10.6 监控io性能
iostat
与sar同属一个包
[root@hyc-01-01 ~]# iostat 显示信息类似sar –b
Linux 3.10.0-693.el7.x86_64 (hyc-01-01) 2018年07月11日 _x86_64_ (1 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.06 0.00 0.15 0.00 0.00 99.79
Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
sda 0.18 2.95 1.89 227609 146156
[root@hyc-01-01 ~]# iostat 1 每秒显示一次
[root@hyc-01-01 ~]# iostat -x
Linux 3.10.0-693.el7.x86_64 (hyc-01-01) 2018年07月11日 _x86_64_ (1 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.06 0.00 0.15 0.00 0.00 99.79
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.00 0.01 0.11 0.08 2.91 1.87 52.67 0.00 1.60 0.99 2.44 0.60 0.01
%util:单位时间内cpu等待io所用时间占比,该值过大说明磁盘io较差
若rkB/s和wkB/s较小但%util仍较大则说明磁盘可能存在故障;
iotop命令
[root@hyc-01-01 ~]# yum install -y iotop 安装iotop命令
[root@hyc-01-01 ~]# iotop 查看进程对磁盘使用情况
Total DISK READ : 0.00 B/s | Total DISK WRITE : 0.00 B/s
Actual DISK READ: 0.00 B/s | Actual DISK WRITE: 0.00 B/s
TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND
1 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % systemd --s~serialize 21
2 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kthreadd]
3 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksoftirqd/0]
5 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kworker/0:0H]
7 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [migration/0]
…
IO> 单位时间内进程占用IO的百分比
10.7 free命令
用于查看内存使用情况
[root@hyc-01-01 ~]# free
total used free shared buff/cache available
Mem: 1008152 132904 507340 6888 367908 691460
Swap: 2097148 0 2097148
mem 内存 swap 交换分区
默认单位为KB
[root@hyc-01-01 ~]# free –m 将信息以MB为单位显示
total used free shared buff/cache available
Mem: 984 129 495 6 359 675
Swap: 2047 0 2047
[root@hyc-01-01 ~]# free –h 在具体数字后加上单位
total used free shared buff/cache available
Mem: 984M 129M 495M 6.7M 359M 675M
Swap: 2.0G 0B 2.0G
buffer和cache:
Linux操作系统会将内存预分配一部分给buffer和cache;
cache:磁盘里的数据要到cpu去处理,数据会先被从磁盘读入内存的cache中,再从cache到cpu
buffer:cpu中处理完的数据写入磁盘时会先被放到内存的buffer中,再从buffer写入磁盘
available=free+未被使用的buffer/cache
total=used+free+buffer/cache
查看剩余内存时通常关注available
swap:
swap中used过多可能因为内存不充足导致内存与交换分区发生数据交换
也有可能是内存泄露导致内存被占满导致需要使用swap分区将暂时不用的数据交换出内存
10.8 ps命令
用于查看进程
[root@hyc-01-01 ~]# ps aux 静态显示当前进程信息
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.6 128208 6856 ? Ss 7月11 0:03 /usr/lib/systemd/s
root 2 0.0 0.0 0 0 ? S 7月11 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 7月11 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 7月11 0:00 [kworker/0:0H]
root 运行进程的用户
5 PID,杀死进程时用到
%CPU
%MEM
VSZ 虚拟内存
RSS 物理内存,同top命令的RES
TTY 在哪个TTY上
STAT 进程状态
D不能中断的进程,中断可能对程序或系统有影响
R run状态进程,在该时间段内在使用cpu而不一定是这一时刻在使用
S 进程暂时进入不使用cpu、不运行的sleep状态,过一段时间后可能会重新激活
T 被暂停的进程,按ctrl+z会使进程进入T状态,可以使用fg,此时进程状态会变为S或R
+ 当进程在前台运行时会用+表示
Z 僵尸进程,主进程已不存在但却遗留下的一些无用的子进程
< 高优先级进程,可以优先使用内存、cpu等资源
N 低优先级进程
L 内存中被锁了内存分页
s 主进程
l 多线程进程,一个进程里有多个线程,进程间内存不共享,但同一进程下的所有线程共同使用了该进程的内存区域
START 启动时间
TIME 运行时间
COMMAND 命令
…
[root@hyc-01-01 ~]# ps aux|grep mysql 查看系统中是否有mysql相关进程
root 6229 0.0 0.0 112720 984 pts/0 S+ 19:47 0:00 grep --color=auto mysql
[root@hyc-01-01 ~]# ls -l /proc/535
总用量 0
dr-xr-xr-x. 2 root root 0 7月 12 07:32 attr
-rw-r--r--. 1 root root 0 7月 12 20:37 autogroup
-r--------. 1 root root 0 7月 12 20:37 auxv
-r--r--r--. 1 root root 0 7月 3 19:25 cgroup
--w-------. 1 root root 0 7月 12 20:37 clear_refs
-r--r--r--. 1 root root 0 7月 3 19:25 cmdline
-rw-r--r--. 1 root root 0 7月 3 19:25 comm
-rw-r--r--. 1 root root 0 7月 12 20:37 coredump_filter
-r--r--r--. 1 root root 0 7月 12 20:37 cpuset
lrwxrwxrwx. 1 root root 0 7月 12 20:37 cwd -> /
-r--------. 1 root root 0 7月 12 20:37 environ
lrwxrwxrwx. 1 root root 0 7月 3 19:25 exe -> /usr/bin/python2.7
…
/proc/目录下有以进程PID命名的进程相关目录,在这里可以查看进程的启动位置
10.9 查看网络状态
默认服务器不开放任何端口;
当服务器要对外提供服务时,需要开放端口,让服务的进程监听指定的端口接收和发送数据;
netstat
-lnp
[root@hyc-01-01 ~]# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 854/sshd
服务器通过22端口对外提供sshd(PID 854)服务,该应用采用tcp连接
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 957/master
tcp6 0 0 :::22 :::* LISTEN 854/sshd
tcp6 0 0 ::1:25 :::* LISTEN 957/master
udp 0 0 127.0.0.1:323 0.0.0.0:* 510/chronyd
udp6 0 0 ::1:323 :::* 510/chronyd
raw6 0 0 :::58 :::* 7 552/NetworkManager
linux中还有很多socket文件用于同一台服务器两个进程间相互通信,netstat也可以查看系统中有哪些socket文件在监听:
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 17933 957/master public/qmgr
unix 2 [ ACC ] STREAM LISTENING 17970 957/master public/showq
unix 2 [ ACC ] STREAM LISTENING 17955 957/master public/flush
unix 2 [ ACC ] STREAM LISTENING 14084 1/systemd /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 11806 1/systemd /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 17937 957/master private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 17940 957/master private/rewrite
unix 2 [ ACC ] STREAM LISTENING 17943 957/master private/bounce
unix 2 [ ACC ] STREAM LISTENING 17946 957/master private/defer
unix 2 [ ACC ] STREAM LISTENING 17949 957/master private/trace
unix 2 [ ACC ] STREAM LISTENING 17952 957/master private/verify
unix 2 [ ACC ] STREAM LISTENING 17958 957/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 17961 957/master private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 17964 957/master private/smtp
unix 2 [ ACC ] STREAM LISTENING 17967 957/master private/relay
unix 2 [ ACC ] STREAM LISTENING 17973 957/master private/error
unix 2 [ ACC ] STREAM LISTENING 17976 957/master private/retry
unix 2 [ ACC ] STREAM LISTENING 15168 498/VGAuthService /var/run/vmware/guestServicePipe
unix 2 [ ACC ] STREAM LISTENING 17979 957/master private/discard
unix 2 [ ACC ] STREAM LISTENING 17982 957/master private/local
unix 2 [ ACC ] STREAM LISTENING 17985 957/master private/virtual
unix 2 [ ACC ] STREAM LISTENING 17988 957/master private/lmtp
unix 2 [ ACC ] STREAM LISTENING 17991 957/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 17994 957/master private/scache
unix 2 [ ACC ] SEQPACKET LISTENING 11852 1/systemd /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 17926 957/master public/pickup
unix 2 [ ACC ] STREAM LISTENING 17930 957/master public/cleanup
unix 2 [ ACC ] STREAM LISTENING 7655 1/systemd /run/systemd/journal/stdout
-an
root@hyc-01-01 ~]# netstat –an 查看tcp/ip状态
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 52 192.168.31.129:22 192.168.31.1:53766 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 ::1:323 :::*
raw6 0 0 :::58 :::* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 17933 public/qmgr
unix 2 [ ACC ] STREAM LISTENING 17970 public/showq
unix 2 [ ACC ] STREAM LISTENING 17955 public/flush
unix 2 [ ACC ] STREAM LISTENING 14084 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 11806 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 17937 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 17940 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 17943 private/bounce
unix 2 [ ACC ] STREAM LISTENING 17946 private/defer
unix 2 [ ACC ] STREAM LISTENING 17949 private/trace
unix 2 [ ACC ] STREAM LISTENING 17952 private/verify
unix 2 [ ACC ] STREAM LISTENING 17958 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 17961 private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 17964 private/smtp
unix 2 [ ACC ] STREAM LISTENING 17967 private/relay
unix 2 [ ACC ] STREAM LISTENING 17973 private/error
unix 2 [ ACC ] STREAM LISTENING 17976 private/retry
unix 2 [ ACC ] STREAM LISTENING 15168 /var/run/vmware/guestServicePipe
unix 2 [ ACC ] STREAM LISTENING 17979 private/discard
unix 2 [ ACC ] STREAM LISTENING 17982 private/local
unix 2 [ ACC ] STREAM LISTENING 17985 private/virtual
unix 2 [ ACC ] STREAM LISTENING 17988 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 17991 private/anvil
unix 2 [ ACC ] STREAM LISTENING 17994 private/scache
unix 2 [ ] DGRAM 11850 /run/systemd/shutdownd
unix 2 [ ACC ] SEQPACKET LISTENING 11852 /run/udev/control
unix 2 [ ] DGRAM 14727 /var/run/chrony/chronyd.sock
unix 2 [ ACC ] STREAM LISTENING 17926 public/pickup
unix 2 [ ACC ] STREAM LISTENING 17930 public/cleanup
unix 2 [ ] DGRAM 7645 /run/systemd/notify
unix 2 [ ] DGRAM 7647 /run/systemd/cgroups-agent
unix 2 [ ACC ] STREAM LISTENING 7655 /run/systemd/journal/stdout
unix 5 [ ] DGRAM 7658 /run/systemd/journal/socket
unix 14 [ ] DGRAM 7660 /dev/log
unix 3 [ ] STREAM CONNECTED 17983
unix 2 [ ] DGRAM 17899
unix 3 [ ] STREAM CONNECTED 17981
unix 3 [ ] STREAM CONNECTED 17928
unix 3 [ ] STREAM CONNECTED 17980
unix 3 [ ] STREAM CONNECTED 13941
unix 3 [ ] STREAM CONNECTED 17987
unix 3 [ ] STREAM CONNECTED 13942
unix 3 [ ] STREAM CONNECTED 17986
unix 3 [ ] STREAM CONNECTED 14399
unix 2 [ ] DGRAM 13932
unix 3 [ ] STREAM CONNECTED 17984
unix 3 [ ] STREAM CONNECTED 17975
unix 2 [ ] DGRAM 14647
unix 3 [ ] STREAM CONNECTED 17974
unix 2 [ ] DGRAM 15077
unix 3 [ ] DGRAM 12674
unix 3 [ ] STREAM CONNECTED 14981
unix 2 [ ] DGRAM 14814
unix 3 [ ] STREAM CONNECTED 14266 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 17978
unix 3 [ ] STREAM CONNECTED 14982 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 17927
unix 3 [ ] STREAM CONNECTED 17977
unix 2 [ ] DGRAM 12633
unix 3 [ ] STREAM CONNECTED 15318
unix 3 [ ] STREAM CONNECTED 17968
unix 3 [ ] STREAM CONNECTED 14239
unix 3 [ ] STREAM CONNECTED 14400 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 17966
unix 3 [ ] STREAM CONNECTED 17255 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 17965
unix 3 [ ] STREAM CONNECTED 14442 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 17972
unix 3 [ ] DGRAM 12673
unix 3 [ ] STREAM CONNECTED 17956
unix 3 [ ] STREAM CONNECTED 14264
unix 3 [ ] STREAM CONNECTED 17971
unix 3 [ ] STREAM CONNECTED 14240 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 12630
unix 3 [ ] STREAM CONNECTED 14265
unix 3 [ ] STREAM CONNECTED 17969
unix 3 [ ] STREAM CONNECTED 17960
unix 3 [ ] STREAM CONNECTED 17570
unix 3 [ ] STREAM CONNECTED 17959
unix 3 [ ] STREAM CONNECTED 17571 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 17957
unix 3 [ ] STREAM CONNECTED 17254
unix 3 [ ] STREAM CONNECTED 17963
unix 3 [ ] STREAM CONNECTED 14117
unix 3 [ ] STREAM CONNECTED 17962
unix 3 [ ] STREAM CONNECTED 14441
unix 3 [ ] STREAM CONNECTED 12631 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 17951
unix 2 [ ] DGRAM 15087
unix 3 [ ] STREAM CONNECTED 15459 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 17953
unix 3 [ ] STREAM CONNECTED 17954
unix 3 [ ] STREAM CONNECTED 17947
unix 3 [ ] STREAM CONNECTED 17924
unix 3 [ ] STREAM CONNECTED 17948
unix 3 [ ] STREAM CONNECTED 15319 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 17950
unix 3 [ ] STREAM CONNECTED 15458
unix 3 [ ] STREAM CONNECTED 15213
unix 3 [ ] STREAM CONNECTED 17944
unix 3 [ ] STREAM CONNECTED 17925
unix 3 [ ] STREAM CONNECTED 17945
unix 2 [ ] DGRAM 148535
unix 3 [ ] STREAM CONNECTED 17131
unix 2 [ ] DGRAM 15023
unix 3 [ ] STREAM CONNECTED 17939
unix 2 [ ] DGRAM 126087
unix 3 [ ] STREAM CONNECTED 17941
unix 3 [ ] STREAM CONNECTED 14658
unix 2 [ ] DGRAM 15296
unix 3 [ ] STREAM CONNECTED 17942
unix 3 [ ] STREAM CONNECTED 14659 /var/run/dbus/system_bus_socket
unix 2 [ ] DGRAM 18097
unix 3 [ ] STREAM CONNECTED 17996
unix 3 [ ] STREAM CONNECTED 17938
unix 3 [ ] STREAM CONNECTED 14644
unix 3 [ ] STREAM CONNECTED 15269 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 14666
unix 3 [ ] STREAM CONNECTED 14645 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 15268
unix 3 [ ] STREAM CONNECTED 17932
unix 3 [ ] STREAM CONNECTED 14492 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 17989
unix 2 [ ] DGRAM 15346
unix 3 [ ] STREAM CONNECTED 17934
unix 2 [ ] DGRAM 148640
unix 3 [ ] STREAM CONNECTED 17990
unix 3 [ ] STREAM CONNECTED 17132 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 17935
unix 2 [ ] DGRAM 16435
unix 3 [ ] STREAM CONNECTED 14491
unix 3 [ ] STREAM CONNECTED 17992
unix 3 [ ] STREAM CONNECTED 15214 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 17993
unix 3 [ ] STREAM CONNECTED 17931
unix 3 [ ] STREAM CONNECTED 17995
-t 仅查看tcp相关的进程
[root@hyc-01-01 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 854/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 957/master
tcp6 0 0 :::22 :::* LISTEN 854/sshd
tcp6 0 0 ::1:25 :::* LISTEN 957/master
-u 仅查看tcp和udp相关的进程
[root@hyc-01-01 ~]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 854/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 957/master
tcp6 0 0 :::22 :::* LISTEN 854/sshd
tcp6 0 0 ::1:25 :::* LISTEN 957/master
udp 0 0 127.0.0.1:323 0.0.0.0:* 510/chronyd
udp6 0 0 ::1:323 :::* 510/chronyd
tcp三次握手
tcp四次挥手
查看tcp各种状态下的连接数
[root@hyc-01-01 ~]# netstat -an|awk '/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}'
LISTEN 4
ESTABLISHED 1 某一时刻真正与服务器通信的连接数即并发连接数
ss
-an 显示tcp/ip的状态
[root@hyc-01-01 ~]# ss -an
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 0:0 *
nl UNCONN 0 0 0:1191182888 *
nl UNCONN 0 0 0:1191182888 *
nl UNCONN 4352 0 4:6995 *
nl UNCONN 768 0 4:0 *
nl UNCONN 0 0 6:0 *
nl UNCONN 0 0 7:0 *
nl UNCONN 0 0 7:494 *
nl UNCONN 0 0 7:1 *
nl UNCONN 0 0 7:494 *
nl UNCONN 0 0 7:1 *
nl UNCONN 0 0 9:469 *
nl UNCONN 0 0 9:1 *
nl UNCONN 0 0 9:0 *
nl UNCONN 0 0 10:0 *
nl UNCONN 0 0 11:0 *
nl UNCONN 0 0 12:0 *
nl UNCONN 0 0 15:852 *
nl UNCONN 0 0 15:-4119 *
nl UNCONN 0 0 15:378 *
nl UNCONN 0 0 15:0 *
nl UNCONN 0 0 15:1 *
nl UNCONN 0 0 15:-4107 *
nl UNCONN 0 0 15:-4120 *
nl UNCONN 0 0 15:552 *
nl UNCONN 0 0 15:-4118 *
nl UNCONN 0 0 15:-4117 *
nl UNCONN 0 0 15:500 *
nl UNCONN 0 0 15:852 *
nl UNCONN 0 0 15:-4120 *
nl UNCONN 0 0 15:552 *
nl UNCONN 0 0 15:-4119 *
nl UNCONN 0 0 15:-4118 *
nl UNCONN 0 0 15:-4117 *
nl UNCONN 0 0 15:500 *
nl UNCONN 0 0 15:-4107 *
nl UNCONN 0 0 15:1 *
nl UNCONN 0 0 16:0 *
nl UNCONN 0 0 18:0 *
u_str LISTEN 0 100 public/qmgr 17933 * 0
u_str LISTEN 0 100 public/showq 17970 * 0
u_str LISTEN 0 100 public/flush 17955 * 0
u_str LISTEN 0 128 /var/run/dbus/system_bus_socket 14084 * 0
u_str LISTEN 0 128 /run/systemd/private 11806 * 0
u_str LISTEN 0 100 private/tlsmgr 17937 * 0
u_str LISTEN 0 100 private/rewrite 17940 * 0
u_str LISTEN 0 100 private/bounce 17943 * 0
u_str LISTEN 0 100 private/defer 17946 * 0
u_str LISTEN 0 100 private/trace 17949 * 0
u_str LISTEN 0 100 private/verify 17952 * 0
u_str LISTEN 0 100 private/proxymap 17958 * 0
u_str LISTEN 0 100 private/proxywrite 17961 * 0
u_str LISTEN 0 100 private/smtp 17964 * 0
u_str LISTEN 0 100 private/relay 17967 * 0
u_str LISTEN 0 100 private/error 17973 * 0
u_str LISTEN 0 100 private/retry 17976 * 0
u_str LISTEN 0 32 /var/run/vmware/guestServicePipe 15168 * 0
u_str LISTEN 0 100 private/discard 17979 * 0
u_str LISTEN 0 100 private/local 17982 * 0
u_str LISTEN 0 100 private/virtual 17985 * 0
u_str LISTEN 0 100 private/lmtp 17988 * 0
u_str LISTEN 0 100 private/anvil 17991 * 0
u_str LISTEN 0 100 private/scache 17994 * 0
u_dgr UNCONN 0 0 /run/systemd/shutdownd 11850 * 0
u_seq LISTEN 0 128 /run/udev/control 11852 * 0
u_dgr UNCONN 0 0 /var/run/chrony/chronyd.sock 14727 * 0
u_str LISTEN 0 100 public/pickup 17926 * 0
u_str LISTEN 0 100 public/cleanup 17930 * 0
u_dgr UNCONN 0 0 /run/systemd/notify 7645 * 0
u_dgr UNCONN 0 0 /run/systemd/cgroups-agent 7647 * 0
u_str LISTEN 0 128 /run/systemd/journal/stdout 7655 * 0
u_dgr UNCONN 0 0 /run/systemd/journal/socket 7658 * 0
u_dgr UNCONN 0 0 /dev/log 7660 * 0
u_str ESTAB 0 0 * 17983 * 17984
u_dgr UNCONN 0 0 * 17899 * 7660
u_str ESTAB 0 0 * 17981 * 17980
u_str ESTAB 0 0 * 17928 * 17927
u_str ESTAB 0 0 * 17980 * 17981
u_str ESTAB 0 0 * 13941 * 13942
u_str ESTAB 0 0 * 17987 * 17986
u_str ESTAB 0 0 * 13942 * 13941
u_str ESTAB 0 0 * 17986 * 17987
u_str ESTAB 0 0 * 14399 * 14400
u_dgr UNCONN 0 0 * 13932 * 7660
u_str ESTAB 0 0 * 17984 * 17983
u_str ESTAB 0 0 * 17975 * 17974
u_dgr UNCONN 0 0 * 14647 * 7658
u_str ESTAB 0 0 * 17974 * 17975
u_dgr UNCONN 0 0 * 15077 * 7660
u_dgr UNCONN 0 768 * 12674 * 12673
u_str ESTAB 0 0 * 14981 * 14982
u_dgr UNCONN 0 0 * 14814 * 0
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 14266 * 14117
u_str ESTAB 0 0 * 17978 * 17977
u_str ESTAB 0 0 /run/systemd/journal/stdout 14982 * 14981
u_str ESTAB 0 0 * 17927 * 17928
u_str ESTAB 0 0 * 17977 * 17978
u_dgr UNCONN 0 0 * 12633 * 7658
u_str ESTAB 0 0 * 15318 * 15319
u_str ESTAB 0 0 * 17968 * 17969
u_str ESTAB 0 0 * 14239 * 14240
u_str ESTAB 0 0 /run/systemd/journal/stdout 14400 * 14399
u_str ESTAB 0 0 * 17966 * 17965
u_str ESTAB 0 0 /run/systemd/journal/stdout 17255 * 17254
u_str ESTAB 0 0 * 17965 * 17966
u_str ESTAB 0 0 /run/systemd/journal/stdout 14442 * 14441
u_str ESTAB 0 0 * 17972 * 17971
u_dgr UNCONN 8 0 * 12673 * 12674
u_str ESTAB 0 0 * 17956 * 17957
u_str ESTAB 0 0 * 14264 * 14265
u_str ESTAB 0 0 * 17971 * 17972
u_str ESTAB 0 0 /run/systemd/journal/stdout 14240 * 14239
u_str ESTAB 0 0 * 12630 * 12631
u_str ESTAB 0 0 * 14265 * 14264
u_str ESTAB 0 0 * 17969 * 17968
u_str ESTAB 0 0 * 17960 * 17959
u_str ESTAB 0 0 * 17570 * 17571
u_str ESTAB 0 0 * 17959 * 17960
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 17571 * 17570
u_str ESTAB 0 0 * 17957 * 17956
u_str ESTAB 0 0 * 17254 * 17255
u_str ESTAB 0 0 * 17963 * 17962
u_str ESTAB 0 0 * 14117 * 14266
u_str ESTAB 0 0 * 17962 * 17963
u_str ESTAB 0 0 * 14441 * 14442
u_str ESTAB 0 0 /run/systemd/journal/stdout 12631 * 12630
u_str ESTAB 0 0 * 17951 * 17950
u_dgr UNCONN 0 0 * 15087 * 7660
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 15459 * 15458
u_str ESTAB 0 0 * 17953 * 17954
u_str ESTAB 0 0 * 17954 * 17953
u_str ESTAB 0 0 * 17947 * 17948
u_str ESTAB 0 0 * 17924 * 17925
u_str ESTAB 0 0 * 17948 * 17947
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 15319 * 15318
u_str ESTAB 0 0 * 17950 * 17951
u_str ESTAB 0 0 * 15458 * 15459
u_str ESTAB 0 0 * 15213 * 15214
u_str ESTAB 0 0 * 17944 * 17945
u_str ESTAB 0 0 * 17925 * 17924
u_str ESTAB 0 0 * 17945 * 17944
u_dgr UNCONN 0 0 * 148535 * 7660
u_str ESTAB 0 0 * 17131 * 17132
u_dgr UNCONN 0 0 * 15023 * 7660
u_str ESTAB 0 0 * 17939 * 17938
u_dgr UNCONN 0 0 * 126087 * 7658
u_str ESTAB 0 0 * 17941 * 17942
u_str ESTAB 0 0 * 14658 * 14659
u_dgr UNCONN 0 0 * 15296 * 7660
u_str ESTAB 0 0 * 17942 * 17941
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 14659 * 14658
u_dgr UNCONN 0 0 * 18097 * 7660
u_str ESTAB 0 0 * 17996 * 17995
u_str ESTAB 0 0 * 17938 * 17939
u_str ESTAB 0 0 * 14644 * 14645
u_str ESTAB 0 0 /run/systemd/journal/stdout 15269 * 15268
u_dgr UNCONN 0 0 * 14666 * 7660
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 14645 * 14644
u_str ESTAB 0 0 * 15268 * 15269
u_str ESTAB 0 0 * 17932 * 17931
u_str ESTAB 0 0 /run/systemd/journal/stdout 14492 * 14491
u_str ESTAB 0 0 * 17989 * 17990
u_dgr UNCONN 0 0 * 15346 * 7660
u_str ESTAB 0 0 * 17934 * 17935
u_dgr UNCONN 0 0 * 148640 * 7660
u_str ESTAB 0 0 * 17990 * 17989
u_str ESTAB 0 0 /run/systemd/journal/stdout 17132 * 17131
u_str ESTAB 0 0 * 17935 * 17934
u_dgr UNCONN 0 0 * 16435 * 7660
u_str ESTAB 0 0 * 14491 * 14492
u_str ESTAB 0 0 * 17992 * 17993
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 15214 * 15213
u_str ESTAB 0 0 * 17993 * 17992
u_str ESTAB 0 0 * 17931 * 17932
u_str ESTAB 0 0 * 17995 * 17996
udp UNCONN 0 0 :::58 :::*
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 ::1:323 :::*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp ESTAB 0 0 192.168.31.129:22 192.168.31.1:53766
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 100 ::1:25 :::*
[root@hyc-01-01 ~]# ss -an|grep -i listen 查看listen状态下的tcp/ip连接
u_str LISTEN 0 100 public/qmgr 17933 * 0
u_str LISTEN 0 100 public/showq 17970 * 0
u_str LISTEN 0 100 public/flush 17955 * 0
u_str LISTEN 0 128 /var/run/dbus/system_bus_socket 14084 * 0
u_str LISTEN 0 128 /run/systemd/private 11806 * 0
u_str LISTEN 0 100 private/tlsmgr 17937 * 0
u_str LISTEN 0 100 private/rewrite 17940 * 0
u_str LISTEN 0 100 private/bounce 17943 * 0
u_str LISTEN 0 100 private/defer 17946 * 0
u_str LISTEN 0 100 private/trace 17949 * 0
u_str LISTEN 0 100 private/verify 17952 * 0
u_str LISTEN 0 100 private/proxymap 17958 * 0
u_str LISTEN 0 100 private/proxywrite 17961 * 0
u_str LISTEN 0 100 private/smtp 17964 * 0
u_str LISTEN 0 100 private/relay 17967 * 0
u_str LISTEN 0 100 private/error 17973 * 0
u_str LISTEN 0 100 private/retry 17976 * 0
u_str LISTEN 0 32 /var/run/vmware/guestServicePipe 15168 * 0
u_str LISTEN 0 100 private/discard 17979 * 0
u_str LISTEN 0 100 private/local 17982 * 0
u_str LISTEN 0 100 private/virtual 17985 * 0
u_str LISTEN 0 100 private/lmtp 17988 * 0
u_str LISTEN 0 100 private/anvil 17991 * 0
u_str LISTEN 0 100 private/scache 17994 * 0
u_seq LISTEN 0 128 /run/udev/control 11852 * 0
u_str LISTEN 0 100 public/pickup 17926 * 0
u_str LISTEN 0 100 public/cleanup 17930 * 0
u_str LISTEN 0 128 /run/systemd/journal/stdout 7655 * 0
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 100 ::1:25 :::*
ss命令无法显示进程名,netstat可以实现
10.10 linux下抓包
Tcpdump
Linux下的抓包工具
[root@hyc-01-01 ~]# yum install -y tcpdump 安装tcpdump
-I 指定网卡名称
[root@hyc-01-01 ~]# tcpdump -nn -i ens33
…
06:58:17.799865 IP 192.168.31.129.22 > 192.168.31.1.49459: Flags [P.], seq 3931236:3931400, ack 573, win 308, length 164
流量从31.129的22端口到31.1的49459端口
…
-nn:第一个n表示显示ip地址(默认显示主机名),第二个n表示显示端口号(不加显示服务名称)
length:表示数据包的长度
port 抓取指定网卡指定端口的流量
[root@hyc-01-01 ~]#tcpdump -nn -i ens33 port 22
[root@hyc-01-01 ~]# tcpdump -nn -i ens33 not port 22 指定抓取除22端口外的流量
[root@hyc-01-01 ~]# tcpdump -nn -i ens33 port 80 and host 192.168.31.1 指定源目ip(匹配源地址或目的地址)
-c 指定一定数量的包
[root@hyc-01-01 ~]# tcpdump -nn -i ens33 -c 100 抓取100个包
-w 保存抓包信息
[root@hyc-01-01 ~]# tcpdump -nn -i ens33 -c 100 -w /tmp/1.cap 指定保存信息的文件名和路径
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
100 packets captured
100 packets received by filter
0 packets dropped by kernel
[root@hyc-01-01 ~]# file /tmp/1.cap查看.cap文件属性信息
/tmp/1.cap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 262144)
1.cap不是一个可以cat的文本文件;
抓获的数据包中包含数据包的源目ip以及相关数据(如音频、视频数据)等信息;
-w写入的文件包含数据流向信息和抓获数据包的所有内容;
-r 查看1.cap中的数据流向信息
[root@hyc-01-01 ~]# tcpdump -r /tmp/1.cap 显示抓包时屏幕上显示的信息
tshark
[root@hyc-01-01 ~]# yum install -y wireshark 安装tshark相关工具
查看指定网卡80端口的web访问情况
[root@hyc-01-01 ~]# tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
Running as user "root" and group "root". This could be dangerous.
Capturing on 'nflog'
类似web访问日志,显示访问时间、ip、访问的域名、访问的链接等信息;
可以清楚的看到访问网站的ip、访问时间、访问的链接