问题
In linux, netstat command tells us information of active sockets in system.
I understand that netstat
uses /proc/net/tcp
to acquire the system network information.
Since netstat
man page says that netstat is obsolete, so we should use 'ss'.
NOTE
This program is obsolete. Replacement for netstat is ss. Replacement
for netstat -r is ip route. Replacement for netstat -i is ip -s link.
Replacement for netstat -g is ip maddr.
I have discovered that ss
performs similar functionality but it does not use
/proc/net/tcp
to acquire system network information.
Now I am curious how ss
gets system network socket information?
回答1:
It gets them from kernel space directly using Netlink which uses the classic sockets API.
回答2:
ss
is included in iproute2 package and is the substitute of the netstat
. ss
is used to dump socket statistics. It shows information similar to netstat
. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (compared to netstat) tool for tracking TCP connections and sockets.
回答3:
Check out the source for ss:
https://github.com/shemminger/iproute2/blob/master/misc/ss.c
Basically it directly queries the kernel and can respond much faster that netstat.
回答4:
ss
is a utility used to investigate sockets in Linux and Unix systems. It shows information similar to netstat
and able to dump socket statistics.
But netstat
cannot be replaced full by ss
. Some netstat
commands correspond better to ip
command.
$ netstat -r replaced by $ ip route
$ netstat -i replaced by $ ip -s lin
$ netstat -g replaced by $ ip maddr
I would say the "older" netstat
command can be replaced with both ss
and ip
commands.
来源:https://stackoverflow.com/questions/11763376/difference-between-netstat-and-ss-in-linux