.483?ms??4.472?ms
?8??123.126.6.198?(123.126.6.198)??2.948?ms?61.148.156.6?(61.148.156.6)??7.688?ms??7.756?ms
?9??*?*?*
30??*?*?*
[root@localhost?~]#?

說明：

Traceroute的工作原理：

Traceroute最簡單的基本用法是：traceroute?hostname

Traceroute程序的設計是利用ICMP及IP?header的TTL（Time?To?Live）欄位（field）。首先，traceroute送出一個TTL是1的IP?datagram（其實，每次送出的為3個40字節的包，包括源地址，目的地址和包發出的時間標簽）到目的地，當路徑上的第一個路由器（router）收到這個datagram時，它將TTL減1。此時，TTL變為0了，所以該路由器會將此datagram丟掉，并送回一個「ICMP?time?exceeded」消息（包括發IP包的源地址，IP包的所有內容及路由器的IP地址），traceroute?收到這個消息后，便知道這個路由器存在于這個路徑上，接著traceroute?再送出另一個TTL是2?的datagram，發現第2?個路由器......?traceroute?每次將送出的datagram的TTL?加1來發現另一個路由器，這個重復的動作一直持續到某個datagram?抵達目的地。當datagram到達目的地后，該主機并不會送回ICMP?time?exceeded消息，因為它已是目的地了，那么traceroute如何得知目的地到達了呢？

Traceroute在送出UDP?datagrams到目的地時，它所選擇送達的port?number?是一個一般應用程序都不會用的號碼（30000?以上），所以當此UDP?datagram?到達目的地后該主機會送回一個「ICMP?port?unreachable」的消息，而當traceroute?收到這個消息時，便知道目的地已經到達了。所以traceroute?在Server端也是沒有所謂的Daemon?程式。

Traceroute提取發?ICMP?TTL到期消息設備的IP地址并作域名解析。每次?，Traceroute都打印出一系列數據,包括所經過的路由設備的域名及?IP地址,三個包每次來回所花時間。

windows之tracert:

格式：

tracert?[-d]?[-h?maximum_hops]?[-j?host-list]?[-w?timeout]?target_name

參數說明：

tracert?[-d]?[-h?maximum_hops]?[-j?computer-list]?[-w?timeout]?target_name

該診斷實用程序通過向目的地發送具有不同生存時間?(TL)?的?Internet?控制信息協議?(CMP)?回應報文，以確定至目的地的路由。路徑上的每個路由器都要在轉發該?ICMP?回應報文之前將其?TTL?值至少減?1，因此?TTL?是有效的跳轉計數。當報文的?TTL?值減少到?0?時，路由器向源系統發回?ICMP?超時信息。通過發送?TTL?為?1?的第一個回應報文并且在隨后的發送中每次將?TTL?值加?1，直到目標響應或達到最大?TTL?值，Tracert?可以確定路由。通過檢查中間路由器發發回的?ICMP?超時?(ime?Exceeded)?信息，可以確定路由器。注意，有些路由器“安靜”地丟棄生存時間?(TLS)?過期的報文并且對?tracert?無效。

參數：

-d?指定不對計算機名解析地址。

-h?maximum_hops?指定查找目標的跳轉的最大數目。

-jcomputer-list?指定在?computer-list?中松散源路由。

-w?timeout?等待由?timeout?對每個應答指定的毫秒數。

target_name?目標計算機的名稱。

實例：

C:\Users\Administrator>tracert?www.58.com

Tracing?route?to?www.58.com?[221.187.111.30]
over?a?maximum?of?30?hops:

??1?????1?ms?????1?ms?????1?ms??10.58.156.1
??2?????1?ms????<1?ms????<1?ms??10.10.10.1
??3?????1?ms?????1?ms?????1?ms??211.103.193.129
??4?????2?ms?????2?ms?????2?ms??10.255.109.129
??5?????1?ms?????1?ms?????3?ms??124.205.98.205
??6?????2?ms?????2?ms?????2?ms??124.205.98.253
??7?????2?ms?????6?ms?????1?ms??202.99.1.125
??8?????5?ms?????6?ms?????5?ms??118.186.0.113
??9???207?ms?????*????????*?????118.186.0.106
?10?????8?ms?????6?ms????11?ms??124.238.226.201
?11?????6?ms?????7?ms?????6?ms??219.148.19.177
?12????12?ms????12?ms????16?ms??219.148.18.117
?13????14?ms????17?ms????16?ms??219.148.19.125
?14????13?ms????13?ms????12?ms??202.97.80.113
?15?????*????????*????????*?????Request?timed?out.
?16????12?ms????12?ms????17?ms??bj141-147-82.bjtelecom.net?[219.141.147.82]
?17????13?ms????13?ms????12?ms??202.97.48.2
?18?????*????????*????????*?????Request?timed?out.
?19????14?ms????14?ms????12?ms??221.187.224.85
?20????15?ms????13?ms????12?ms??221.187.104.2
?21?????*????????*????????*?????Request?timed?out.
?22????15?ms????17?ms????18?ms??221.187.111.30

Trace?complete.

netstat命令用于顯示與IP、TCP、UDP和ICMP協議相關的統計數據，一般用于檢驗本機各端口的網絡連接情況。netstat是在內核中訪問網絡及相關信息的程序，它能提供TCP連接，TCP和UDP監聽，進程內存管理的相關報告。

如果你的計算機有時候接收到的數據報導致出錯數據或故障，你不必感到奇怪，TCP/IP可以容許這些類型的錯誤，并能夠自動重發數據報。但如果累計的出錯情況數目占到所接收的IP數據報相當大的百分比，或者它的數目正迅速增加，那么你就應該使用netstat查一查為什么會出現這些情況了。

1．命令格式：

netstat?[-acCeFghilMnNoprstuvVwx][-A<網絡類型>][--ip]

2．命令功能：

netstat用于顯示與IP、TCP、UDP和ICMP協議相關的統計數據，一般用于檢驗本機各端口的網絡連接情況。

3．命令參數：

-a或–all?顯示所有連線中的Socket。

-A<網絡類型>或–<網絡類型>?列出該網絡類型連線中的相關地址。

-c或–continuous?持續列出網絡狀態。

-C或–cache?顯示路由器配置的快取信息。

-e或–extend?顯示網絡其他相關信息。

-F或–fib?顯示FIB。

-g或–groups?顯示多重廣播功能群組組員名單。

-h或–help?在線幫助。

-i或–interfaces?顯示網絡界面信息表單。

-l或–listening?顯示監控中的服務器的Socket。

-M或–masquerade?顯示偽裝的網絡連線。

-n或–numeric?直接使用IP地址，而不通過域名服務器。

-N或–netlink或–symbolic?顯示網絡硬件外圍設備的符號連接名稱。

-o或–timers?顯示計時器。

-p或–programs?顯示正在使用Socket的程序識別碼和程序名稱。

-r或–route?顯示Routing?Table。

-s或–statistice?顯示網絡工作信息統計表。

-t或–tcp?顯示TCP傳輸協議的連線狀況。

-u或–udp?顯示UDP傳輸協議的連線狀況。

-v或–verbose?顯示指令執行過程。

-V或–version?顯示版本信息。

-w或–raw?顯示RAW傳輸協議的連線狀況。

-x或–unix?此參數的效果和指定”-A?unix”參數相同。

–ip或–inet?此參數的效果和指定”-A?inet”參數相同。

4．使用實例：

實例1：無參數使用

命令：

netstat

輸出：

[root@localhost?~]#?netstat
Active?Internet?connections?(w/o?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
tcp????????0????268?192.168.120.204:ssh?????????10.2.0.68:62420?????????????ESTABLISHED?
udp????????0??????0?192.168.120.204:4371????????10.58.119.119:domain????????ESTABLISHED?
Active?UNIX?domain?sockets?(w/o?servers)
Proto?RefCnt?Flags???????Type???????State?????????I-Node?Path
unix??2??????[?]?????????DGRAM????????????????????1491???@/org/kernel/udev/udevd
unix??4??????[?]?????????DGRAM????????????????????7337???/dev/log
unix??2??????[?]?????????DGRAM????????????????????708823?
unix??2??????[?]?????????DGRAM????????????????????7539???
unix??3??????[?]?????????STREAM?????CONNECTED?????7287???
unix??3??????[?]?????????STREAM?????CONNECTED?????7286???
[root@localhost?~]#

說明：

從整體上看，netstat的輸出結果可以分為兩個部分：

一個是Active?Internet?connections，稱為有源TCP連接，其中"Recv-Q"和"Send-Q"指的是接收隊列和發送隊列。這些數字一般都應該是0。如果不是則表示軟件包正在隊列中堆積。這種情況只能在非常少的情況見到。

另一個是Active?UNIX?domain?sockets，稱為有源Unix域套接口(和網絡套接字一樣，但是只能用于本機通信，性能可以提高一倍)。

Proto顯示連接使用的協議,RefCnt表示連接到本套接口上的進程號,Types顯示套接口的類型,State顯示套接口當前的狀態,Path表示連接到套接口的其它進程使用的路徑名。

套接口類型：

-t?：TCP

-u?：UDP

-raw?：RAW類型

--unix?：UNIX域類型

--ax25?：AX25類型

--ipx?：ipx類型

--netrom?：netrom類型

狀態說明：

LISTEN：偵聽來自遠方的TCP端口的連接請求

SYN-SENT：再發送連接請求后等待匹配的連接請求（如果有大量這樣的狀態包，檢查是否中招了）

SYN-RECEIVED：再收到和發送一個連接請求后等待對方對連接請求的確認（如有大量此狀態，估計被flood攻擊了）

ESTABLISHED：代表一個打開的連接

FIN-WAIT-1：等待遠程TCP連接中斷請求，或先前的連接中斷請求的確認

FIN-WAIT-2：從遠程TCP等待連接中斷請求

CLOSE-WAIT：等待從本地用戶發來的連接中斷請求

CLOSING：等待遠程TCP對連接中斷的確認

LAST-ACK：等待原來的發向遠程TCP的連接中斷請求的確認（不是什么好東西，此項出現，檢查是否被攻擊）

TIME-WAIT：等待足夠的時間以確保遠程TCP接收到連接中斷請求的確認

CLOSED：沒有任何連接狀態

? ? 實例2：列出所有端口

命令：

netstat?-a

輸出：

[root@localhost?~]#?netstat?-a
Active?Internet?connections?(servers?and?established)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
tcp????????0??????0?localhost:smux??????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:svn???????????????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:ssh???????????????????????*:*?????????????????????????LISTEN??????
tcp????????0????284?192.168.120.204:ssh?????????10.2.0.68:62420?????????????ESTABLISHED?
udp????????0??????0?localhost:syslog????????????*:*?????????????????????????????????????
udp????????0??????0?*:snmp??????????????????????*:*?????????????????????????????????????
Active?UNIX?domain?sockets?(servers?and?established)
Proto?RefCnt?Flags???????Type???????State?????????I-Node?Path
unix??2??????[?ACC?]?????STREAM?????LISTENING?????708833?/tmp/ssh-yKnDB15725/agent.15725
unix??2??????[?ACC?]?????STREAM?????LISTENING?????7296???/var/run/audispd_events
unix??2??????[?]?????????DGRAM????????????????????1491???@/org/kernel/udev/udevd
unix??4??????[?]?????????DGRAM????????????????????7337???/dev/log
unix??2??????[?]?????????DGRAM????????????????????708823?
unix??2??????[?]?????????DGRAM????????????????????7539???
unix??3??????[?]?????????STREAM?????CONNECTED?????7287???
unix??3??????[?]?????????STREAM?????CONNECTED?????7286???
[root@localhost?~]#?

說明：

顯示一個所有的有效連接信息列表，包括已建立的連接（ESTABLISHED），也包括監聽連接請（LISTENING）的那些連接。

? ? 實例3：顯示當前UDP連接狀況

命令：

netstat?-nu

輸出：

[root@andy?~]#?netstat?-nu
Active?Internet?connections?(w/o?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
udp????????0??????0?::ffff:192.168.12:53392?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:56723?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:56480?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:58154?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:44227?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:36954?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:53984?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:57703?????::ffff:192.168.9.120:10000??ESTABLISHED?
udp????????0??????0?::ffff:192.168.12:53613?????::ffff:192.168.9.120:10000??ESTABLISHED?
[root@andy?~]#?

說明：

? ? 實例4：顯示UDP端口號的使用情況

命令：

netstat?-apu

輸出：

[root@andy?~]#?netstat?-apu
Active?Internet?connections?(servers?and?established)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State???????PID/Program?name???
udp????????0??????0?*:57604?????????????????????*:*?????????????????????????????????????28094/java??????????
udp????????0??????0?*:40583?????????????????????*:*?????????????????????????????????????21220/java??????????
udp????????0??????0?*:45451?????????????????????*:*?????????????????????????????????????14583/java??????????
udp????????0??????0?::ffff:192.168.12:53392?????::ffff:192.168.9.120:ndmp???ESTABLISHED?19327/java??????????
udp????????0??????0?*:52370?????????????????????*:*?????????????????????????????????????15841/java??????????
udp????????0??????0?::ffff:192.168.12:56723?????::ffff:192.168.9.120:ndmp???ESTABLISHED?15841/java??????????
udp????????0??????0?*:44182?????????????????????*:*?????????????????????????????????????31757/java??????????
udp????????0??????0?*:48155?????????????????????*:*?????????????????????????????????????5476/java???????????
udp????????0??????0?*:59808?????????????????????*:*?????????????????????????????????????17333/java??????????
udp????????0??????0?::ffff:192.168.12:56480?????::ffff:192.168.9.120:ndmp???ESTABLISHED?28094/java??????????
udp????????0??????0?::ffff:192.168.12:58154?????::ffff:192.168.9.120:ndmp???ESTABLISHED?15429/java??????????
udp????????0??????0?*:36780?????????????????????*:*?????????????????????????????????????10091/java??????????
udp????????0??????0?*:36795?????????????????????*:*?????????????????????????????????????24594/java??????????
udp????????0??????0?*:41922?????????????????????*:*?????????????????????????????????????20506/java??????????
udp????????0??????0?::ffff:192.168.12:44227?????::ffff:192.168.9.120:ndmp???ESTABLISHED?17333/java??????????
udp????????0??????0?*:34258?????????????????????*:*?????????????????????????????????????8866/java???????????
udp????????0??????0?*:55508?????????????????????*:*?????????????????????????????????????11667/java??????????
udp????????0??????0?*:36055?????????????????????*:*?????????????????????????????????????12425/java??????????
udp????????0??????0?::ffff:192.168.12:36954?????::ffff:192.168.9.120:ndmp???ESTABLISHED?16532/java??????????
udp????????0??????0?::ffff:192.168.12:53984?????::ffff:192.168.9.120:ndmp???ESTABLISHED?20506/java??????????
udp????????0??????0?::ffff:192.168.12:57703?????::ffff:192.168.9.120:ndmp???ESTABLISHED?31757/java??????????
udp????????0??????0?::ffff:192.168.12:53613?????::ffff:192.168.9.120:ndmp???ESTABLISHED?3199/java???????????
udp????????0??????0?*:56309?????????????????????*:*?????????????????????????????????????15429/java??????????
udp????????0??????0?*:54007?????????????????????*:*?????????????????????????????????????16532/java??????????
udp????????0??????0?*:39544?????????????????????*:*?????????????????????????????????????3199/java???????????
udp????????0??????0?*:43900?????????????????????*:*?????????????????????????????????????19327/java??????????
[root@andy?~]#?

說明：

? ? 實例5：顯示網卡列表

命令：

netstat?-i

輸出：

[root@andy?~]#?netstat?-i
Kernel?Interface?table
Iface???????MTU?Met????RX-OK?RX-ERR?RX-DRP?RX-OVR????TX-OK?TX-ERR?TX-DRP?TX-OVR?Flg
eth0???????1500???0?151818887??????0??????0??????0?198928403??????0??????0??????0?BMRU
lo????????16436???0???107235??????0??????0??????0???107235??????0??????0??????0?LRU
[root@andy?~]#?

說明：

? ? 實例6：顯示組播組的關系

命令：

netstat?-g

輸出：

[root@andy?~]#?netstat?-g
IPv6/IPv4?Group?Memberships
Interface???????RefCnt?Group
---------------?------?---------------------
lo??????????????1??????all-systems.mcast.net
eth0????????????1??????all-systems.mcast.net
lo??????????????1??????ff02::1
eth0????????????1??????ff02::1:ffff:9b0c
eth0????????????1??????ff02::1
[root@andy?~]#?

說明：

? ?實例7：顯示網絡統計信息

命令：

netstat?-s

輸出：

[root@localhost?~]#?netstat?-s
Ip:
????530999?total?packets?received
????0?forwarded
????0?incoming?packets?discarded
????530999?incoming?packets?delivered
????8258?requests?sent?out
????1?dropped?because?of?missing?route
Icmp:
????90?ICMP?messages?received
????0?input?ICMP?message?failed.
????ICMP?input?histogram:
????????destination?unreachable:?17
????????echo?requests:?1
????????echo?replies:?72
????106?ICMP?messages?sent
????0?ICMP?messages?failed
????ICMP?output?histogram:
????????destination?unreachable:?8
????????echo?request:?97
????????echo?replies:?1
IcmpMsg:
????????InType0:?72
????????InType3:?17
????????InType8:?1
????????OutType0:?1
????????OutType3:?8
????????OutType8:?97
Tcp:
????8?active?connections?openings
????15?passive?connection?openings
????8?failed?connection?attempts
????3?connection?resets?received
????1?connections?established
????3132?segments?received
????2617?segments?send?out
????53?segments?retransmited
????0?bad?segments?received.
????252?resets?sent
Udp:
????0?packets?received
????0?packets?to?unknown?port?received.
????0?packet?receive?errors
????5482?packets?sent
TcpExt:
????1?invalid?SYN?cookies?received
????1?TCP?sockets?finished?time?wait?in?fast?timer
????57?delayed?acks?sent
????Quick?ack?mode?was?activated?50?times
????60?packets?directly?queued?to?recvmsg?prequeue.
????68?packets?directly?received?from?backlog
????4399?packets?directly?received?from?prequeue
????520?packets?header?predicted
????51?packets?header?predicted?and?directly?queued?to?user
????1194?acknowledgments?not?containing?data?received
????21?predicted?acknowledgments
????0?TCP?data?loss?events
????1?timeouts?after?reno?fast?retransmit
????9?retransmits?in?slow?start
????42?other?TCP?timeouts
????3?connections?aborted?due?to?timeout
IpExt:
????InBcastPkts:?527777

說明：

按照各個協議分別顯示其統計數據。如果我們的應用程序（如Web瀏覽器）運行速度比較慢，或者不能顯示Web頁之類的數據，那么我們就可以用本選項來查看一下所顯示的信息。我們需要仔細查看統計數據的各行，找到出錯的關鍵字，進而確定問題所在。

? ?實例8：顯示監聽的套接口

命令：

netstat?-l

輸出：

[root@localhost?~]#?netstat?-l
Active?Internet?connections?(only?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
tcp????????0??????0?localhost:smux??????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:svn???????????????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:ssh???????????????????????*:*?????????????????????????LISTEN??????
udp????????0??????0?localhost:syslog????????????*:*?????????????????????????????????????
udp????????0??????0?*:snmp??????????????????????*:*?????????????????????????????????????
Active?UNIX?domain?sockets?(only?servers)
Proto?RefCnt?Flags???????Type???????State?????????I-Node?Path
unix??2??????[?ACC?]?????STREAM?????LISTENING?????708833?/tmp/ssh-yKnDB15725/agent.15725
unix??2??????[?ACC?]?????STREAM?????LISTENING?????7296???/var/run/audispd_events
[root@localhost?~]#?

說明：

? ? 實例9：顯示所有已建立的有效連接

命令：

netstat?-n

輸出：

[root@localhost?~]#?netstat?-n
Active?Internet?connections?(w/o?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
tcp????????0????268?192.168.120.204:22??????????10.2.0.68:62420?????????????ESTABLISHED?
Active?UNIX?domain?sockets?(w/o?servers)
Proto?RefCnt?Flags???????Type???????State?????????I-Node?Path
unix??2??????[?]?????????DGRAM????????????????????1491???@/org/kernel/udev/udevd
unix??4??????[?]?????????DGRAM????????????????????7337???/dev/log
unix??2??????[?]?????????DGRAM????????????????????708823?
unix??2??????[?]?????????DGRAM????????????????????7539???
unix??3??????[?]?????????STREAM?????CONNECTED?????7287???
unix??3??????[?]?????????STREAM?????CONNECTED?????7286???
[root@localhost?~]#?

說明：

? ?實例10：顯示關于以太網的統計數據

命令：

netstat?-e

輸出：

[root@localhost?~]#?netstat?-e
Active?Internet?connections?(w/o?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State???????User???????Inode?????
tcp????????0????248?192.168.120.204:ssh?????????10.2.0.68:62420?????????????ESTABLISHED?root???????708795?????
Active?UNIX?domain?sockets?(w/o?servers)
Proto?RefCnt?Flags???????Type???????State?????????I-Node?Path
unix??2??????[?]?????????DGRAM????????????????????1491???@/org/kernel/udev/udevd
unix??4??????[?]?????????DGRAM????????????????????7337???/dev/log
unix??2??????[?]?????????DGRAM????????????????????708823?
unix??2??????[?]?????????DGRAM????????????????????7539???
unix??3??????[?]?????????STREAM?????CONNECTED?????7287???
unix??3??????[?]?????????STREAM?????CONNECTED?????7286???
[root@localhost?~]#

說明：

用于顯示關于以太網的統計數據。它列出的項目包括傳送的數據報的總字節數、錯誤數、刪除數、數據報的數量和廣播的數量。這些統計數據既有發送的數據報數量，也有接收的數據報數量。這個選項可以用來統計一些基本的網絡流量）

? ? 實例11：顯示關于路由表的信息

命令：

netstat?-r

輸出：

[root@localhost?~]#?netstat?-r
Kernel?IP?routing?table
Destination?????Gateway?????????Genmask?????????Flags???MSS?Window??irtt?Iface
192.168.120.0???*???????????????255.255.255.0???U?????????0?0??????????0?eth0
192.168.0.0?????192.168.120.1???255.255.0.0?????UG????????0?0??????????0?eth0
10.0.0.0????????192.168.120.1???255.0.0.0???????UG????????0?0??????????0?eth0
default?????????192.168.120.240?0.0.0.0?????????UG????????0?0??????????0?eth0
[root@localhost?~]#?

說明：

? ? 實例12：列出所有?tcp?端口

命令：

netstat?-at

輸出：

[root@localhost?~]#?netstat?-at
Active?Internet?connections?(servers?and?established)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State??????
tcp????????0??????0?localhost:smux??????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:svn???????????????????????*:*?????????????????????????LISTEN??????
tcp????????0??????0?*:ssh???????????????????????*:*?????????????????????????LISTEN??????
tcp????????0????284?192.168.120.204:ssh?????????10.2.0.68:62420?????????????ESTABLISHED?
[root@localhost?~]#

說明：

? ? 實例13：統計機器中網絡連接各個狀態個數

命令：

netstat?-a?|?awk?'/^tcp/?{++S[$NF]}?END?{for(a?in?S)?print?a,?S[a]}'

輸出：

[root@localhost?~]#?netstat?-a?|?awk?'/^tcp/?{++S[$NF]}?END?{for(a?in?S)?print?a,?S[a]}'
ESTABLISHED?1
LISTEN?3
[root@localhost?~]#?

說明：

? ? 實例14：把狀態全都取出來后使用uniq?-c統計后再進行排序

命令：

netstat?-nat?|awk?'{print?$6}'|sort|uniq?-c

輸出：

[root@andy?~]#?netstat?-nat?|awk?'{print?$6}'|sort|uniq?-c
?????14?CLOSE_WAIT
??????1?established)
????578?ESTABLISHED
??????1?Foreign
?????43?LISTEN
??????5?TIME_WAIT
[root@andy?~]#?netstat?-nat?|awk?'{print?$6}'|sort|uniq?-c|sort?-rn
????576?ESTABLISHED
?????43?LISTEN
?????14?CLOSE_WAIT
??????5?TIME_WAIT
??????1?Foreign
??????1?established)
[root@andy?~]#

說明：

? ? 實例15：查看連接某服務端口最多的的IP地址

命令：

netstat?-nat?|?grep?"192.168.120.20:16067"?|awk?'{print?$5}'|awk?-F:?'{print?$4}'|sort|uniq?-c|sort?-nr|head?-20

輸出：

[root@andy?~]#?netstat?-nat?|?grep?"192.168.120.20:16067"?|awk?'{print?$5}'|awk?-F:?'{print?$4}'|sort|uniq?-c|sort?-nr|head?-20
??????8?10.2.1.68
??????7?192.168.119.13
??????6?192.168.119.201
??????6?192.168.119.20
??????6?192.168.119.10
??????4?10.2.1.199
??????3?10.2.1.207
??????2?192.168.120.20
??????2?192.168.120.15
??????2?192.168.119.197
??????2?192.168.119.11
??????2?10.2.1.206
??????2?10.2.1.203
??????2?10.2.1.189
??????2?10.2.1.173
??????1?192.168.120.18
??????1?192.168.119.19
??????1?10.2.2.227
??????1?10.2.2.138
??????1?10.2.1.208
[root@andy?~]#?

說明：

? ? 實例16：找出程序運行的端口

命令：

netstat?-ap?|?grep?ssh

輸出：

[root@andy?~]#?netstat?-ap?|?grep?ssh
tcp????????0??????0?*:ssh???????????????????????*:*?????????????????????????LISTEN??????2570/sshd???????????
tcp????????0??????0?::ffff:192.168.120.206:ssh??::ffff:10.2.1.205:54508?????ESTABLISHED?13883/14????????????
tcp????????0??????0?::ffff:192.168.120.206:ssh??::ffff:10.2.0.68:62886??????ESTABLISHED?20900/6?????????????
tcp????????0??????0?::ffff:192.168.120.206:ssh??::ffff:10.2.2.131:52730?????ESTABLISHED?20285/sshd:?root@no?
unix??2??????[?ACC?]?????STREAM?????LISTENING?????194494461?20900/6?????????????/tmp/ssh-cXIJj20900/agent.20900
unix??3??????[?]?????????STREAM?????CONNECTED?????194307443?20285/sshd:?root@no?
unix??3??????[?]?????????STREAM?????CONNECTED?????194307441?20285/sshd:?root@no?
[root@andy?~]#?

說明：

? ? 實例17：在?netstat?輸出中顯示?PID?和進程名稱

命令：

netstat?-pt

輸出：

[root@localhost?~]#?netstat?-pt
Active?Internet?connections?(w/o?servers)
Proto?Recv-Q?Send-Q?Local?Address???????????????Foreign?Address?????????????State???????PID/Program?name???
tcp????????0????248?192.168.120.204:ssh?????????10.2.0.68:62420?????????????ESTABLISHED?15725/0?????????????
[root@localhost?~]#?

說明：

netstat?-p?可以與其它開關一起使用，就可以添加?“PID/進程名稱”?到?netstat?輸出中，這樣?debugging?的時候可以很方便的發現特定端口運行的程序。

? ? 實例18：找出運行在指定端口的進程

命令：

netstat?-anpt?|?grep?':16064'

輸出：

[root@andy?~]#?netstat?-anpt?|?grep?':16064'
tcp????????0??????0?:::16064????????????????????:::*????????????????????????LISTEN??????24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:192.168.119.201:6462?ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:192.168.119.20:26341?ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:192.168.119.20:32208?ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:192.168.119.20:32207?ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:51303??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:51302??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:50020??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:50019??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:56155??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:50681??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:50680??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:52136??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:56989??????ESTABLISHED?24594/java??????????
tcp????????0??????0?::ffff:192.168.120.20:16064?::ffff:10.2.1.68:56988??????ESTABLISHED?24594/java??????????
[root@andy?~]#?

說明：

運行在端口16064的進程id為24596，再通過ps命令就可以找到具體的應用程序了。

ss是Socket?Statistics的縮寫。顧名思義，ss命令可以用來獲取socket統計信息，它可以顯示和netstat類似的內容。但ss的優勢在于它能夠顯示更多更詳細的有關TCP和連接狀態的信息，而且比netstat更快速更高效。

當服務器的socket連接數量變得非常大時，無論是使用netstat命令還是直接cat?/proc/net/tcp，執行速度都會很慢。可能你不會有切身的感受，但請相信我，當服務器維持的連接達到上萬個的時候，使用netstat等于浪費?生命，而用ss才是節省時間。

天下武功唯快不破。ss快的秘訣在于，它利用到了TCP協議棧中tcp_diag。tcp_diag是一個用于分析統計的模塊，可以獲得Linux?內核中第一手的信息，這就確保了ss的快捷高效。當然，如果你的系統中沒有tcp_diag，ss也可以正常運行，只是效率會變得稍慢。（但仍然比?netstat要快。）

1.命令格式:

ss?[參數]

ss?[參數]?[過濾]

2.命令功能：

ss(Socket?Statistics的縮寫)命令可以用來獲取?socket統計信息，此命令輸出的結果類似于?netstat輸出的內容，但它能顯示更多更詳細的?TCP連接狀態的信息，且比?netstat?更快速高效。它使用了?TCP協議棧中?tcp_diag（是一個用于分析統計的模塊），能直接從獲得第一手內核信息，這就使得?ss命令快捷高效。在沒有?tcp_diag，ss也可以正常運行。

3.命令參數：

-h,?--help 幫助信息

-V,?--version 程序版本信息

-n,?--numeric 不解析服務名稱

-r,?--resolve????????解析主機名

-a,?--all 顯示所有套接字（sockets）

-l,?--listening 顯示監聽狀態的套接字（sockets）

-o,?--options????????顯示計時器信息

-e,?--extended???????顯示詳細的套接字（sockets）信息

-m,?--memory?????????顯示套接字（socket）的內存使用情況

-p,?--processes 顯示使用套接字（socket）的進程

-i,?--info 顯示?TCP內部信息

-s,?--summary 顯示套接字（socket）使用概況

-4,?--ipv4???????????僅顯示IPv4的套接字（sockets）

-6,?--ipv6???????????僅顯示IPv6的套接字（sockets）

-0,?--packet ????????顯示?PACKET?套接字（socket）

-t,?--tcp 僅顯示?TCP套接字（sockets）

-u,?--udp 僅顯示?UCP套接字（sockets）

-d,?--dccp 僅顯示?DCCP套接字（sockets）

-w,?--raw 僅顯示?RAW套接字（sockets）

-x,?--unix 僅顯示?Unix套接字（sockets）

-f,?--family=FAMILY??顯示?FAMILY類型的套接字（sockets），FAMILY可選，支持??unix,?inet,?inet6,?link,?netlink

-A,?--query=QUERY,?--socket=QUERY

??????QUERY?:=?{all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]

-D,?--diag=FILE?????將原始TCP套接字（sockets）信息轉儲到文件

?-F,?--filter=FILE???從文件中都去過濾器信息

???????FILTER?:=?[?state?TCP-STATE?]?[?EXPRESSION?]

4.使用實例：

實例1：顯示TCP連接

命令：

ss?-t?-a

輸出：

[root@localhost?~]#?ss?-t?-a
State??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
LISTEN?????0??????0?????????????????????????????????????????127.0.0.1:smux???????????????????????????????????????????????*:*???????
LISTEN?????0??????0?????????????????????????????????????????????????*:3690???????????????????????????????????????????????*:*???????
LISTEN?????0??????0?????????????????????????????????????????????????*:ssh????????????????????????????????????????????????*:*???????
ESTAB??????0??????0???????????????????????????????????192.168.120.204:ssh????????????????????????????????????????10.2.0.68:49368???
[root@localhost?~]#?

說明：

實例2：顯示?Sockets?摘要

命令：

ss?-s

輸出：

[root@localhost?~]#?ss?-s
Total:?34?(kernel?48)
TCP:???4?(estab?1,?closed?0,?orphaned?0,?synrecv?0,?timewait?0/0),?ports?3

Transport?Total?????IP????????IPv6
*?????????48????????-?????????-????????
RAW???????0?????????0?????????0????????
UDP???????5?????????5?????????0????????
TCP???????4?????????4?????????0????????
INET??????9?????????9?????????0????????
FRAG??????0?????????0?????????0????????

[root@localhost?~]#?

說明：

列出當前的established,?closed,?orphaned?and?waiting?TCP?sockets

實例3：列出所有打開的網絡連接端口

命令：

ss?-l

輸出：

[root@localhost?~]#?ss?-l
Recv-Q?Send-Q?????????????????????????????????????Local?Address:Port?????????????????????????????????????????Peer?Address:Port???
0??????0??????????????????????????????????????????????127.0.0.1:smux????????????????????????????????????????????????????*:*???????
0??????0??????????????????????????????????????????????????????*:3690????????????????????????????????????????????????????*:*???????
0??????0??????????????????????????????????????????????????????*:ssh?????????????????????????????????????????????????????*:*???????
[root@localhost?~]#??

說明：

實例4：查看進程使用的socket

命令：

ss?-pl

輸出：

[root@localhost?~]#?ss?-pl
Recv-Q?Send-Q?????????????????????????????????????Local?Address:Port?????????????????????????????????????????Peer?Address:Port???
0??????0??????????????????????????????????????????????127.0.0.1:smux????????????????????????????????????????????????????*:*????????users:(("snmpd",2716,8))
0??????0??????????????????????????????????????????????????????*:3690????????????????????????????????????????????????????*:*????????users:(("svnserve",3590,3))
0??????0??????????????????????????????????????????????????????*:ssh?????????????????????????????????????????????????????*:*????????users:(("sshd",2735,3))
[root@localhost?~]#

說明：

實例5：找出打開套接字/端口應用程序

命令：

ss?-lp?|?grep?3306

輸出：

[root@localhost?~]#?ss?-lp|grep?1935
0??????0????????????????????????????*:1935??????????????????????????*:*????????users:(("fmsedge",2913,18))
0??????0????????????????????127.0.0.1:19350?????????????????????????*:*????????users:(("fmsedge",2913,17))
[root@localhost?~]#?ss?-lp|grep?3306
0??????0????????????????????????????*:3306??????????????????????????*:*????????users:(("mysqld",2871,10))
[root@localhost?~]#?

說明：

實例6：顯示所有UDP?Sockets

命令：

ss?-u?-a

輸出：

[root@localhost?~]#?ss?-u?-a
State??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
UNCONN?????0??????0?????????????????????????????????????????127.0.0.1:syslog?????????????????????????????????????????????*:*???????
UNCONN?????0??????0?????????????????????????????????????????????????*:snmp???????????????????????????????????????????????*:*???????
ESTAB??????0??????0???????????????????????????????????192.168.120.203:39641??????????????????????????????????10.58.119.119:domain?
[root@localhost?~]#

說明：

實例7：顯示所有狀態為established的SMTP連接

命令：

ss?-o?state?established?'(?dport?=?:smtp?or?sport?=?:smtp?)'?

輸出：

[root@localhost?~]#?ss?-o?state?established?'(?dport?=?:smtp?or?sport?=?:smtp?)'?
Recv-Q?Send-Q?????????????????????????????????????Local?Address:Port?????????????????????????????????????????Peer?Address:Port???
[root@localhost?~]#

說明：

實例8：顯示所有狀態為Established的HTTP連接

命令：

ss?-o?state?established?'(?dport?=?:http?or?sport?=?:http?)'?

輸出：

[root@localhost?~]#?ss?-o?state?established?'(?dport?=?:http?or?sport?=?:http?)'?
Recv-Q?Send-Q?????????????????????????????????????Local?Address:Port?????????????????????????????????????????Peer?Address:Port???
0??????0??????????????????????????????????????????????75.126.153.214:2164????????????????????????????????????????192.168.10.42:http????
[root@localhost?~]#?

說明：

實例9：列舉出處于?FIN-WAIT-1狀態的源端口為?80或者?443，目標網絡為?193.233.7/24所有?tcp套接字

命令：

ss?-o?state?fin-wait-1?'(?sport?=?:http?or?sport?=?:https?)'?dst?193.233.7/24

輸出：

說明：

實例10：用TCP?狀態過濾Sockets:

命令：

ss?-4?state?FILTER-NAME-HERE?

ss?-6?state?FILTER-NAME-HERE

輸出：

[root@localhost?~]#ss?-4?state?closing?
Recv-Q?Send-Q??????????????????????????????????????????????????Local?Address:Port??????????????????????????????????????????????????????Peer?Address:Port?
1??????11094??????????????????????????????????????????????????75.126.153.214:http??????????????????????????????????????????????????????192.168.10.42:4669?

說明：

FILTER-NAME-HERE?可以代表以下任何一個：

established

syn-sent

syn-recv

fin-wait-1

fin-wait-2

time-wait

closed

close-wait

last-ack

listen

closing

all?:?所有以上狀態

connected?:?除了listen?and?closed的所有狀態

synchronized?:所有已連接的狀態除了syn-sent

bucket?:?顯示狀態為maintained?as?minisockets,如：time-wait和syn-recv.

big?:?和bucket相反.

實例11：匹配遠程地址和端口號

命令：

ss?dst?ADDRESS_PATTERN

ss?dst?192.168.1.5

ss?dst?192.168.119.113:http?

ss?dst?192.168.119.113:smtp?

ss?dst?192.168.119.113:443

輸出：

[root@localhost?~]#?ss?dst?192.168.119.113
State??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:20229???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:61056???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:61623???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:60924???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16050????????????????????????????????192.168.119.113:43701???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16073????????????????????????????????192.168.119.113:32930???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16073????????????????????????????????192.168.119.113:49318???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:3844????
[root@localhost?~]#?ss?dst?192.168.119.113:http
State??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
[root@localhost?~]#?ss?dst?192.168.119.113:3844
State??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16014????????????????????????????????192.168.119.113:3844????
[root@localhost?~]#?

說明：

實例12：匹配本地地址和端口號

命令：

ss?src?ADDRESS_PATTERN

ss?src?192.168.119.103

ss?src?192.168.119.103:http

ss?src?192.168.119.103:80

ss?src?192.168.119.103:smtp

ss?src?192.168.119.103:25

輸出：

[root@localhost?~]#?ss?src?192.168.119.103:16021
State??????Recv-Q?Send-Q????????????????????????????????Local?Address:Port????????????????????????????????????Peer?Address:Port???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:63054???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:62894???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:63055???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:2274????
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:44784???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:7233????
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.103:58660???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021????????????????????????????????192.168.119.201:44822???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:56737???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:57487???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:56736???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:64652???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:56586???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:64653???
ESTAB??????0??????0???????????????????????????????????192.168.119.103:16021?????????????????????????????????????10.2.1.206:56587???
[root@localhost?~]#?

說明：

實例13：將本地或者遠程端口和一個數比較

命令：

ss?dport?OP?PORT?

ss?sport?OP?PORT

輸出：

[root@localhost?~]#?ss??sport?=?:http?
[root@localhost?~]#?ss??dport?=?:http?
[root@localhost?~]#?ss??dport?\>?:1024?
[root@localhost?~]#?ss??sport?\>?:1024?
[root@localhost?~]#?ss?sport?\<?:32000?
[root@localhost?~]#?ss??sport?eq?:22?
[root@localhost?~]#?ss??dport?!=?:22?
[root@localhost?~]#?ss??state?connected?sport?=?:http?
[root@localhost?~]#?ss?$?sport?=?:http?or?sport?=?:https?$?
[root@localhost?~]#?ss?-o?state?fin-wait-1?$?sport?=?:http?or?sport?=?:https?$?dst?192.168.1/24

說明：

ss?dport?OP?PORT?遠程端口和一個數比較；ss?sport?OP?PORT?本地端口和一個數比較。

OP?可以代表以下任意一個:?

<=?or?le?:?小于或等于端口號

>=?or?ge?:?大于或等于端口號

==?or?eq?:?等于端口號

!=?or?ne?:?不等于端口號

<?or?gt?:?小于端口號

>?or?lt?:?大于端口號

實例14：ss?和?netstat?效率對比

命令：

time?netstat?-at

time?ss

輸出：

[root@localhost?~]#?time?ss???
real????0m0.739s
user????0m0.019s
sys?????0m0.013s
[root@localhost?~]#?
[root@localhost?~]#?time?netstat?-at
real????2m45.907s
user????0m0.063s
sys?????0m0.067s
[root@localhost?~]#

說明：

用time?命令分別獲取通過netstat和ss命令獲取程序和概要占用資源所使用的時間。在服務器連接數比較多的時候，netstat的效率完全沒法和ss比。

總結

以上是生活随笔為你收集整理的Linux指令--traceroute，netstat，ss的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇： python基本数_python--基本
下一篇：示波器怎么使用？