用户名: 密码: 忘记密码? 注册

netstat & ss

作者:  时间: 2010-10-11
查问题!
表现在应用层,向下就是ports,sockets啥的了。
常用netstat 来排查问题, 其实有个SS也不错。
 

最大特点是快, 当你的系统有上万个tcp链接要了解的时候的时候, 你就知道我说什么了. netstat等常规工具变成废铁了, 这时候他的作用就非常明显了.

/proc interface is inadequate, unfortunately. When amount of sockets is enough large, netstat or even plain cat /proc/net/tcp/ cause nothing but pains and curses. In linux-2.4 the desease became worse: even if amount of sockets is small reading /proc/net/tcp/ is slow enough.

This utility presents a new approach, which is supposed to scale well. I am not going to describe technical details here and will concentrate on description of the command. The only important thing to say is that it is not so bad idea to load module tcp_diag, which can be found in directory Modules of iproute2. If you do not make this ss will work, but it falls back to /proc and becomes slow like netstat, well, a bit faster yet (see section “Some numbers”).

从技术上讲, 它主要是通过/proc来获取各种各样的统计信息. 特别是当处理tcp的时候用到了, tcp_diag功能. tcp_diag是tcp协议栈用于诊断和统计的一个模块, 用netfilter来获取第一手的信息的.  ss就用到了这个技术, 保证了信息的快捷获取.

这个软件是隶属于iproute包的,  用它可以了解下协议栈占用的内存, 每个链接的队列使用情况, 每个链接属于哪个进程.
而之前唯一能用的就是:

watch -n  1 'cat /proc/net/sockstat'

下面简单介绍下他的使用:

 
# ss --help
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, --help           this message
-V, --version        output version information
-n, --numeric        don't resolve service names
-r, --resolve       resolve host names
-a, --all            display all sockets
-l, --listening      display listening sockets
-o, --options       show timer information
-e, --extended      show detailed socket information
-m, --memory        show socket memory usage
-p, --processes      show process using socket
-i, --info           show internal TCP information
-s, --summary        show socket usage summary
  
-4, --ipv4          display only IP version 4 sockets
-6, --ipv6          display only IP version 6 sockets
-0, --packet display PACKET sockets
-t, --tcp            display only TCP sockets
-u, --udp            display only UDP sockets
-d, --dccp           display only DCCP sockets
-w, --raw            display only RAW sockets
-x, --unix           display only Unix domain sockets
-f, --family=FAMILY display sockets of type FAMILY
  
-A, --query=QUERY
QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
  
-F, --filter=FILE   read filter information from FILE
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
 
官方文档在这里:
 
 
顺便跟进一个科普性综合文章:
 
 
基本就齐活了!:) ENJOY!