[conspire] ss(8) (was: Re: Party with iproute2 like it's 1999)

Ruben Safir ruben at mrbrklyn.com
Fri Mar 13 04:31:59 PDT 2020


On Fri, Mar 13, 2020 at 01:58:10AM -0700, Michael Paoli wrote:
> ss(8) is damn fine!  :-)  Though it *does* take some getting used to.
> 
> One of many cool things with ss(8) is it does in-kernel filtering.
> E.g., want to know if one has stuff listening on TCP ports 80 and/or 443?:
> $ ss -nlt '( sport = :80 or sport = :443 )'
> State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
> LISTEN     0      128         :::80                      :::*
> LISTEN     0      128         :::443                     :::*
> $

Your inability to use grep is not a reason to be stuck with such a
complex and shitty program.

REALLY '( sport = :80 or sport = :443 )'

This is an example of the kind of thinking that makes a program like ss
suck so much.

That is my opinion.  I learned the prinicple of KISS in the army where
getting things done can save your life, and memorizing obscure syntax is
a waste of time that prevents one from drinking at the Hassinda..
or can get your killed in the battlefield.



> With ye olde netstat, one would be doing stuff with some type of
> string or Regular Expression (RE) matching - both much less efficient, and
> would also run risk of false positives from stuff matched not exactly
> where one expected (unless one was super careful with the REs, and
> netstat didn't give slightly unexpected changes in output format).
> Likewise for state of connections, etc., ss(8) gets you exactly and only
> what you want - no more, no less, and mostly don't need processing/filtering
> after to narrow it down to only and exactly what one wants.  Sometimes
> these differences in performance are very dramatic when one looks at a
> very busy heavily loaded system with many hundreds of thousands or more
> connections / traffic in various states.  In such case, ss(8) shines, and
> is dang fast and efficient.  Using netstat and post-processing was often
> not only much much slower, but itself was much more of a performance impact
> on an already heavily loaded system.  I've seen folks hobble systems by
> running netstat too frequently (e.g. one or more times per minute) on
> heavily loaded systems ... when netstat would take more than a minute to
> complete, things would often then get very bad very fast.  I've thus far
> always seen ss(8) to continue to be pretty dang fast and efficient ... and
> even more so if one uses the appropriate built-in filtering capabilities to
> filter to just the data one actually wants/needs.
> 
> >From: "Nick Moffitt" <nick at zork.net>
> >Subject: Re: [conspire] Party with iproute2 like it's 1999
> >Date: Wed, 11 Mar 2020 22:56:46 +0000
> 
> >On 11Mar2020 06:08pm (-0400), Ruben Safir wrote:
> >>ss is particuarly crap.  I know this changes nothing, it is is crap.
> >
> >What you may not know is that ss supports nearly all of the
> >command-line options you're familiar with in netstat.  Once I
> >learned this, I switched my muscle-memory to things like `ss -tln`
> >and moved on from there.
> 
> 
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire

-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com 

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive 
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com 

Being so tracked is for FARM ANIMALS and extermination camps, 
but incompatible with living as a free human being. -RI Safir 2013




More information about the conspire mailing list