问题
In linux, netstat command tells us information of active sockets in system.
I understand that netstat uses /proc/net/tcp to acquire the system network information.
Since netstat man page says that netstat is obsolete, so we should use 'ss'.
NOTE
This program is obsolete. Replacement for netstat is ss. Replacement
for netstat -r is ip route. Replacement for netstat -i is ip -s link.
Replacement for netstat -g is ip maddr.
I have discovered that ss performs similar functionality but it does not use
/proc/net/tcp to acquire system network information.
Now I am curious how ss gets system network socket information?
回答1:
It gets them from kernel space directly using Netlink which uses the classic sockets API.
回答2:
ss is included in iproute2 package and is the substitute of the netstat. ss is used to dump socket statistics. It shows information similar to netstat. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (compared to netstat) tool for tracking TCP connections and sockets.
回答3:
Check out the source for ss:
https://github.com/shemminger/iproute2/blob/master/misc/ss.c
Basically it directly queries the kernel and can respond much faster that netstat.
回答4:
ss is a utility used to investigate sockets in Linux and Unix systems. It shows information similar to netstat and able to dump socket statistics.
But netstat cannot be replaced full by ss. Some netstat commands correspond better to ip command.
$ netstat -r replaced by $ ip route
$ netstat -i replaced by $ ip -s lin
$ netstat -g replaced by $ ip maddr
I would say the "older" netstat command can be replaced with both ss and ip commands.
来源:https://stackoverflow.com/questions/11763376/difference-between-netstat-and-ss-in-linux