netstat & ss

最大特点是快, 当你的系统有上万个tcp链接要了解的时候的时候, 你就知道我说什么了. netstat等常规工具变成废铁了, 这时候他的作用就非常明显了.

/proc interface is inadequate, unfortunately. When amount of sockets is enough large, netstat or even plain cat /proc/net/tcp/ cause nothing but pains and curses. In linux-2.4 the desease became worse: even if amount of sockets is small reading /proc/net/tcp/ is slow enough.

This utility presents a new approach, which is supposed to scale well. I am not going to describe technical details here and will concentrate on description of the command. The only important thing to say is that it is not so bad idea to load module tcp_diag, which can be found in directory Modules of iproute2. If you do not make this ss will work, but it falls back to /proc and becomes slow like netstat, well, a bit faster yet (see section “Some numbers”).

从技术上讲, 它主要是通过/proc来获取各种各样的统计信息. 特别是当处理tcp的时候用到了, tcp_diag功能. tcp_diag是tcp协议栈用于诊断和统计的一个模块, 用netfilter来获取第一手的信息的.  ss就用到了这个技术, 保证了信息的快捷获取.

这个软件是隶属于iproute包的,  用它可以了解下协议栈占用的内存, 每个链接的队列使用情况, 每个链接属于哪个进程.
而之前唯一能用的就是:

下面简单介绍下他的使用: