内容大纲
内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
1. ss命令概述
ss命令是Linux系统中的socket统计工具,它是netstat的替代品,提供了更快、更详细的网络连接信息。
from PG视频:www.itpux.com
# 显示网络连接:TCP、UDP连接
# 显示监听端口:监听套接字
# 显示进程信息:进程名和PID
# 显示过滤功能:按状态、端口、地址过滤
# 显示统计信息:连接统计
# 显示详细信息:连接详情
2. ss命令基本使用
使用ss命令查看网络信息。
学习交流加群风哥微信: itpux-com
# 1. 显示所有网络连接
[root@localhost ~]# ss -a
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 0 192.168.1.100:22 192.168.1.1:54321
tcp ESTAB 0 0 192.168.1.100:443 192.168.1.1:54322
tcp ESTAB 0 0 192.168.1.100:80 192.168.1.1:54323
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:443 0.0.0.0:*
tcp LISTEN 0 128 [::]:22 [::]:*
tcp LISTEN 0 128 [::]:80 [::]:*
tcp LISTEN 0 128 [::]:443 [::]:*
udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:123 0.0.0.0:*
# 2. 显示TCP连接
[root@localhost ~]# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.100:22 192.168.1.1:54321
ESTAB 0 0 192.168.1.100:443 192.168.1.1:54322
ESTAB 0 0 192.168.1.100:80 192.168.1.1:54323
# 3. 显示UDP连接
[root@localhost ~]# ss -u
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 0.0.0.0:68 0.0.0.0:*
UNCONN 0 0 0.0.0.0:123 0.0.0.0:*
# 4. 显示监听端口
[root@localhost ~]# ss -l
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:443 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:443 [::]:*
# 5. 显示进程信息
[root@localhost ~]# ss -p
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.100:22 192.168.1.1:54321 users:((“sshd”,pid=1235,fd=3))
ESTAB 0 0 192.168.1.100:443 192.168.1.1:54322 users:((“nginx”,pid=2345,fd=5))
ESTAB 0 0 192.168.1.100:80 192.168.1.1:54323 users:((“nginx”,pid=2345,fd=6))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:((“sshd”,pid=1234,fd=3))
LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:((“nginx”,pid=2345,fd=4))
LISTEN 0 128 0.0.0.0:443 0.0.0.0:* users:((“nginx”,pid=2345,fd=7))
LISTEN 0 128 [::]:22 [::]:* users:((“sshd”,pid=1234,fd=4))
LISTEN 0 128 [::]:80 [::]:* users:((“nginx”,pid=2345,fd=8))
LISTEN 0 128 [::]:443 [::]:* users:((“nginx”,pid=2345,fd=9))
UNCONN 0 0 0.0.0.0:68 0.0.0.0:* users:((“dhcpd”,pid=3456,fd=3))
UNCONN 0 0 0.0.0.0:123 0.0.0.0:* users:((“chronyd”,pid=4567,fd=3))
3. ss命令参数详解
风哥提示:
详解ss命令的各个参数。
# 1. 连接类型参数
# -a:显示所有连接
# -t:显示TCP连接
# -u:显示UDP连接
# -l:显示监听端口
# -n:不解析主机名和端口名
# -p:显示进程信息
# 2. 过滤参数
# -s:显示统计信息
# -o:显示定时器信息
# -e:显示扩展信息
# -m:显示内存信息
# -i:显示内部TCP信息
# 3. 其他参数
# -4:显示IPv4连接
# -6:显示IPv6连接
# -w:显示RAW套接字
# -x:显示UNIX套接字
# 查看详细参数说明
[root@localhost ~]# ss –help
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, –help this message
-V, –version output version information
-n, –numeric don’t resolve service names
-r, –resolve resolve host names
-a, –all display all sockets
-l, –listening display listening sockets
-o, –options show timer information
-e, –extended show detailed socket information
-m, –memory show socket memory usage
-p, –processes show process using socket
-i, –info show internal TCP information
-s, –summary show socket usage summary
-b, –bpf show bpf filter socket information
-E, –events continually display sockets as they are destroyed
-Z, –context display process SELinux security contexts
-z, –contexts display process and socket SELinux security contexts
-N, –net switch to the specified network namespace name
-4, –ipv4 display only IP version 4 sockets
-6, –ipv6 display only IP version 6 sockets
-0, –packet display PACKET sockets
-t, –tcp display TCP sockets
-u, –udp display UDP sockets
-d, –dccp display DCCP sockets
-w, –raw display RAW sockets
-x, –unix display Unix domain sockets
-F, –fib display FIB routing table
-K, –kill forcibly close sockets, display what was closed
4. ss命令高级功能
学习交流加群风哥QQ113257174
使用ss命令的高级功能。
# 1. 显示统计信息
[root@localhost ~]# ss -s
Total: 100
TCP: 10 (estab 3, closed 0, orphaned 0, timewait 0)
Transport Total IP IPv6
* 100 – –
RAW 0 0 0
UDP 2 2 0
TCP 10 8 2
INET 12 10 2
FRAG 0 0 0
# 2. 显示定时器信息
[root@localhost ~]# ss -o
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.100:22 192.168.1.1:54321 timer:(keepalive,117min,0)
ESTAB 0 0 192.168.1.100:443 192.168.1.1:54322 timer:(keepalive,119min,0)
ESTAB 0 0 192.168.1.100:80 192.168.1.1:54323 timer:(keepalive,118min,0)
# 3. 显示扩展信息
[root@localhost ~]# ss -e
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.100:22 192.168.1.1:54321 uid:0 ino:12345 sk:c0101234 <-> c0101235
ESTAB 0 0 192.168.1.100:443 192.168.1.1:54322 uid:0 ino:12346 sk:c0101236 <-> c0101237
ESTAB 0 0 192.168.1.100:80 192.168.1.1:54323 uid:0 ino:12347 sk:c0101238 <-> c0101239
# 4. 显示内存信息
[root@localhost ~]# ss -m
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.100:22 192.168.1.1:54321 skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0,d0)
ESTAB 0 0 192.168.1.100:443 192.168.1.1:54322 skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0,d0)
ESTAB 0 0 192.168.1.100:80 192.168.1.1:54323 skmem:(r0,rb87380,t0,tb16384,f0,w0,o0,bl0,d0)
# 5. 显示内部TCP信息
[root@localhost ~]# ss -i
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.100:22 192.168.1.1:54321 ts sack cubic wscale:7,7 rto:204 rtt:0.5/0.25 ato:40 mss:1448 pmtu:1500 rcvmss:536 advmss:1448 cwnd:10 ssthresh:20 bytes_acked:12345 bytes_received:6789 segs_out:123 segs_in:67 send 0.0Mbps lastsnd:500 lastrcv:500 lastack:500 pacing_rate 0.0Mbps delivery_rate 0.0Mbps app_limited busy:100ms rcv_rtt:0.5 rcv_space:1448 rcv_ssthresh:1448 min-rtt:0.5
ESTAB 0 0 192.168.1.100:443 192.168.1.1:54322 ts sack cubic wscale:7,7 rto:204 rtt:0.5/0.25 ato:40 mss:1448 pmtu:1500 rcvmss:536 advmss:1448 cwnd:10 ssthresh:20 bytes_acked:23456 bytes_received:7890 segs_out:234 segs_in:78 send 0.0Mbps lastsnd:500 lastrcv:500 lastack:500 pacing_rate 0.0Mbps delivery_rate 0.0Mbps app_limited busy:100ms rcv_rtt:0.5 rcv_space:1448 rcv_ssthresh:1448 min-rtt:0.5
ESTAB 0 0 192.168.1.100:80 192.168.1.1:54323 ts sack cubic wscale:7,7 rto:204 rtt:0.5/0.25 ato:40 mss:1448 pmtu:1500 rcvmss:536 advmss:1448 cwnd:10 ssthresh:20 bytes_acked:34567 bytes_received:8901 segs_out:345 segs_in:89 send 0.0Mbps lastsnd:500 lastrcv:500 lastack:500 pacing_rate 0.0Mbps delivery_rate 0.0Mbps app_limited busy:100ms rcv_rtt:0.5 rcv_space:1448 rcv_ssthresh:1448 min-rtt:0.5
# 6. 按状态过滤
[root@localhost ~]# ss state established
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 192.168.1.100:22 192.168.1.1:54321
0 0 192.168.1.100:443 192.168.1.1:54322
0 0 192.168.1.100:80 192.168.1.1:54323
# 7. 按端口过滤
[root@localhost ~]# ss -t ‘( sport = :22 or dport = :22 )’
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 192.168.1.100:22 192.168.1.1:54321
# 8. 按地址过滤
[root@localhost ~]# ss -t ‘dst 192.168.1.1’
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 192.168.1.100:22 192.168.1.1:54321
0 0 192.168.1.100:443 192.168.1.1:54322
0 0 192.168.1.100:80 192.168.1.1:54323
5. 实战案例
使用ss命令监控网络连接。
# 1. 查看所有网络连接
[root@localhost ~]# ss -anp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp ESTAB 0 0 192.168.1.100:22 192.168.1.1:54321 users:((“sshd”,pid=1235,fd=3))
tcp ESTAB 0 0 192.168.1.100:443 192.168.1.1:54322 users:((“nginx”,pid=2345,fd=5))
tcp ESTAB 0 0 192.168.1.100:80 192.168.1.1:54323 users:((“nginx”,pid=2345,fd=6))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:((“sshd”,pid=1234,fd=3))
tcp LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:((“nginx”,pid=2345,fd=4))
tcp LISTEN 0 128 0.0.0.0:443 0.0.0.0:* users:((“nginx”,pid=2345,fd=7))
tcp LISTEN 0 128 [::]:22 [::]:* users:((“sshd”,pid=1234,fd=4))
tcp LISTEN 0 128 [::]:80 [::]:* users:((“nginx”,pid=2345,fd=8))
tcp LISTEN 0 128 [::]:443 [::]:* users:((“nginx”,pid=2345,fd=9))
udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:* users:((“dhcpd”,pid=3456,fd=3))
udp UNCONN 0 0 0.0.0.0:123 0.0.0.0:* users:((“chronyd”,pid=4567,fd=3))
# 2. 查看监听端口
[root@localhost ~]# ss -tlnp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:((“sshd”,pid=1234,fd=3))
LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:((“nginx”,pid=2345,fd=4))
LISTEN 0 128 0.0.0.0:443 0.0.0.0:* users:((“nginx”,pid=2345,fd=7))
LISTEN 0 128 [::]:22 [::]:* users:((“sshd”,pid=1234,fd=4))
LISTEN 0 128 [::]:80 [::]:* users:((“nginx”,pid=2345,fd=8))
LISTEN 0 128 [::]:443 [::]:* users:((“nginx”,pid=2345,fd=9))
# 3. 创建监控脚本
[root@localhost ~]# cat > /usr/local/bin/ss-monitor.sh << 'EOF'
#!/bin/bash
# script.sh
# from:www.itpux.com.qq113257174.wx:itpux-com
# web: http://www.fgedu.net.cn
# ss监控脚本
LOG_FILE="/var/log/ss-monitor.log"
ALERT_EMAIL="admin@fgedu.net.cn"
# 记录日志函数
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" >> $LOG_FILE
}
# 检查TCP连接数
check_tcp_connections() {
TCP_COUNT=$(ss -t state established | wc -l)
if [ “$TCP_COUNT” -gt 1000 ]; then
log “WARNING: TCP connections count is ${TCP_COUNT}”
echo “TCP connections count is ${TCP_COUNT}” | mail -s “WARNING: TCP connections alert” $ALERT_EMAIL
fi
}
# 检查TIME_WAIT连接数
check_time_wait() {
TIME_WAIT_COUNT=$(ss -t state time-wait | wc -l)
if [ “$TIME_WAIT_COUNT” -gt 500 ]; then
log “WARNING: TIME_WAIT connections count is ${TIME_WAIT_COUNT}”
echo “TIME_WAIT connections count is ${TIME_WAIT_COUNT}” | mail -s “WARNING: TIME_WAIT alert” $ALERT_EMAIL
fi
}
# 检查监听端口
check_listening_ports() {
LISTENING_PORTS=$(ss -tlnp | grep LISTEN | awk ‘{print $4}’ | cut -d: -f2 | sort -u)
for port in $LISTENING_PORTS; do
log “Listening port: ${port}”
done
}
# 主函数
main() {
log “Starting ss monitoring…”
check_tcp_connections
check_time_wait
check_listening_ports
log “Ss monitoring completed.”
}
# 执行主函数
main
EOF
# 4. 设置脚本执行权限
[root@localhost ~]# chmod +x /usr/local/bin/ss-monitor.sh
# 5. 创建日志文件
[root@localhost ~]# touch /var/log/ss-monitor.log
[root@localhost ~]# chmod 644 /var/log/ss-monitor.log
# 6. 配置定时任务
[root@localhost ~]# echo “*/5 * * * * root /usr/local/bin/ss-monitor.sh” > /etc/cron.d/ss-monitor
# 7. 重启cron服务
[root@localhost ~]# systemctl restart crond
# 8. 测试监控脚本
[root@localhost ~]# /usr/local/bin/ss-monitor.sh
# 9. 查看日志
[root@localhost ~]# tail -f /var/log/ss-monitor.log
[2026-04-03 10:00:00] Starting ss monitoring…
[2026-04-03 10:00:01] Listening port: 22
[2026-04-03 10:00:02] Listening port: 80
[2026-04-03 10:00:03] Listening port: 443
[2026-04-03 10:00:04] Ss monitoring completed.
# 10. 配置日志轮转
[root@localhost ~]# cat > /etc/logrotate.d/ss-monitor << 'EOF'
/var/log/ss-monitor.log {
daily
rotate 7
compress
delaycompress
missingok
notifempty
create 0644 root root
}
EOF
# 11. 测试日志轮转
[root@localhost ~]# logrotate -f /etc/logrotate.d/ss-monitor
提示
ss是netstat的替代品,提供了更
更多学习教程公众号风哥教程itpux_com
快、更详细的网络连接信息。建议使用ss命令替代netstat进行网络监控。ss命令支持强大的过滤功能,可以快速查找特定连接。
