本文最后更新于2015年11月26日,已超过 1 年没有更新,如果文章内容失效,还请反馈给我,谢谢!



linux netstat vs. ss

$ man netstat
	This program is obsolete. Replacement for netstat is ss. Replacement for 'netstat -r' is 'ip route'. Replacement for 'netstat -i' is 'ip -s link'. Replacement for 'netstat -g' is 'ip maddr'.


ss is one another utility to investigate sockets. Functionally it is NOT better than netstat combined with some perl/awk scripts and though it is surely faster it is not enough to make it much better. 🙂 So, stop reading this now and do not waste your time. Well, certainly, it proposes some functionality, which current netstat is still not able to do, but surely will soon.

/proc interface is inadequate, unfortunately. When amount of sockets is enough large, netstat or even plain cat /proc/net/tcp/ cause nothing but pains and curses. In linux-2.4 the desease became worse: even if amount of sockets is small reading /proc/net/tcp/ is slow enough.

This utility presents a new approach, which is supposed to scale well. I am not going to describe technical details here and will concentrate on description of the command. The only important thing to say is that it is not so bad idea to load module tcp_diag, which can be found in directory Modules of iproute2. If you do not make this ss will work, but it falls back to/proc and becomes slow like netstat, well, a bit faster yet (see section “Some numbers“).



当服务器的socket连接数量变得非常大时,无论是使用netstat命令还是直接cat /proc/net/tcp,执行速度都会很慢。当服务器维持的连接达到上万个的时候,使用netstat等于浪费生命,而用ss才是节省时间。

天下武功唯快不破。ss快的秘诀在于,它利用到了TCP协议栈中tcp_diag。tcp_diag是一个用于分析统计的模块,可以获得 Linux 内核中第一手的信息,这就确保了ss的快捷高效。当然,如果你的系统中没有tcp_diag,ss也可以正常运行,只是效率会变得稍慢。(但仍然比 netstat 要快。)

$ ss -s

$ ss -l

# ss -a
如果只想查看TCP sockets,那么使用-ta选项;
如果只想查看UDP sockets,那么使用-ua选项;
如果只想查看RAW sockets,那么使用-wa选项;
如果只想查看UNIX sockets,那么使用-xa选项。


$ ss -ltn
$ ss -lun

$ sudo ss -tpl
$ sudo ss -nlp
$ sudo ss -plan
$ sudo ss -plant




声明: 除非注明,ixyzero.com文章均为原创,转载请以链接形式标明本文地址,谢谢!

6 thoughts on “Linux的netstat命令及它的替代者ss命令”

  1. ss命令默认使用tcp_diag模块直接从内核中获取信息,所以速度非常快:
    # grep –color -i “tcp_diag” /boot/config-$(uname -r)
    # lsmod
    Module Size Used by
    tcp_diag 1041 0
    inet_diag 8735 1 tcp_diag

    Linux API to determine sockets owned by a process
    首先查看对应进程pid打开了哪些socket文件(在 `/proc/$pid/fd/` 目录下链接到的文件类型为socket的);
    然后在 /proc/$pid/net/tcp 或 /proc/$pid/net/udp 文件里面根据上面显示的inode信息查看哪些socket被引用了。

  2. $ man netstat
    /etc/services — The services translation file

    /proc — Mount point for the proc filesystem, which gives access to kernel status information via the following files.

    /proc/net/dev — device information

    /proc/net/raw — raw socket information

    /proc/net/tcp — TCP socket information

    /proc/net/udp — UDP socket information

    /proc/net/udplite — UDPLite socket information

    /proc/net/igmp — IGMP multicast information

    /proc/net/unix — Unix domain socket information

    /proc/net/ipx — IPX socket information

    /proc/net/ax25 — AX25 socket information

    /proc/net/appletalk — DDP (appletalk) socket information

    /proc/net/nr — NET/ROM socket information

    /proc/net/route — IP routing information

    /proc/net/ax25_route — AX25 routing information

    /proc/net/ipx_route — IPX routing information

    /proc/net/nr_nodes — NET/ROM nodelist

    /proc/net/nr_neigh — NET/ROM neighbours

    /proc/net/ip_masquerade — masqueraded connections

    /proc/net/snmp — statistics


电子邮件地址不会被公开。 必填项已用*标注