ss -t -a # 显示TCP连接 ss -s # 显示 Sockets 摘要 ss -l # 列出所有打开的网络连接端口 ss -pl # 查看进程使用的socket ss -lp | grep 3306 # 找出打开套接字/端口应用程序 ss -u -a 显示所有UDP Sockets ss -o state established '( dport = :smtp or sport = :smtp )' # 显示所有状态为established的SMTP连接 ss -o state established '( dport = :http or sport = :http )' # 显示所有状态为Established的HTTP连接 ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24 # 列举出处于 FIN-WAIT-1状态的源端口为 80或者 443,目标网络为 193.233.7/24所有 tcp套接字
# ss 和 netstat 效率对比 time netstat -at time ss
# 匹配远程地址和端口号 # ss dst ADDRESS_PATTERN ss dst 192.168.1.5 ss dst 192.168.119.113:http ss dst 192.168.119.113:smtp ss dst 192.168.119.113:443
# 匹配本地地址和端口号 # ss src ADDRESS_PATTERN ss src 192.168.119.103 ss src 192.168.119.103:http ss src 192.168.119.103:80 ss src 192.168.119.103:smtp ss src 192.168.119.103:25
将本地或者远程端口和一个数比较
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
# ss dport OP PORT 远程端口和一个数比较; # ss sport OP PORT 本地端口和一个数比较 # OP 可以代表以下任意一个: # <= or le : 小于或等于端口号 # >= or ge : 大于或等于端口号 # == or eq : 等于端口号 # != or ne : 不等于端口号 # < or gt : 小于端口号 # > or lt : 大于端口号 ss sport = :http ss dport = :http ss dport \> :1024 ss sport \> :1024 ss sport \< :32000 ss sport eq :22 ss dport != :22 ss state connected sport = :http ss \( sport = :http or sport = :https \) ss -o state fin-wait-1 \( sport = :http or sport = :https \) dst 192.168.1/24
用TCP 状态过滤Sockets
1 2 3 4 5 6 7 8 9 10
ss -4 state closing # ss -4 state FILTER-NAME-HERE # ss -6 state FILTER-NAME-HERE # FILTER-NAME-HERE 可以代表以下任何一个: # established、 syn-sent、 syn-recv、 fin-wait-1、 fin-wait-2、 time-wait、 closed、 close-wait、 last-ack、 listen、 closing、 # all : 所有以上状态 # connected : 除了listen and closed的所有状态 # synchronized :所有已连接的状态除了syn-sent # bucket : 显示状态为maintained as minisockets,如:time-wait和syn-recv. # big : 和bucket相反.
[foobar@localhost ~]$ sudo head -5 /etc/shadow Password: Sorry, user foobar is not allowed to execute '/usr/bin/head -5 /etc/shadow' as root on localhost.localdomain.
traceroute www.58.com traceroute to www.58.com (211.151.111.30), 30 hops max, 40 byte packets 1 unknown (192.168.2.1) 3.453 ms 3.801 ms 3.937 ms 2 221.6.45.33 (221.6.45.33) 7.768 ms 7.816 ms 7.840 ms 3 221.6.0.233 (221.6.0.233) 13.784 ms 13.827 ms 221.6.9.81 (221.6.9.81) 9.758 ms 4 221.6.2.169 (221.6.2.169) 11.777 ms 122.96.66.13 (122.96.66.13) 34.952 ms 221.6.2.53 (221.6.2.53) 41.372 ms 5 219.158.96.149 (219.158.96.149) 39.167 ms 39.210 ms 39.238 ms 6 123.126.0.194 (123.126.0.194) 37.270 ms 123.126.0.66 (123.126.0.66) 37.163 ms 37.441 ms 7 124.65.57.26 (124.65.57.26) 42.787 ms 42.799 ms 42.809 ms 8 61.148.146.210 (61.148.146.210) 30.176 ms 61.148.154.98 (61.148.154.98) 32.613 ms 32.675 ms 9 202.106.42.102 (202.106.42.102) 44.563 ms 44.600 ms 44.627 ms 10 210.77.139.150 (210.77.139.150) 53.302 ms 53.233 ms 53.032 ms 11 211.151.104.6 (211.151.104.6) 39.585 ms 39.502 ms 39.598 ms 12 211.151.111.30 (211.151.111.30) 35.161 ms 35.938 ms 36.005 ms
[root@localhost ~]# traceroute -m 10 www.baidu.com traceroute to www.baidu.com (61.135.169.105), 10 hops max, 40 byte packets 1 192.168.74.2 (192.168.74.2) 1.534 ms 1.775 ms 1.961 ms 2 211.151.56.1 (211.151.56.1) 0.508 ms 0.514 ms 0.507 ms 3 211.151.227.206 (211.151.227.206) 0.571 ms 0.558 ms 0.550 ms 4 210.77.139.145 (210.77.139.145) 0.708 ms 0.729 ms 0.785 ms 5 202.106.42.101 (202.106.42.101) 7.978 ms 8.155 ms 8.311 ms 6 bt-228-037.bta.net.cn (202.106.228.37) 772.460 ms bt-228-025.bta.net.cn (202.106.228.25) 2.152 ms 61.148.154.97 (61.148.154.97) 772.107 ms 7 124.65.58.221 (124.65.58.221) 4.875 ms 61.148.146.29 (61.148.146.29) 2.124 ms 124.65.58.221 (124.65.58.221) 4.854 ms 8 123.126.6.198 (123.126.6.198) 2.944 ms 61.148.156.6 (61.148.156.6) 3.505 ms 123.126.6.198 (123.126.6.198) 2.885 ms 9 * * * 10 * * *
pwck /etc/passwd user 'lp': directory '/var/spool/lpd' does not exist user 'news': directory '/var/spool/news' does not exist user 'uucp': directory '/var/spool/uucp' does not exist user 'www-data': directory '/var/www' does not exist user 'list': directory '/var/list' does not exist user 'irc': directory '/var/run/ircd' does not exist user 'gnats': directory '/var/lib/gnats' does not exist user 'nobody': directory '/nonexistent' does not exist user 'syslog': directory '/home/syslog' does not exist user 'couchdb': directory '/var/lib/couchdb' does not exist user 'speech-dispatcher': directory '/var/run/speech-dispatcher' does not exist user 'usbmux': directory '/home/usbmux' does not exist user 'haldaemon': directory '/var/run/hald' does not exist user 'pulse': directory '/var/run/pulse' does not exist user 'saned': directory '/home/saned' does not exist user 'hplip': directory '/var/run/hplip' does not exist pwck:无改变