pstree和ss命令詳解
阿新 • • 發佈:2019-04-03
who 分析 nwr status NPU 畫線 run 似的 lis pstree查看進程樹
將所有進程以樹狀形式顯示,表示進程間的關系
以init進程(PID為1)為根或者指定PID的進程為根
init進程,它是內核啟動的第一個用戶級進程
pstree -V查看版本,這裏介紹22.15
[email protected]:~# pstree -V
pstree (PSmisc) 22.15
版權所有 (C) 1993-2009 Werner Almesberger 和 Craig Small
PSmisc 無任何保證。
該程序為自由軟件,歡迎你在 GNU 通用公共許可證(GPL) 下重新發布。
詳情可參閱 COPYING 文件。相同進程或線程合並顯示,進程名前有相同進程的數量,只顯示進程名,進程的子線程用大括號{}表示
[email protected]:~# pstree init─┬─acpid ├─atd ├─cron ├─dbus-daemon ├─6*[getty] ├─httpd───10*[httpd] ├─irqbalance ├─mysqld───149*[{mysqld}] ├─nginx───6*[nginx] ├─php5-fpm───5*[php5-fpm] ├─rsyslogd───3*[{rsyslogd}] ├─snmpd ├─sshd───sshd───bash───pstree ├─su───java───66*[{java}] ├─udevd───2*[udevd] ├─upstart-socket- ├─upstart-udev-br ├─vim ├─vsftpd ├─whoopsie───{whoopsie} └─wrapper-linux-x─┬─java───56*[{java}] └─{wrapper-linux-x}
pstree -n 按進程號排序
[email protected]:~# pstree -n init─┬─upstart-udev-br ├─udevd───2*[udevd] ├─vsftpd ├─upstart-socket- ├─sshd───sshd─┬─bash │ └─bash───pstree ├─rsyslogd───3*[{rsyslogd}] ├─dbus-daemon ├─6*[getty] ├─cron ├─atd ├─acpid ├─irqbalance ├─whoopsie───{whoopsie} ├─wrapper-linux-x─┬─{wrapper-linux-x} │ └─java───56*[{java}] ├─httpd───10*[httpd] ├─mysqld───76*[{mysqld}] ├─su───java───66*[{java}] ├─php5-fpm───5*[php5-fpm] ├─snmpd ├─vim └─nginx───6*[nginx]
pstree -p顯示進程及其子線程,並且顯示PID
pstree -c顯示進程及其子線程,與pstree -p相同,只是不顯示PID
[email protected]:~# pstree -p
init(1)─┬─acpid(1040)
├─atd(1039)
├─cron(1038)
├─dbus-daemon(968)
├─getty(1021)
├─getty(1027)
├─getty(1031)
├─getty(1032)
├─getty(1035)
├─getty(2519)
├─httpd(1635)─┬─httpd(980)
│ ├─httpd(2443)
│ ├─httpd(2736)
│ ├─httpd(3571)
│ ├─httpd(3804)
│ ├─httpd(5208)
│ ├─httpd(5223)
│ ├─httpd(5334)
│ ├─httpd(30936)
│ └─httpd(31365)
├─irqbalance(1140)
├─mysqld(2229)─┬─{mysqld}(2241)
│ ├─{mysqld}(2242)
│ ├─{mysqld}(2243)
│ ├─{mysqld}(2244)
│ ├─{mysqld}(2245)
│ ├─{mysqld}(2246)
│ ├─{mysqld}(2247)
│ ├─{mysqld}(2248)
│ ├─{mysqld}(2249)
│ ├─{mysqld}(2250)
│ ├─{mysqld}(2252)
│ ├─{mysqld}(2253)
│ ├─{mysqld}(2254)
│ ├─{mysqld}(2255)
│ ├─{mysqld}(2264)
│ ├─{mysqld}(9669)
│ ├─{mysqld}(11878)
│ ├─{mysqld}(11881)
│ ├─{mysqld}(11905)
│ ├─{mysqld}(11907)
│ ├─{mysqld}(11909)
│ ├─{mysqld}(11910)
........pstree -p [PID] 以指定PID的進程為根,顯示進程名和進程號
[email protected]:~# pstree -p 30395
nginx(30395)─┬─nginx(30396)
├─nginx(30397)
├─nginx(30398)
├─nginx(30399)
├─nginx(30400)
└─nginx(30401)pstree -u顯示進程所屬用戶名
[email protected]:~# pstree -u
init─┬─acpid
├─atd(daemon)
├─cron
├─dbus-daemon(messagebus)
├─6*[getty]
├─httpd(svnuser)───10*[httpd]
├─irqbalance
├─mysqld(mysql)───71*[{mysqld}]
├─nginx───6*[nginx(nginx)]
├─php5-fpm───5*[php5-fpm(www-data)]
├─rsyslogd(syslog)───3*[{rsyslogd}]
├─snmpd(snmp)
├─sshd───sshd───bash───pstree
├─su(artifactory)───java───66*[{java}]
├─udevd───2*[udevd]
├─upstart-socket-
├─upstart-udev-br
├─vim
├─vsftpd
├─whoopsie(whoopsie)───{whoopsie}
└─wrapper-linux-x(svnuser)─┬─java───56*[{java}]
└─{wrapper-linux-x}pstree -a 顯示每個程序的完整指令,包含路徑,可能顯示不全,配合-l才完整顯示
[email protected]:~# pstree -a
init
├─acpid -c /etc/acpi/events -s /var/run/acpid.socket
├─atd
├─cron
├─dbus-daemon --system --fork --activation=upstart
├─getty -8 38400 tty4
├─getty -8 38400 tty5
├─getty -8 38400 tty2
├─getty -8 38400 tty3
├─getty -8 38400 tty6
├─getty -8 38400 tty1
├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ └─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
├─irqbalance
├─mysqld
│ └─96*[{mysqld}]
├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ └─nginx
├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ └─php5-fpm
├─rsyslogd -c5
│ └─3*[{rsyslogd}]
├─snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid
├─sshd -D
│ └─sshd
│ └─bash
│ └─pstree -a
├─su - artifactory --shell=/bin/sh -c exec /tar/artifactory-2.5.1.1/bin/artifactory.init /tar/artifactory-2.5.1.1/etc/jetty.xml >>/tar/artifactory-2.5.1.1/logs/consoleout.log 2>&1
│ └─java -server -Xms1g -Xmx1g -Xss512k -XX:+AggressiveOpts -XX:+UseBiasedLocking -XX:PermSize=64M -XX:MaxPermSize=128M -XX:+DisableExplicitGC -XX:MaxTenuringThreshold=31-XX:+Use
│ └─66*[{java}]
├─udevd --daemon
│ ├─udevd --daemon
│ └─udevd --daemon
├─upstart-socket- --daemon
├─upstart-udev-br --daemon
├─vim erp.conf.sav
├─vsftpd
├─whoopsie
│ └─{whoopsie}
└─wrapper-linux-x /opt/csvn/bin/../data/conf/csvn-wrapper.conf wrapper.syslog.ident=csvn wrapper.pidfile=/opt/csvn/bin/../data/run/csvn.pid wrapper.name=csvnwrapper.displayname
├─java -XX:MaxPermSize=128m -Djetty.home=../appserver -Djetty.port=3343 -Djetty.ssl.port=4434 -Xms64m -Xmx512m -Djava.library.path=../lib -classpath ../lib/wrapper.jar-Dwrapper
│ └─56*[{java}]
└─{wrapper-linux-x}pstree -l 不截斷長行,一般與-a連用,顯示完整的命令路徑
[email protected]:~# pstree -al
init
├─acpid -c /etc/acpi/events -s /var/run/acpid.socket
├─atd
├─cron
├─dbus-daemon --system --fork --activation=upstart
├─getty -8 38400 tty4
├─getty -8 38400 tty5
├─getty -8 38400 tty2
├─getty -8 38400 tty3
├─getty -8 38400 tty6
├─getty -8 38400 tty1
├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ └─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
├─irqbalance
├─mysqld
│ └─76*[{mysqld}]
├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ └─nginx
├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ └─php5-fpm
├─rsyslogd -c5
│ └─3*[{rsyslogd}]
├─snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid
├─sshd -D
│ └─sshd
│ ├─bash
│ └─bash
│ └─pstree -al
├─su - artifactory --shell=/bin/sh -c exec /tar/artifactory-2.5.1.1/bin/artifactory.init /tar/artifactory-2.5.1.1/etc/jetty.xml >>/tar/artifactory-2.5.1.1/logs/consoleout.log 2>&1
│ └─java -server -Xms1g -Xmx1g -Xss512k -XX:+AggressiveOpts -XX:+UseBiasedLocking -XX:PermSize=64M -XX:MaxPermSize=128M -XX:+DisableExplicitGC -XX:MaxTenuringThreshold=31 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled -XX:+UseCMSCompactAtFullCollection -XX:LargePageSizeInBytes=128m -XX:+UseFastAccessorMethods -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Djava.awt.headless=true -XX:NewSize=512m -XX:MaxNewSize=512m -XX:-UseConcMarkSweepGC -XX:+UseParNewGC -server -Djetty.home=/tar/artifactory-2.5.1.1 -Dartifactory.home=/tar/artifactory-2.5.1.1 -Dfile.encoding=UTF8 -cp /tar/artifactory-2.5.1.1/artifactory.jar:/tar/artifactory-2.5.1.1/lib/jetty-ajp-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-continuation-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-http-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-io-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-security-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-server-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-servlet-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-util-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-webapp-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-xml-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/servlet-api-2.5.jar:/tar/artifactory-2.5.1.1/lib/wrapper.jar org.artifactory.standalone.main.Main /tar/artifactory-2.5.1.1/etc/jetty.xml
│ └─66*[{java}]
├─udevd --daemon
│ ├─udevd --daemon
│ └─udevd --daemon
├─upstart-socket- --daemon
├─upstart-udev-br --daemon
├─vim erp.conf.sav
├─vsftpd
├─whoopsie
│ └─{whoopsie}
└─wrapper-linux-x /opt/csvn/bin/../data/conf/csvn-wrapper.conf wrapper.syslog.ident=csvn wrapper.pidfile=/opt/csvn/bin/../data/run/csvn.pid wrapper.name=csvn wrapper.displayname=CSVN Console wrapper.daemonize=TRUE wrapper.statusfile=/opt/csvn/bin/../data/run/csvn.status wrapper.java.statusfile=/opt/csvn/bin/../data/run/csvn.java.status
├─java -XX:MaxPermSize=128m -Djetty.home=../appserver -Djetty.port=3343 -Djetty.ssl.port=4434 -Xms64m -Xmx512m -Djava.library.path=../lib -classpath ../lib/wrapper.jar -Dwrapper.key=fbjCafq7XJRD2XTW -Dwrapper.port=32000 -Dwrapper.jvm.port.min=31000 -Dwrapper.jvm.port.max=31999 -Dwrapper.disable_console_input=TRUE -Dwrapper.pid=1295 -Dwrapper.version=3.4.1 -Dwrapper.native_library=wrapper -Dwrapper.service=TRUE -Dwrapper.cpu.timeout=10 -Dwrapper.jvmid=1 org.tanukisoftware.wrapper.WrapperJarApp ../appserver/start.jar
│ └─56*[{java}]
└─{wrapper-linux-x}pstree -A 用 ASCII 畫線符
[email protected]:~# pstree -A
init-+-acpid
|-atd
|-cron
|-dbus-daemon
|-6*[getty]
|-httpd---10*[httpd]
|-irqbalance
|-mysqld---86*[{mysqld}]
|-nginx---6*[nginx]
|-php5-fpm---5*[php5-fpm]
|-rsyslogd---3*[{rsyslogd}]
|-snmpd
|-sshd---sshd---bash---pstree
|-su---java---66*[{java}]
|-udevd---2*[udevd]
|-upstart-socket-
|-upstart-udev-br
|-vim
|-vsftpd
|-whoopsie---{whoopsie}
`-wrapper-linux-x-+-java---56*[{java}]
`-{wrapper-linux-x}pstree -h 高亮顯示當前正在使用的進程
pstree -H [PID] 高亮顯示 "進程號" 指定的進程及其父進程
pstree -s [PID] 顯示所選進程的父級進程
[email protected]:~# pstree -s 5707
init───su───java───{java}pstree -G 使用 VT100 劃線符
pstree -U 使用 UTF-8 (Unicode) 劃線符
ss獲取socket統計信息
它可以顯示和netstat類似的內容。能夠顯示更多更詳細的有關TCP和連接狀態的信息,而且比netstat更快速更高效。
當服務器的socket連接數量變得非常大時,無論是使用netstat命令還是直接cat /proc/net/tcp,執行速度都會很慢。
ss快的秘訣在於,它利用到了TCP協議棧中tcp_diag。tcp_diag是一個用於分析統計的模塊,可以獲得Linux 內核中第一手的信息,這就確保了ss的快捷高效。
ss -h ss的使用幫助
[email protected]:~# ss -h
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, --help this message
-V, --version output version information
-n, --numeric don‘t resolve service names
-r, --resolve resolve host names
-a, --all display all sockets
-l, --listening display listening sockets
-o, --options show timer information
-e, --extended show detailed socket information
-m, --memory show socket memory usage
-p, --processes show process using socket
-i, --info show internal TCP information
-s, --summary show socket usage summary
-4, --ipv4 display only IP version 4 sockets
-6, --ipv6 display only IP version 6 sockets
-0, --packet display PACKET sockets
-t, --tcp display only TCP sockets
-u, --udp display only UDP sockets
-d, --dccp display only DCCP sockets
-w, --raw display only RAW sockets
-x, --unix display only Unix domain sockets
-f, --family=FAMILY display sockets of type FAMILY
-A, --query=QUERY, --socket=QUERY
QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
-D, --diag=FILE Dump raw information about TCP sockets to FILE
-F, --filter=FILE read filter information from FILE
FILTER := [ state TCP-STATE ] [ EXPRESSION ]ss -V ss版本
[email protected]:~# ss -V
ss utility, iproute2-ss111117ss -n 不解析服務名稱,顯示服務對應的端口號,比如mysql:3306;https:443;ssh:22。Ss命令直接顯示服務名稱
[[email protected] ~]# ss
狀態 接收隊列 發送隊列 本地地址:端口號 對等地址:端口號
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.191:https 192.168.5.89:58426
......[[email protected] ~]# ss -n
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.191:443 192.168.5.89:58426
......ss -r 解析主機名
[email protected]:~# ss -r
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 ubuntusvn:https 192.168.5.89:58426
......ss -l 統計處於監聽狀態的socket,默認情況下它們是被忽略的
[email protected]:~# ss -l
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:*
LISTEN 0 50 :::3343 :::*
LISTEN 0 511 *:http *:*
LISTEN 0 100 :::4434 :::*
LISTEN 0 511 *:9876 *:*
LISTEN 0 32 *:ftp *:*
LISTEN 0 128 :::ssh :::*
LISTEN 0 128 *:ssh *:*
LISTEN 0 511 *:https *:*
LISTEN 0 511 *:4444 *:*
LISTEN 0 1 127.0.0.1:32000 *:*
LISTEN 0 50 *:8001 *:*
LISTEN 0 511 *:9990 *:*
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 511 *:8008 *:* ss -a 顯示所有狀態的socket(ESTAB、CLOSE-WAIT、TIME-WAIT、LISTEN等)
ss -o 顯示計時器信息,keepalive默認為120min,可以設置;on是重發時間
[[email protected] ~]# ss -o
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.191:mysql 192.168.5.17:64906 timer:(keepalive,17min,0)
ESTAB 0 52 192.168.1.191:ssh 192.168.5.2:57611 timer:(on,448ms,0)
......ss -e 顯示詳細的socket信息
[[email protected] ~]# ss -e
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.191:3306 192.168.5.82:63573 timer:(keepalive,7min43sec,0) uid:107 ino:13561506 sk:ffff8801135f57c0
ESTAB 0 0 192.168.1.191:3306 192.168.1.203:54196 timer:(keepalive,12min,0) uid:107 ino:13569965 sk:ffff8801b4f16540
ESTAB 0 52 192.168.1.191:ssh 192.168.5.2:57611 timer:(on,440ms,0) ino:12131853 sk:ffff88006b9586c0.
.....ss -m 顯示socket內存使用情況
[[email protected] ~]# ss -m
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.191:https 192.168.5.240:58565 mem:(r0,w0,f0,t0)
......ss -p 顯示使用socket的進程
[[email protected] ~]# ss -p | grep mysql
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.122:mysql 192.168.1.121:53969 users:(("mysqld",24205,110))
ESTAB 0 0 192.168.1.122:mysql 192.168.1.121:54783 users:(("mysqld",24205,45))
ESTAB 0 0 192.168.1.122:mysql 192.168.5.204:49995 users:(("mysqld",24205,106))
......ss -i顯示 tcp 內部信息
[email protected]:~# ss -i
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.122:mysql 192.168.1.121:54678 cubic wscale:7,7 rto:207 rtt:7.75/12 ato:40 cwnd:10 send 14.9Mbps rcv_rtt:1 rcv_space:14480
......ss -s 顯示socket使用概況
[[email protected] ~]# ss -s
Total: 509 (kernel 589)
TCP: 368 (estab 249, closed 9, orphaned 0, synrecv 0, timewait 1/0), ports 201
Transport Total IP IPv6
* 589 - -
RAW 0 0 0
UDP 0 0 0
TCP 359 79 280
INET 359 79 280
FRAG 0 0 0 ss -4 僅顯示 IPv4
ss -6 僅顯示 IPv6
[email protected]:~# ss -6
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 ::ffff:127.0.0.1:31000 ::ffff:127.0.0.1:32000
ESTAB 0 0 ::ffff:192.168.1.191:2100 ::ffff:208.75.196.43:http ss -t 僅顯示 TCP 套接字
ss -u僅顯示 ?UDP套接字
ss -d 僅顯示 DCCP 套接字
ss -w 僅顯示 ?RAW 套接字
ss -x 僅顯示 Unix 套接字
比較netstat和ss的效率,ss比netstat快很多
[email protected]:~# time ?netstat ?-at
real 0m2.667s
user 0m0.000s
sys 0m0.020s
[email protected]:~# time ?ss
real 0m0.013s
user 0m0.000s
sys 0m0.008spstree和ss命令詳解