介绍一个监控网卡及网络流量的好工具NICSTAT
最近发现了个好的工具,是监控网卡及网络流量的叫NICSTAT,这里我通过这个例子来说明
当你发现一个陌生的东西,怎样一下子弄熟,概括来讲分为安装,应用两步,细分为:下载,解压缩,读README,安装,读HELP文档,使用。
1,下载解压缩
#wget  wget http://nchc.dl.sourceforge.net/project/nicstat/nicstat-1.92.tar.gz
#tar -zxvf nicstat-1.92.tar.gz 
#cd nicstat-1.92
# ls -la
total 748
drwxr-xr-x 2 innoitwiki innoitwiki   4096 Mar 12 18:08 .
drwxrwxr-x 3 innoitwiki innoitwiki   4096 Mar 12 18:04 ..
-rw-r--r-- 1 innoitwiki innoitwiki   4952 Oct 23 02:05 ChangeLog.txt
-rwxr-xr-x 1 innoitwiki innoitwiki    475 Oct 16 05:49 dladm.sh
-rw-r--r-- 1 innoitwiki innoitwiki   1312 Oct 18 07:47 enicstat
-rw-r--r-- 1 innoitwiki innoitwiki   8902 Oct 18 07:47 LICENSE.txt
-rw-r--r-- 1 innoitwiki innoitwiki   1629 Sep  5  2012 Makefile.Linux
-rw-r--r-- 1 innoitwiki innoitwiki   1596 Oct 18 08:31 Makefile.Solaris
-rw-r--r-- 1 innoitwiki innoitwiki   9423 Oct 23 02:05 nicstat.1
-rw-r--r-- 1 innoitwiki innoitwiki  67376 Oct 23 02:05 nicstat.c
-rwxr-xr-x 1 innoitwiki innoitwiki  29645 Oct 19 08:52 .nicstat.RedHat_5_i386
-rwxr-xr-x 1 innoitwiki innoitwiki   4134 Oct 16 09:38 nicstat.sh
-rwxr-xr-x 1 innoitwiki innoitwiki  69772 Oct 19 08:35 .nicstat.Solaris_10_i386
-rwxr-xr-x 1 innoitwiki innoitwiki  74920 Oct 19 08:36 .nicstat.Solaris_10_sparc
-rwxr-xr-x 1 innoitwiki innoitwiki  77700 Oct 19 08:37 .nicstat.Solaris_11_i386
-rwxr-xr-x 1 innoitwiki innoitwiki  83636 Oct 19 08:39 .nicstat.Solaris_11_sparc
-rwxr-xr-x 1 innoitwiki innoitwiki 112448 Oct 19 08:49 .nicstat.Solaris_9_i386
-rwxr-xr-x 1 innoitwiki innoitwiki 127104 Oct 19 08:44 .nicstat.Solaris_9_sparc
-rwx------ 1 innoitwiki innoitwiki  32250 Oct 19 09:02 .nicstat.Ubuntu_8_i386
-rw-r--r-- 1 innoitwiki innoitwiki    834 Oct 23 02:05 README.txt
2,读README
# cat README.txt 
nicstat 1.92 README
===================
 
nicstat is licensed under the Artistic License 2.0.  You can find a
copy of this license as LICENSE.txt included with the nicstat
distribution, or at http://www.perlfoundation.org/artistic_license_2_0
 
 
AUTHORS
[email protected] (formerly [email protected]), Brendan Gregg
(formerly [email protected])
 
HOW TO BUILD ON SOLARIS
mv Makefile.Solaris Makefile
make
 
HOW TO BUILD ON LINUX
mv Makefile.Linux Makefile
make
 
HOW TO INSTALL
make [BASEDIR=] install
 
Default BASEDIR is /usr/local
 
HOW TO INSTALL A MULTI-PLATFORM SET OF BINARIES
        1. (Optional) Change BASEDIR, BINDIR and/or MP_DIR in Makefile
2. make install_multi_platform
3. (Optional) add links or binaries for your platform(s)
 
HOME PAGE
http://blogs.sun.com/timc/entry/nicstat_the_solaris_and_linux
 
3,安装
# mv Makefile.Linux Makefile
# make 
The program 'make' is currently not installed.  You can install it by typing:
apt-get install make
# apt-get install make #当使用系统命令MAKE时,显示没有,所以先安装
 
Reading package lists... 0%
 
Reading package lists... 100%
 
Reading package lists... Done
Building dependency tree... 0%
 
Building dependency tree... 0%
 
Building dependency tree... 50%
 
Building dependency tree... 50%
 
Building dependency tree       
Reading state information... 0%
 
Reading state information... 1%
 
Reading state information... DoneSuggested packages:
  make-doc
The following NEW packages will be installed:
  make
0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded.
Need to get 0 B/116 kB of archives.
After this operation, 319 kB of additional disk space will be used.
 
 
0% [Working]
            
50% [Working]
             
Selecting previously unselected package make.
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 54391 files and directories currently installed.)
Unpacking make (from .../make_3.81-8.1ubuntu1.1_i386.deb) ...
Processing triggers for man-db ...
Setting up make (3.81-8.1ubuntu1.1) ...
# make 
gcc -O3 -m32    nicstat.c   -o nicstat
nicstat.c:99:0: warning: "DUPLEX_UNKNOWN" redefined [enabled by default]
/usr/include/linux/ethtool.h:839:0: note: this is the location of the previous definition
nicstat.c: In function 鈥榣oad_netstat鈥?
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
mv nicstat `./nicstat.sh --bin-name`
# make install
gcc -O3 -m32    nicstat.c   -o nicstat
nicstat.c:99:0: warning: "DUPLEX_UNKNOWN" redefined [enabled by default]
/usr/include/linux/ethtool.h:839:0: note: this is the location of the previous definition
nicstat.c: In function 鈥榣oad_netstat鈥?
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]
sudo install -o root -g root -m 4511 `./nicstat.sh --bin-name` /usr/local/bin/nicstat
sudo install -o bin -g bin -m 555 enicstat /usr/local/bin
sudo install -o bin -g bin -m 444 nicstat.1 /usr/local/share/man/man1/nicstat.1
install: cannot create regular file `/usr/local/share/man/man1/nicstat.1': No such file or directory
make: *** [install_man] Error 1
4,MAKE INSTALL时报错了,根据提示为系统/usr/local/share/man/目录下没有man1那个目录,所以我们要先建这个目录,这也说明安装这个
工具说顺便安装了他的man手册,而且是man1就是默认的手册
# cd /usr/local/share/man/
# mkdir man1
# ls
man1
# make install #再安装时就没有错误了
sudo install -o root -g root -m 4511 `./nicstat.sh --bin-name` /usr/local/bin/nicstat
sudo install -o bin -g bin -m 555 enicstat /usr/local/bin
sudo install -o bin -g bin -m 444 nicstat.1 /usr/local/share/man/man1/nicstat.1
 
5,首先看看help,里面有工具用法的简单介绍
# nicstat -h
USAGE: nicstat [-hvnsxpztual] [-i int[,int...]]
   [-S int:mbps[,int:mbps...]] [interval [count]]
 
         -h                 # help
         -v                 # show version (1.92)
         -i interface       # track interface only
         -n                 # show non-local interfaces only (exclude lo0)
         -s                 # summary output
         -x                 # extended output
         -p                 # parseable output
         -z                 # skip zero value lines
         -t                 # show TCP statistics
         -u                 # show UDP statistics
         -a                 # equivalent to "-x -u -t"
         -l                 # list interface(s)
         -M                 # output in Mbits/sec
         -S int:mbps[fd|hd] # tell nicstat the interface
                            # speed (Mbits/sec) and duplex
    eg,
       nicstat              # print summary since boot only
       nicstat 1            # print every 1 second
       nicstat 1 5          # print 5 times only
       nicstat -z 1         # print every 1 second, skip zero lines
       nicstat -i hme0 1    # print hme0 only every 1 second
6,尝试一下命令的用法
# nicstat -i eth0
    Time      Int   rKB/s   wKB/s   rPk/s   wPk/s    rAvs    wAvs %Util    Sat
18:17:51     eth0    0.15    0.05    1.20    0.14   131.0   336.2  0.00   0.01
# nicstat -u
18:18:10                    InDG   OutDG     InErr  OutErr
UDP                         0.00    0.00      0.00    0.00
# nicstat -a
18:19:14    InKB   OutKB   InSeg  OutSeg Reset  AttF %ReTX InConn OutCon Drops
TCP         0.00    0.00    0.15    0.14  0.00  0.00 0.000   0.00   0.00  0.00
18:19:14                    InDG   OutDG     InErr  OutErr
UDP                         0.00    0.00      0.00    0.00
18:19:14      RdKB    WrKB   RdPkt   WrPkt   IErr  OErr  Coll  NoCP Defer  %Util
lo            0.00    0.00    0.00    0.00   0.00  0.00  0.00  0.00  0.00   0.00
eth0          0.15    0.05    1.20    0.14   0.00  0.00  0.00  0.00  0.00   0.00
7,如果要详细了解可以拜读他的man手册
# man nicstat
nicstat(1)                                                                                                     nicstat(1)
 
NAME
       nicstat, enicstat - print network traffic statistics
 
SYNOPSIS
       nicstat [-hvnsxpztualkM] [-iinterface] [-Sint:mbps[fd|hd]] [interval [count]]
 
       enicstat
 
DESCRIPTION
       nicstat prints out network statistics for all network cards (NICs), including packets, kilobytes per second, aver鈥?
       age packet sizes and more.
 
OPTIONS
       -h        Display brief usage information (help).
 
       -v        Display nicstat version (and additional fields when combined with '-l')
 
       -n        Show statistics for non-local (i.e. non-loopback) interfaces only.
 
       -s        Display summary output - just the amount of data received (read) and transmitted (written).
 
       -x        Display extended output.  See OUTPUT section for details.
 
       -M        Display interface throughput statistics in Mbps (megabits per  second),  instead  of  the  default  KB/s
                 (kilobytes per second).
 
                 NOTE - interface statistics are reported to operating systems in bytes.  nicstat does not know if Ether鈥?
                 net or other hardware overheads are included in the statistic on each platform.
 
       -p        Display output in parseable format.  This outputs one line  per  interface,  in  the  following  formats
                 (which correspond to the default, -x, -t and -u options; respectively):
 
              time:In:rKB/s:wKB/s:rPk/s:wPk/s:%Util:Sat
              time:In:rKB/s:wKB/s:rPk/s:wPk/s:%Util:Sat:IErr:OErr:Coll:NoCP:Defer          time:TCP:InKB:OutKB:InSeg:Out鈥?
              Seg:Reset:AttF:%ReTX:InConn:OutCon:Drops time:UDP:InDG:OutDG:InErr:OutErr
 
                 where time is the number of seconds since midnight, Jan 1  1970  (UST)  and  the  other  fields  are  as
                 described in the OUTPUT section below.
 
                 NOTE - throughput statistics are always in KB/s (kilbytes per second) for parseable formats, even if the
                 "-M" flag has been specified.
 
       -z        Skip interfaces for which there was zero traffic for the sample period.
 
       -t        Show TCP statistics.
 
 Manual page nicstat(1) line 1 (press h for help or q to quit)
       -u        Show UDP statistics.
 
       -a        Equvalent to '-x -t -u'.
 
       -l        Just list interfaces.
 
       -iinterface[,interface...]
                 Show statistics for only the interface(s) listed.  Multiple interfaces can be listed, separated by  com鈥?
                 mas (,).
 
       -Sint:speed[fd|hd]
                 (Linux  only).   Specify  the  speed  (and optionally duplex mode) of one or more interfaces.  The given
                 speed(s) are in megabits/second.  The duplex mode will default to "full" unless a suffix beginning  with
                 "h"  or  "H"  is  specified.   Speed  and  duplex  mode  are obtained automatically on Solaris using the
                 "ifspeed" and "link_duplex" kstat values.
 
       -k        (Solaris only).  Search for active network interfaces by looking for kstat "link_state" statistics  with
                 a  value  of  1.   This  is only of value on systems running Solaris 10 (or early releases of Solaris 11
                 Express), with Exclusive IP Zones, where the interfaces given to an Exclusive IP Zone are not  otherwise
                 visible.   If  you  are  running  Solaris  9 (or earlier), or Solaris 11 (or later) you do not need this
                 option.
 
OPERANDS
       interval  Specifies the number of seconds between samples.
 
       count     Specifies the number of times that the statistics are repeated.  If no count is specified, nicstat  will
                 repeat statistics indefinitely.
 
OUTPUT
       The fields of nicstat's display are:
 
       Time      The time corresponding to the end of the sample shown, in HH:MM:SS format (24-hour clock).
 
       Int       The interface name.
 
       rKB/s, InKB
                 Kilobytes/second read (received).
 
       wKB/s, OutKB
                 Kilobytes/second written (transmitted).
 
       rMbps, RdMbps
                 Megabits/second read (received).
 
       wMbps, WrMbps
                 Megabits/second written (transmitted).
 
       rPk/s, InSeg, InDG
                 Packets (TCP Segments, UDP Datagrams)/second read (received).
 Manual page nicstat(1) line 55 (press h for help or q to quit)       wPk/s, OutSeg, OutDG
                 Packets (TCP Segments, UDP Datagrams)/second written (transmitted).
 
       rAvs      Average size of packets read (received).
 
       wAvs      Average size of packets written (transmitted).
 
       %Util     Percentage  utilization  of  the interface.  For full-duplex interfaces, this is the greater of rKB/s or
                 wKB/s as a percentage of the interface speed.  For half-duplex interfaces, rKB/s and wKB/s are summed.
 
       Sat       Saturation.  This the number of errors/second seen for the interface - an indicator the interface may be
                 approaching  saturation.   This  statistic is combined from a number of kernel statistics.  It is recom鈥?
                 mended to use the '-x' option to see more individual statistics (those mentioned below) when  attempting
                 to diagnose a network issue.
 
       IErr      Packets received that could not be processed because they contained errors
 
       OErr      Packets that were not successfully transmitted because of errors
 
       Coll      Ethernet collisions during transmit.
 
       NoCP      No-can-puts.   This  is  when an incoming packet can not be put to the process reading the socket.  This
                 suggests the local process is unable to process incoming packets in a timely manner.
 
       Defer     Defer Transmits.  Packets without collisions where first transmit attempt was delayed because the medium
                 was busy.
 
       Reset     tcpEstabResets.  The  number  of times TCP connections have made a direct transition to the CLOSED state
                 from either the ESTABLISHED state or the CLOSE-WAIT state.
 
       AttF      tcpAttemptFails - The number of times that TCP connections have made a direct transition to  the  CLOSED
                 state  from  either  the  SYN-SENT state or the SYN-RCVD state, plus the number of times TCP connections
                 have made a direct transition to the LISTEN state from the SYN-RCVD state.
 
       %ReTX     Percentage of TCP segments retransmitted - that is, the number of TCP  segments  transmitted  containing
                 one or more previously transmitted octets.
 
       InConn    tcpPassiveOpens - The number of times that TCP connections have made a direct transition to the SYN-RCVD
                 state from the LISTEN state.
 
       OutCon    tcpActiveOpens - The number of times that TCP connections have made a direct transition to the  SYN-SENT
                 state from the CLOSED state.
 
       Drops     tcpHalfOpenDrop + tcpListenDrop + tcpListenDropQ0.
 
       tcpListenDrop  and  tcpListenDropQ0 - Number of connections dropped from the completed connection queue and incom鈥?
       plete connection queue, respectively.  tcpHalfOpenDrops - Number of connections  dropped  after  the  initial  SYN
       packet was received.
 Manual page nicstat(1) line 107 (press h for help or q to quit)       The  first  set  of  statistics printed are averages since system boot.  If no interval operand is specified, or a
       count value of "1" is specified, this will be the only sample printed.
 
EXAMPLES
       Print average statistics from boot time to now only:
 
            $ nicstat
 
       Print statistics for all interfaces, every 3 seconds:
 
            $ nicstat 3
 
       Print statistics for all interfaces, every 5 seconds, finishing after 10 samples:
 
            $ nicstat 5 10
 
       Print statistics every 3 seconds, only for interfaces "hme0" and "hme1":
 
            $ nicstat -i hme0,hme1 3
 
       Print statistics for  non-local  interfaces,  setting  speed  of  "eth0"  and  "eth1"  to  10mbps/half-duplex  and
       1000mbps/full-duplex, respectively:
 
            $ nicstat -n -S eth0:10h,eth1:1000 5
 
SEE ALSO
       netstat(1M) kstat(1M), kstat(3KSTAT), mibiisa(1M), ethtool(8)
 
       "nicstat  -  the  Solaris  and  Linux  Network  Monitoring  Tool  You  Did Not Know You Needed" -http://blogs.ora鈥?
       cle.com/timc/entry/nicstat_the_solaris_and_linux
 
NOTES
       On Linux, the NoCP, Defer, TCP InKB, and TCP OutKB statistics are always reported as zero.
 
       The way that saturation is reported is a best effort, as there is no standardized naming  to  capture  all  errors
       related  to  an  interface's  inability to receive or transmit a packet.  Monitoring %Util and packet rates, along
       with an understanding of the specific NICs may be more useful in judging whether you are nearing saturation.
 
       The -S option is provided for the Linux edition as nicstat requires  super-user  privilege  to  obtain  speed  and
       duplex  mode information for interfaces.  If you are unable to set up nicstat as setuid-root, a script named enic鈥?
       stat is available, which uses the ethtool utility then calls nicstat with an -S value.   ethtool  itself  requires
       super-user privilege for this to work.
 
4th Berkeley Distribution                              25 Apr 2011                                             nicstat(1)
 Manual page nicstat(1) line 154/204 (END) (press h for help or q to quit)
 
 Manual page nicstat(1) line 154/204 (END) (press h for help or q to quit)
 
 Manual page nicstat(1) line 154/204 (END) (press h for help or q to quit)