apk add iprout2
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, --help this message
-V, --version output version information
-n, --numeric don't resolve service names
-r, --resolve resolve host names
-a, --all display all sockets
-l, --listening display listening sockets
-o, --options show timer information
-e, --extended show detailed socket information
-m, --memory show socket memory usage
-p, --processes show process using socket
-i, --info show internal TCP information
--tipcinfo show internal tipc socket information
-s, --summary show socket usage summary
-b, --bpf show bpf filter socket information
-E, --events continually display sockets as they are destroyed
-Z, --context display process SELinux security contexts
-z, --contexts display process and socket SELinux security contexts
-N, --net switch to the specified network namespace name
-4, --ipv4 display only IP version 4 sockets
-6, --ipv6 display only IP version 6 sockets
-0, --packet display PACKET sockets
-t, --tcp display only TCP sockets
-S, --sctp display only SCTP sockets
-u, --udp display only UDP sockets
-d, --dccp display only DCCP sockets
-w, --raw display only RAW sockets
-x, --unix display only Unix domain sockets
--tipc display only TIPC sockets
--vsock display only vsock sockets
-f, --family=FAMILY display sockets of type FAMILY
FAMILY := {inet|inet6|link|unix|netlink|vsock|tipc|help}
-K, --kill forcibly close sockets, display what was closed
-H, --no-header Suppress header line
-A, --query=QUERY, --socket=QUERY
QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram|tipc}[,QUERY]
-D, --diag=FILE Dump raw information about TCP sockets to FILE
-F, --filter=FILE read filter information from FILE
FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES}
TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listening|closing}
connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
bucket := {syn-recv|time-wait}
big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listening|closing}
查看网络链接统计
命令:ss -s
# ss -s
Total: 8551
TCP: 5458 (estab 30, closed 5417, orphaned 5, timewait 1883)
Transport Total IP IPv6
RAW 0 0 0
UDP 1 1 0
TCP 41 41 0
INET 42 42 0
FRAG 0 0 0
在服务器产生大量链接的时候,可以通过这个命令宏观的查看链接状态。
查看打开的端口
命令:ss -l
# ss -l
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 rtnl:9501 *
nl UNCONN 0 0 rtnl:kernel *
nl UNCONN 768 0 tcpdiag:kernel *
nl UNCONN 4352 0 tcpdiag:ss/1301 *
nl UNCONN 0 0 xfrm:kernel *
nl UNCONN 0 0 fiblookup:kernel *
nl UNCONN 0 0 nft:kernel *
nl UNCONN 0 0 uevent:kernel *
nl UNCONN 0 0 genl:kernel *
udp UNCONN 0 0 127.0.0.11:40876 0.0.0.0:*
tcp LISTEN 0 1 0.0.0.0:30002 0.0.0.0:*
tcp LISTEN 0 100 0.0.0.0:9080 0.0.0.0:*
tcp LISTEN 0 50 0.0.0.0:5989 0.0.0.0:*
tcp LISTEN 0 128 127.0.0.11:33670 0.0.0.0:*
还可以使用 -pl
参数,会列出每个端口使用的进程名、pid:
users:(("java",pid=1,fd=4))
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
netns | | fou | macsec | tcp_metrics | token | netconf | ila |
vrf | sr }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-h[uman-readable] | -iec | -j[son] | -p[retty] |
-f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |
-4 | -6 | -I | -D | -M | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -br[ief] |
-o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |
-rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]}
显示网卡和IP地址
命令:ip link list
# ip link lis
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
7058: eth0@if7059: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:ac:14:00:06 brd ff:ff:ff:ff:ff:ff link-netnsid 0
显示路由
命令:ip route show
# ip route show
default via 172.20.0.1 dev eth0
172.20.0.0/16 dev eth0 proto kernel scope link src 172.20.0.6
显示ARP
命令:ip neigh shwo
# ip neigh show
172.20.0.8 dev eth0 lladdr 02:42:ac:14:00:08 REACHABLE
172.20.0.30 dev eth0 lladdr 02:42:ac:14:00:1e REACHABLE
172.20.0.5 dev eth0 lladdr 02:42:ac:14:00:05 REACHABLE
172.20.0.27 dev eth0 lladdr 02:42:ac:14:00:1b REACHABLE
172.20.0.2 dev eth0 lladdr 02:42:ac:14:00:02 REACHABLE
172.20.0.16 dev eth0 lladdr 02:42:ac:14:00:10 REACHABLE
172.20.0.9 dev eth0 lladdr 02:42:ac:14:00:09 REACHABLE
172.20.0.31 dev eth0 lladdr 02:42:ac:14:00:1f REACHABLE
172.20.0.20 dev eth0 lladdr 02:42:ac:14:00:14 REACHABLE
172.20.0.13 dev eth0 lladdr 02:42:ac:14:00:0d REACHABLE
172.20.0.3 dev eth0 lladdr 02:42:ac:14:00:03 REACHABLE
172.20.0.17 dev eth0 lladdr 02:42:ac:14:00:11 REACHABLE
172.20.0.7 dev eth0 lladdr 02:42:ac:14:00:07 REACHABLE
172.20.0.21 dev eth0 lladdr 02:42:ac:14:00:15 REACHABLE
172.20.0.14 dev eth0 lladdr 02:42:ac:14:00:0e REACHABLE
172.20.0.28 dev eth0 lladdr 02:42:ac:14:00:1c REACHABLE
172.20.0.18 dev eth0 lladdr 02:42:ac:14:00:12 REACHABLE
172.20.0.11 dev eth0 lladdr 02:42:ac:14:00:0b REACHABLE
172.20.0.25 dev eth0 lladdr 02:42:ac:14:00:19 REACHABLE
172.20.0.22 dev eth0 lladdr 02:42:ac:14:00:16 REACHABLE
172.20.0.15 dev eth0 lladdr 02:42:ac:14:00:0f REACHABLE
172.20.0.29 dev eth0 lladdr 02:42:ac:14:00:1d REACHABLE
172.20.0.32 dev eth0 lladdr 02:42:ac:14:00:20 REACHABLE
172.20.0.4 dev eth0 lladdr 02:42:ac:14:00:04 REACHABLE
172.20.0.1 dev eth0 lladdr 02:42:a3:cf:8b:1f REACHABLE
172.20.0.23 dev eth0 lladdr 02:42:ac:14:00:17 REACHABLE
Rules
命令:ip rule list
# ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default