pstree和ss命令详解
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了pstree和ss命令详解相关的知识,希望对你有一定的参考价值。
pstree查看进程树将所有进程以树状形式显示,表示进程间的关系
以init进程(PID为1)为根或者指定PID的进程为根
init进程,它是内核启动的第一个用户级进程
pstree -V查看版本,这里介绍22.15
[email protected]:~# pstree -V
pstree (PSmisc) 22.15
版权所有 (C) 1993-2009 Werner Almesberger 和 Craig Small
PSmisc 无任何保证。
该程序为自由软件,欢迎你在 GNU 通用公共许可证(GPL) 下重新发布。
详情可参阅 COPYING 文件。相同进程或线程合并显示,进程名前有相同进程的数量,只显示进程名,进程的子线程用大括号{}表示
[email protected]:~# pstree
init─┬─acpid
├─atd
├─cron
├─dbus-daemon
├─6*[getty]
├─httpd───10*[httpd]
├─irqbalance
├─mysqld───149*[{mysqld}]
├─nginx───6*[nginx]
├─php5-fpm───5*[php5-fpm]
├─rsyslogd───3*[{rsyslogd}]
├─snmpd
├─sshd───sshd───bash───pstree
├─su───java───66*[{java}]
├─udevd───2*[udevd]
├─upstart-socket-
├─upstart-udev-br
├─vim
├─vsftpd
├─whoopsie───{whoopsie}
└─wrapper-linux-x─┬─java───56*[{java}]
└─{wrapper-linux-x}pstree -n 按进程号排序
[email protected]:~# pstree -n
init─┬─upstart-udev-br
├─udevd───2*[udevd]
├─vsftpd
├─upstart-socket-
├─sshd───sshd─┬─bash
│ └─bash───pstree
├─rsyslogd───3*[{rsyslogd}]
├─dbus-daemon
├─6*[getty]
├─cron
├─atd
├─acpid
├─irqbalance
├─whoopsie───{whoopsie}
├─wrapper-linux-x─┬─{wrapper-linux-x}
│ └─java───56*[{java}]
├─httpd───10*[httpd]
├─mysqld───76*[{mysqld}]
├─su───java───66*[{java}]
├─php5-fpm───5*[php5-fpm]
├─snmpd
├─vim
└─nginx───6*[nginx]pstree -p显示进程及其子线程,并且显示PID
pstree -c显示进程及其子线程,与pstree -p相同,只是不显示PID
[email protected]:~# pstree -p
init(1)─┬─acpid(1040)
├─atd(1039)
├─cron(1038)
├─dbus-daemon(968)
├─getty(1021)
├─getty(1027)
├─getty(1031)
├─getty(1032)
├─getty(1035)
├─getty(2519)
├─httpd(1635)─┬─httpd(980)
│ ├─httpd(2443)
│ ├─httpd(2736)
│ ├─httpd(3571)
│ ├─httpd(3804)
│ ├─httpd(5208)
│ ├─httpd(5223)
│ ├─httpd(5334)
│ ├─httpd(30936)
│ └─httpd(31365)
├─irqbalance(1140)
├─mysqld(2229)─┬─{mysqld}(2241)
│ ├─{mysqld}(2242)
│ ├─{mysqld}(2243)
│ ├─{mysqld}(2244)
│ ├─{mysqld}(2245)
│ ├─{mysqld}(2246)
│ ├─{mysqld}(2247)
│ ├─{mysqld}(2248)
│ ├─{mysqld}(2249)
│ ├─{mysqld}(2250)
│ ├─{mysqld}(2252)
│ ├─{mysqld}(2253)
│ ├─{mysqld}(2254)
│ ├─{mysqld}(2255)
│ ├─{mysqld}(2264)
│ ├─{mysqld}(9669)
│ ├─{mysqld}(11878)
│ ├─{mysqld}(11881)
│ ├─{mysqld}(11905)
│ ├─{mysqld}(11907)
│ ├─{mysqld}(11909)
│ ├─{mysqld}(11910)
........pstree -p [PID] 以指定PID的进程为根,显示进程名和进程号
[email protected]:~# pstree -p 30395
nginx(30395)─┬─nginx(30396)
├─nginx(30397)
├─nginx(30398)
├─nginx(30399)
├─nginx(30400)
└─nginx(30401)pstree -u显示进程所属用户名
[email protected]:~# pstree -u
init─┬─acpid
├─atd(daemon)
├─cron
├─dbus-daemon(messagebus)
├─6*[getty]
├─httpd(svnuser)───10*[httpd]
├─irqbalance
├─mysqld(mysql)───71*[{mysqld}]
├─nginx───6*[nginx(nginx)]
├─php5-fpm───5*[php5-fpm(www-data)]
├─rsyslogd(syslog)───3*[{rsyslogd}]
├─snmpd(snmp)
├─sshd───sshd───bash───pstree
├─su(artifactory)───java───66*[{java}]
├─udevd───2*[udevd]
├─upstart-socket-
├─upstart-udev-br
├─vim
├─vsftpd
├─whoopsie(whoopsie)───{whoopsie}
└─wrapper-linux-x(svnuser)─┬─java───56*[{java}]
└─{wrapper-linux-x}pstree -a 显示每个程序的完整指令,包含路径,可能显示不全,配合-l才完整显示
[email protected]:~# pstree -a
init
├─acpid -c /etc/acpi/events -s /var/run/acpid.socket
├─atd
├─cron
├─dbus-daemon --system --fork --activation=upstart
├─getty -8 38400 tty4
├─getty -8 38400 tty5
├─getty -8 38400 tty2
├─getty -8 38400 tty3
├─getty -8 38400 tty6
├─getty -8 38400 tty1
├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ └─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
├─irqbalance
├─mysqld
│ └─96*[{mysqld}]
├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ └─nginx
├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ └─php5-fpm
├─rsyslogd -c5
│ └─3*[{rsyslogd}]
├─snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid
├─sshd -D
│ └─sshd
│ └─bash
│ └─pstree -a
├─su - artifactory --shell=/bin/sh -c exec /tar/artifactory-2.5.1.1/bin/artifactory.init /tar/artifactory-2.5.1.1/etc/jetty.xml >>/tar/artifactory-2.5.1.1/logs/consoleout.log 2>&1
│ └─java -server -Xms1g -Xmx1g -Xss512k -XX:+AggressiveOpts -XX:+UseBiasedLocking -XX:PermSize=64M -XX:MaxPermSize=128M -XX:+DisableExplicitGC -XX:MaxTenuringThreshold=31-XX:+Use
│ └─66*[{java}]
├─udevd --daemon
│ ├─udevd --daemon
│ └─udevd --daemon
├─upstart-socket- --daemon
├─upstart-udev-br --daemon
├─vim erp.conf.sav
├─vsftpd
├─whoopsie
│ └─{whoopsie}
└─wrapper-linux-x /opt/csvn/bin/../data/conf/csvn-wrapper.conf wrapper.syslog.ident=csvn wrapper.pidfile=/opt/csvn/bin/../data/run/csvn.pid wrapper.name=csvnwrapper.displayname
├─java -XX:MaxPermSize=128m -Djetty.home=../appserver -Djetty.port=3343 -Djetty.ssl.port=4434 -Xms64m -Xmx512m -Djava.library.path=../lib -classpath ../lib/wrapper.jar-Dwrapper
│ └─56*[{java}]
└─{wrapper-linux-x}pstree -l 不截断长行,一般与-a连用,显示完整的命令路径
[email protected]:~# pstree -al
init
├─acpid -c /etc/acpi/events -s /var/run/acpid.socket
├─atd
├─cron
├─dbus-daemon --system --fork --activation=upstart
├─getty -8 38400 tty4
├─getty -8 38400 tty5
├─getty -8 38400 tty2
├─getty -8 38400 tty3
├─getty -8 38400 tty6
├─getty -8 38400 tty1
├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ ├─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
│ └─httpd -f /opt/csvn/data/conf/httpd.conf -k graceful
├─irqbalance
├─mysqld
│ └─76*[{mysqld}]
├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ ├─nginx
│ └─nginx
├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ ├─php5-fpm
│ └─php5-fpm
├─rsyslogd -c5
│ └─3*[{rsyslogd}]
├─snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid
├─sshd -D
│ └─sshd
│ ├─bash
│ └─bash
│ └─pstree -al
├─su - artifactory --shell=/bin/sh -c exec /tar/artifactory-2.5.1.1/bin/artifactory.init /tar/artifactory-2.5.1.1/etc/jetty.xml >>/tar/artifactory-2.5.1.1/logs/consoleout.log 2>&1
│ └─java -server -Xms1g -Xmx1g -Xss512k -XX:+AggressiveOpts -XX:+UseBiasedLocking -XX:PermSize=64M -XX:MaxPermSize=128M -XX:+DisableExplicitGC -XX:MaxTenuringThreshold=31 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled -XX:+UseCMSCompactAtFullCollection -XX:LargePageSizeInBytes=128m -XX:+UseFastAccessorMethods -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Djava.awt.headless=true -XX:NewSize=512m -XX:MaxNewSize=512m -XX:-UseConcMarkSweepGC -XX:+UseParNewGC -server -Djetty.home=/tar/artifactory-2.5.1.1 -Dartifactory.home=/tar/artifactory-2.5.1.1 -Dfile.encoding=UTF8 -cp /tar/artifactory-2.5.1.1/artifactory.jar:/tar/artifactory-2.5.1.1/lib/jetty-ajp-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-continuation-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-http-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-io-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-security-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-server-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-servlet-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-util-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-webapp-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/jetty-xml-7.0.2.v20100331.jar:/tar/artifactory-2.5.1.1/lib/servlet-api-2.5.jar:/tar/artifactory-2.5.1.1/lib/wrapper.jar org.artifactory.standalone.main.Main /tar/artifactory-2.5.1.1/etc/jetty.xml
│ └─66*[{java}]
├─udevd --daemon
│ ├─udevd --daemon
│ └─udevd --daemon
├─upstart-socket- --daemon
├─upstart-udev-br --daemon
├─vim erp.conf.sav
├─vsftpd
├─whoopsie
│ └─{whoopsie}
└─wrapper-linux-x /opt/csvn/bin/../data/conf/csvn-wrapper.conf wrapper.syslog.ident=csvn wrapper.pidfile=/opt/csvn/bin/../data/run/csvn.pid wrapper.name=csvn wrapper.displayname=CSVN Console wrapper.daemonize=TRUE wrapper.statusfile=/opt/csvn/bin/../data/run/csvn.status wrapper.java.statusfile=/opt/csvn/bin/../data/run/csvn.java.status
├─java -XX:MaxPermSize=128m -Djetty.home=../appserver -Djetty.port=3343 -Djetty.ssl.port=4434 -Xms64m -Xmx512m -Djava.library.path=../lib -classpath ../lib/wrapper.jar -Dwrapper.key=fbjCafq7XJRD2XTW -Dwrapper.port=32000 -Dwrapper.jvm.port.min=31000 -Dwrapper.jvm.port.max=31999 -Dwrapper.disable_console_input=TRUE -Dwrapper.pid=1295 -Dwrapper.version=3.4.1 -Dwrapper.native_library=wrapper -Dwrapper.service=TRUE -Dwrapper.cpu.timeout=10 -Dwrapper.jvmid=1 org.tanukisoftware.wrapper.WrapperJarApp ../appserver/start.jar
│ └─56*[{java}]
└─{wrapper-linux-x}pstree -A 用 ASCII 画线符
[email protected]:~# pstree -A
init-+-acpid
|-atd
|-cron
|-dbus-daemon
|-6*[getty]
|-httpd---10*[httpd]
|-irqbalance
|-mysqld---86*[{mysqld}]
|-nginx---6*[nginx]
|-php5-fpm---5*[php5-fpm]
|-rsyslogd---3*[{rsyslogd}]
|-snmpd
|-sshd---sshd---bash---pstree
|-su---java---66*[{java}]
|-udevd---2*[udevd]
|-upstart-socket-
|-upstart-udev-br
|-vim
|-vsftpd
|-whoopsie---{whoopsie}
`-wrapper-linux-x-+-java---56*[{java}]
`-{wrapper-linux-x}pstree -h 高亮显示当前正在使用的进程
pstree -H [PID] 高亮显示 "进程号" 指定的进程及其父进程
pstree -s [PID] 显示所选进程的父级进程
[email protected]:~# pstree -s 5707
init───su───java───{java}pstree -G 使用 VT100 划线符
pstree -U 使用 UTF-8 (Unicode) 划线符
ss获取socket统计信息
它可以显示和netstat类似的内容。能够显示更多更详细的有关TCP和连接状态的信息,而且比netstat更快速更高效。
当服务器的socket连接数量变得非常大时,无论是使用netstat命令还是直接cat /proc/net/tcp,执行速度都会很慢。
ss快的秘诀在于,它利用到了TCP协议栈中tcp_diag。tcp_diag是一个用于分析统计的模块,可以获得Linux 内核中第一手的信息,这就确保了ss的快捷高效。
ss -h ss的使用帮助
[email protected]:~# ss -h
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]
-h, --help this message
-V, --version output version information
-n, --numeric don‘t resolve service names
-r, --resolve resolve host names
-a, --all display all sockets
-l, --listening display listening sockets
-o, --options show timer information
-e, --extended show detailed socket information
-m, --memory show socket memory usage
-p, --processes show process using socket
-i, --info show internal TCP information
-s, --summary show socket usage summary
-4, --ipv4 display only IP version 4 sockets
-6, --ipv6 display only IP version 6 sockets
-0, --packet display PACKET sockets
-t, --tcp display only TCP sockets
-u, --udp display only UDP sockets
-d, --dccp display only DCCP sockets
-w, --raw display only RAW sockets
-x, --unix display only Unix domain sockets
-f, --family=FAMILY display sockets of type FAMILY
-A, --query=QUERY, --socket=QUERY
QUERY := {all|inet|tcp|udp|raw|unix|packet|netlink}[,QUERY]
-D, --diag=FILE Dump raw information about TCP sockets to FILE
-F, --filter=FILE read filter information from FILE
FILTER := [ state TCP-STATE ] [ EXPRESSION ]ss -V ss版本
[email protected]:~# ss -V
ss utility, iproute2-ss111117ss -n 不解析服务名称,显示服务对应的端口号,比如mysql:3306;https:443;ssh:22。Ss命令直接显示服务名称
[[email protected] ~]# ss
状态 接收队列 发送队列 本地地址:端口号 对等地址:端口号
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.191:https 192.168.5.89:58426
......[[email protected] ~]# ss -n
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.191:443 192.168.5.89:58426
......ss -r 解析主机名
[email protected]:~# ss -r
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 ubuntusvn:https 192.168.5.89:58426
......ss -l 统计处于监听状态的socket,默认情况下它们是被忽略的
[email protected]:~# ss -l
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:*
LISTEN 0 50 :::3343 :::*
LISTEN 0 511 *:http *:*
LISTEN 0 100 :::4434 :::*
LISTEN 0 511 *:9876 *:*
LISTEN 0 32 *:ftp *:*
LISTEN 0 128 :::ssh :::*
LISTEN 0 128 *:ssh *:*
LISTEN 0 511 *:https *:*
LISTEN 0 511 *:4444 *:*
LISTEN 0 1 127.0.0.1:32000 *:*
LISTEN 0 50 *:8001 *:*
LISTEN 0 511 *:9990 *:*
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 511 *:8008 *:* ss -a 显示所有状态的socket(ESTAB、CLOSE-WAIT、TIME-WAIT、LISTEN等)
ss -o 显示计时器信息,keepalive默认为120min,可以设置;on是重发时间
[[email protected] ~]# ss -o
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.191:mysql 192.168.5.17:64906 timer:(keepalive,17min,0)
ESTAB 0 52 192.168.1.191:ssh 192.168.5.2:57611 timer:(on,448ms,0)
......ss -e 显示详细的socket信息
[[email protected] ~]# ss -e
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.191:3306 192.168.5.82:63573 timer:(keepalive,7min43sec,0) uid:107 ino:13561506 sk:ffff8801135f57c0
ESTAB 0 0 192.168.1.191:3306 192.168.1.203:54196 timer:(keepalive,12min,0) uid:107 ino:13569965 sk:ffff8801b4f16540
ESTAB 0 52 192.168.1.191:ssh 192.168.5.2:57611 timer:(on,440ms,0) ino:12131853 sk:ffff88006b9586c0.
.....ss -m 显示socket内存使用情况
[[email protected] ~]# ss -m
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.191:https 192.168.5.240:58565 mem:(r0,w0,f0,t0)
......ss -p 显示使用socket的进程
[[email protected] ~]# ss -p | grep mysql
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.122:mysql 192.168.1.121:53969 users:(("mysqld",24205,110))
ESTAB 0 0 192.168.1.122:mysql 192.168.1.121:54783 users:(("mysqld",24205,45))
ESTAB 0 0 192.168.1.122:mysql 192.168.5.204:49995 users:(("mysqld",24205,106))
......ss -i显示 tcp 内部信息
[email protected]:~# ss -i
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.122:mysql 192.168.1.121:54678 cubic wscale:7,7 rto:207 rtt:7.75/12 ato:40 cwnd:10 send 14.9Mbps rcv_rtt:1 rcv_space:14480
......ss -s 显示socket使用概况
[[email protected] ~]# ss -s
Total: 509 (kernel 589)
TCP: 368 (estab 249, closed 9, orphaned 0, synrecv 0, timewait 1/0), ports 201
Transport Total IP IPv6
* 589 - -
RAW 0 0 0
UDP 0 0 0
TCP 359 79 280
INET 359 79 280
FRAG 0 0 0 ss -4 仅显示 IPv4
ss -6 仅显示 IPv6
[email protected]:~# ss -6
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 ::ffff:127.0.0.1:31000 ::ffff:127.0.0.1:32000
ESTAB 0 0 ::ffff:192.168.1.191:2100 ::ffff:208.75.196.43:http ss -t 仅显示 TCP 套接字
ss -u仅显示 ?UDP套接字
ss -d 仅显示 DCCP 套接字
ss -w 仅显示 ?RAW 套接字
ss -x 仅显示 Unix 套接字
比较netstat和ss的效率,ss比netstat快很多
[email protected]:~# time ?netstat ?-at
real 0m2.667s
user 0m0.000s
sys 0m0.020s
[email protected]:~# time ?ss
real 0m0.013s
user 0m0.000s
sys 0m0.008s以上是关于pstree和ss命令详解的主要内容,如果未能解决你的问题,请参考以下文章