10.1 使用w查看系统负载
10.2 vmstat命令
10.3 top命令
10.4 sar命令
10.5 nload命令
10.6 监控io性能
10.7 free命令
10.8 ps命令
10.9 查看网络状态
10.10 linux下抓包
10.11 Linux网络相关
扩展
tcp三次握手四次挥手(重点) http://www.doc88.com/p-9913773324388.html
tshark几个用法:http://www.aminglinux.com/bbs/thread-995-1-1.html
[root@linux-01 ceshi]# w
22:32:05 up 10 days, , 2 users, load average: 0.08, 0.03, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.141.1 06:33 5.00s 0.41s 0.00s w
root pts/2 192.168.141.1 一17 15:56m 4.20s 4.20s -bash
状态 | 含义 |
---|---|
22:32:05 | 时间 |
up 10 days,21:03 | 系统运行时间 |
2 users | 系统登录的用户数量 |
load average: 0.08, 0.03, 0.05 | 平均负载:单位时间段内cpu的活动进程数,0.08代表是1分钟内的平均负载值,0.03是5分钟内的平均负载值,0.05是15分钟内的平均负载值;值越大,代表服务器的压力越大,一般情况下,这个值只要不超过服务器的cpu数量就没关系。 |
USER | 登录的用户 |
TTY | 登录终端 |
FROM | 远程主机名 |
LOGIN@ | 登录时间 |
IDLE | 空闲了多长时间 |
JCPU | 和该终端连接所有进程所占用的时间 |
PCPU | 当前进程所占用时间 |
WHAT | 当前正在执行的命令 |
扩展:上面的表格中提交到了一个cpu数量,那cpu数量是什么呢?linux系统中如何查看cpu的数量呢?
方法一:使用cat命令查看/proc/cpuinfo;再列出的信息当中我可以需要查看两个关键词,processor、physical id 。processor代表本机的cpu核数,如果是2,代表是4核cpu。physical id 是查看本机有几颗物理cpu。
方法二:使用lscpu查看cpu信息。
## 查看服务器有几个cpu的方法;cat /proc/cpuinfo ##
[root@linux-01 ceshi]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 61
model name : Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
stepping : 4
microcode : 0x1f
cpu MHz : 2294.709
cache size : 3072 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 20
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 invpcid rtm rdseed adx smap xsaveopt arat
bogomips : 4589.41
clflush size : 64
cache_alignment : 64
address sizes : 43 bits physical, 48 bits virtual
power management:
[root@linux-01 ceshi]#
## lscpu 也可以查看cpu信息 ##
[root@linux-01 ceshi]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
座: 1
NUMA 节点: 1
厂商 ID: GenuineIntel
CPU 系列: 6
型号: 61
型号名称: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
步进: 4
CPU MHz: 2294.709
BogoMIPS: 4589.41
超管理器厂商: VMware
虚拟化类型: 完全
L1d 缓存: 32K
L1i 缓存: 32K
L2 缓存: 256K
L3 缓存: 3072K
NUMA 节点0 CPU: 0
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 invpcid rtm rdseed adx smap xsaveopt arat
[root@linux-01 ceshi]#
## uptime显示的信息是 w信息的第一行 ##
[root@linux-01 ceshi]# uptime
22:32:09 up 10 days, 21:03, 2 users, load average: 0.08, 0.03, 0.05
[root@linux-01 ceshi]#
命令w可以查看系统的负载信息,但是无法判断系统具体是哪儿有压力,所以就用到了vmstat命令,vmstat命令显示的结果主要有6部分:procs、memory、swap、io、system、cpu。具体显示结果如下:
[root@linux-01 ceshi]# vmstat
procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
r b swpd free buff cache si so bi bo in cs us sy id wa st
2 0 0 1514544 2200 192848 0 0 0 0 23 36 0 0 100 0 0
[root@linux-01 ceshi]#
类别 | 项目 | 含义 |
---|---|---|
procs显示进程的相关信息 | r | run:表示运行或等待cpu时间片的进程数。 |
b | block:表示等待资源的进程数,这个资源指的是I/O、内存等 | |
memory显示内存的相关信息 | swpd | 表示切换到交换分区中的内存数量,单位是KB。 |
free | 表示单前空闲的内存数量,单位是KB。 | |
buff | 表示(即将写入磁盘的)缓存大小,单位是KB。 | |
cache | 表示(从磁盘中读取的)缓存大小,单位是KB。 | |
swap显示内存的交换情况 | si | 表示由交换分区写入内存的数据量,单位是KB。 |
so | 表示由内存写入交换分区的数据量,单位是KB。 | |
io显示硬盘的使用情况 | bi | 表示从块设备读取数据的量(读磁盘),单位是KB。 |
bo | 表示从块设备写入数据的量(写磁盘),单位是KB。 | |
system显示采集间隔内发生的中断次数 | in | 表示在某一时间间隔内观测到的每秒设备的中断次数 |
cs | 表示每秒产生的上下文切换次数 | |
cpu显示cpu的使用状态 | us | 显示用户下所花费cpu的时间百分比 |
sy | 显示系统花费cpu的时间百分比 | |
id | 表示cpu处理空闲状态的百分比 | |
wa | 表示I/O等待所占用cpu的时间百分比 | |
st | 表示被偷走的cpu所占百分比(一般为0,不用关注) |
## 通常使用如下形式查看系统状态 ##
[root@linux-01 ceshi]# vmstat 1 5
procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
r b swpd free buff cache si so bi bo in cs us sy id wa st
1 0 0 1514132 2200 192952 0 0 0 0 23 36 0 0 100 0 0
0 0 0 1514132 2200 192952 0 0 0 0 23 35 0 0 100 0 0
1 0 0 1514132 2200 192952 0 0 0 0 24 34 0 0 100 0 0
0 0 0 1514132 2200 192952 0 0 0 0 23 37 0 0 100 0 0
1 0 0 1514132 2200 192952 0 0 0 0 28 37 0 0 100 0 0
vmstat 1 5 表示vmstat 每隔1秒显示一次,共输出5次。
命令w可以查看系统的负载信息,vmstat可以查看系统的信息,如果查看系统某个进程占用cpu率很高,这就涉及到top命令,top命令可以显示出当前系统的进程使用cpu的情况,具体如下。
[root@linux-01 ceshi]# top
top - 02:26:23 up 11 days, 57 min, 2 users, load average: 0.02, 0.03, 0.05
Tasks: 100 total, 1 running, 99 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 0.3 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 1864248 total, 1513388 free, 155220 used, 195640 buff/cache
KiB Swap: 4194300 total, 4194300 free, 0 used. 1512100 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
6321 root 20 0 227204 6464 5104 S 0.7 0.3 63:01.43 vmtoolsd
17415 root 20 0 0 0 0 S 0.7 0.0 0:38.05 kworker/0:3
1 root 20 0 128004 6548 4136 S 0.0 0.4 0:09.28 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.11 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:45.82 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
7 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
9 root 20 0 0 0 0 S 0.0 0.0 0:35.09 rcu_sched
10 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 lru-add-drain
11 root rt 0 0 0 0 S 0.0 0.0 0:20.79 watchdog/0
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kdevtmpfs
14 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 netns
15 root 20 0 0 0 0 S 0.0 0.0 0:00.58 khungtaskd
16 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 writeback
17 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
18 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
19 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
20 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
21 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kblockd
22 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 md
top命令的第一行和w命令的第一行所显示的内容一样,top命令用于动态监控进程所占用的系统资源,每隔3秒刷新一次。上面top打印出了很多信息,我们需要重点关注的是%CPU 、%MEM 和COMMAND这几项,RES这一项是进程占用系统内存的大小,%MEM为使用内存的百分比。在top状态下,按“M”可以按照内存使用大小排序,按“1”可以列出所有核cpu的使用情况,按“q”可以退出top。
## top -c 可以吧进程的路径显示出来 ##
[readonly@wxbManager ~]$ top -c
top - 20:07:48 up 526 days, 23:35, 1 user, load average: 0.02, 0.01, 0.00
Tasks: 112 total, 1 running, 111 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.5%us, 0.5%sy, 0.0%ni, 99.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 8189864k total, 6244516k used, 1945348k free, 384744k buffers
Swap: 0k total, 0k used, 0k free, 2419092k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
9273 root 20 0 79108 2128 1220 S 0.3 0.0 132:26.23 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]
28986 10beiMan 20 0 6888m 2.8g 15m S 0.3 36.2 411:52.18 /usr/java/jdk1.8.0_181/bin/java -Djava.util.logging.config.file=/home/10beiManager/tomcat/conf/logging.properties -Djava.util.l
1 root 20 0 19340 1116 816 S 0.0 0.0 0:47.48 /sbin/init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 [kthreadd]
3 root RT 0 0 0 0 S 0.0 0.0 2:06.37 [migration/0]
4 root 20 0 0 0 0 S 0.0 0.0 4:04.32 [ksoftirqd/0]
5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 [stopper/0]
6 root RT 0 0 0 0 S 0.0 0.0 0:58.78 [watchdog/0]
7 root RT 0 0 0 0 S 0.0 0.0 2:58.54 [migration/1]
8 root RT 0 0 0 0 S 0.0 0.0 0:00.00 [stopper/1]
9 root 20 0 0 0 0 S 0.0 0.0 5:45.23 [ksoftirqd/1]
10 root RT 0 0 0 0 S 0.0 0.0 0:52.23 [watchdog/1]
11 root 20 0 0 0 0 S 0.0 0.0 30:35.79 [events/0]
12 root 20 0 0 0 0 S 0.0 0.0 139:35.07 [events/1]
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [events/0]
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [events/1]
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [events_long/0]
16 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [events_long/1]
17 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [events_power_ef]
18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [events_power_ef]
19 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [cgroup]
20 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [khelper]
21 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [netns]
22 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [async/mgr]
23 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [pm]
24 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [xenwatch]
## top -bn1 可以吧进程信息一次性输出来,并非动态信息,多用于脚本 ##
[root@linux-01 ceshi]# top -bn1
top - 02:37:01 up 11 days, 1:08, 2 users, load average: 0.00, 0.01, 0.05
Tasks: 100 total, 1 running, 99 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 1864248 total, 1513364 free, 155252 used, 195632 buff/cache
KiB Swap: 4194300 total, 4194300 free, 0 used. 1512080 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 128004 6548 4136 S 0.0 0.4 0:09.28 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.11 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:45.86 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
7 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
9 root 20 0 0 0 0 S 0.0 0.0 0:35.12 rcu_sched
10 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 lru-add-drain
11 root rt 0 0 0 0 S 0.0 0.0 0:20.80 watchdog/0
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kdevtmpfs
14 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 netns
15 root 20 0 0 0 0 S 0.0 0.0 0:00.58 khungtaskd
16 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 writeback
17 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
18 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
19 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
20 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
21 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kblockd
22 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 md
23 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 edac-poller
24 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 watchdogd
30 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0
31 root 25 5 0 0 0 S 0.0 0.0 0:00.00 ksmd
32 root 39 19 0 0 0 S 0.0 0.0 0:07.99 khugepaged
33 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 crypto
41 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kthrotld
43 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kmpath_rdacd
44 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kaluad
45 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kpsmoused
47 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ipv6_addrconf
60 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 deferwq
91 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kauditd
1644 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 nfit
1666 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 mpt_poll_0
1670 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 mpt/0
1671 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ata_sff
1716 root 20 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_0
1722 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 scsi_tmf_0
1747 root 20 0 0 0 0 S 0.0 0.0 0:00.01 scsi_eh_1
1748 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 scsi_tmf_1
1750 root 20 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_2
1757 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 scsi_tmf_2
1899 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ttm_swap
1901 root -51 0 0 0 0 S 0.0 0.0 0:00.00 irq/16-vmwgfx
2900 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
2905 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfsalloc
2910 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs_mru_cache
2913 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-buf/sda3
2916 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-data/sda3
2919 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-conv/sda3
2920 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-cil/sda3
2921 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-reclaim/sda
2922 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-log/sda3
2923 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-eofblocks/s
2924 root 20 0 0 0 0 S 0.0 0.0 0:14.38 xfsaild/sda3
2925 root 0 -20 0 0 0 S 0.0 0.0 0:08.96 kworker/0:1H
2992 root 20 0 39076 4472 4144 S 0.0 0.2 0:02.26 systemd-journal
3009 root 20 0 340348 8048 2620 S 0.0 0.4 0:00.01 lvmetad
3027 root 20 0 48208 5700 2864 S 0.0 0.3 0:00.73 systemd-udevd
4848 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kdmflush
4854 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
4861 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-buf/sda1
4863 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-data/sda1
4867 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-conv/sda1
4868 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-cil/sda1
4873 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-reclaim/sda
4878 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-log/sda1
4879 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-eofblocks/s
4882 root 20 0 0 0 0 S 0.0 0.0 0:00.00 xfsaild/sda1
4966 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/u257:0
4973 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 hci0
4975 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 hci0
4980 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/u257:2
6161 root 16 -4 62044 1080 496 S 0.0 0.1 0:02.77 auditd
6309 root 20 0 26376 1752 1440 S 0.0 0.1 0:02.92 systemd-logind
6312 polkitd 20 0 613000 11908 4920 S 0.0 0.6 0:00.48 polkitd
6319 root 20 0 99572 6112 4504 S 0.0 0.3 0:00.07 VGAuthService
6321 root 20 0 227204 6464 5104 S 0.0 0.3 63:03.15 vmtoolsd
6325 dbus 20 0 66460 2584 1896 S 0.0 0.1 0:02.08 dbus-daemon
6417 root 20 0 126280 1692 1068 S 0.0 0.1 0:03.74 crond
6456 root 20 0 110092 860 728 S 0.0 0.0 0:00.01 agetty
6465 root 20 0 358512 29324 7184 S 0.0 1.6 0:01.21 firewalld
6519 root 20 0 473892 8616 6648 S 0.0 0.5 0:30.74 NetworkManager
6965 root 20 0 573820 17112 6036 S 0.0 0.9 3:29.09 tuned
6967 root 20 0 112756 4352 3328 S 0.0 0.2 0:00.07 sshd
6968 root 20 0 220612 7824 4444 S 0.0 0.4 2:05.77 rsyslogd
7260 root 20 0 89544 2180 1148 S 0.0 0.1 0:07.78 master
7266 postfix 20 0 89716 4092 3088 S 0.0 0.2 0:01.19 qmgr
12649 root 20 0 158760 5588 4240 S 0.0 0.3 0:11.17 sshd
12653 root 20 0 116212 3088 1844 S 0.0 0.2 0:04.20 bash
14479 root 20 0 0 0 0 S 0.0 0.0 0:02.59 kworker/u256:2
16324 root 20 0 0 0 0 S 0.0 0.0 0:02.04 kworker/u256:0
16555 root 20 0 158760 5608 4256 S 0.0 0.3 0:01.57 sshd
16559 root 20 0 116228 2996 1792 S 0.0 0.2 0:00.48 bash
17415 root 20 0 0 0 0 S 0.0 0.0 0:40.42 kworker/0:3
17426 postfix 20 0 89648 4068 3068 S 0.0 0.2 0:00.02 pickup
17474 root 20 0 123260 780 552 S 0.0 0.0 0:00.00 anacron
17491 root 20 0 0 0 0 S 0.0 0.0 0:00.02 kworker/0:1
17492 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kworker/0:0
17500 root 20 0 161880 2108 1548 R 0.0 0.1 0:00.04 top
[root@linux-01 ceshi]#
## 安装sar 命令 ##
[root@linux-01 ceshi]# yum install -y sysstat
已加载插件:fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Determining fastest mirrors
epel/x86_64/metalink | 4.7 kB 00:00:00
* base: mirrors.163.com
* epel: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.cn99.com
* updates: mirrors.nju.edu.cn
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/4): epel/x86_64/updateinfo | 986 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 187 kB 00:00:00
(3/4): epel/x86_64/primary_db | 6.7 MB 00:00:02
(4/4): updates/7/x86_64/primary_db | 3.4 MB 00:00:02
正在解决依赖关系
--> 正在检查事务
---> 软件包 sysstat.x86_64.0.10.1.5-17.el7 将被 安装
--> 正在处理依赖关系 libsensors.so.4()(64bit),它被软件包 sysstat-10.1.5-17.el7.x86_64 需要
--> 正在检查事务
---> 软件包 lm_sensors-libs.x86_64.0.3.4.0-6.20160601gitf9185e5.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
=========================================================================================================================================
Package 架构 版本 源 大小
=========================================================================================================================================
正在安装:
sysstat x86_64 10.1.5-17.el7 base 315 k
为依赖而安装:
lm_sensors-libs x86_64 3.4.0-6.20160601gitf9185e5.el7 base 42 k
事务概要
=========================================================================================================================================
安装 1 软件包 (+1 依赖软件包)
总下载量:356 k
安装大小:1.2 M
Downloading packages:
(1/2): lm_sensors-libs-3.4.0-6.20160601gitf9185e5.el7.x86_64.rpm | 42 kB 00:00:00
(2/2): sysstat-10.1.5-17.el7.x86_64.rpm | 315 kB 00:00:01
-----------------------------------------------------------------------------------------------------------------------------------------
总计 265 kB/s | 356 kB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : lm_sensors-libs-3.4.0-6.20160601gitf9185e5.el7.x86_64 1/2
正在安装 : sysstat-10.1.5-17.el7.x86_64 2/2
验证中 : lm_sensors-libs-3.4.0-6.20160601gitf9185e5.el7.x86_64 1/2
验证中 : sysstat-10.1.5-17.el7.x86_64 2/2
已安装:
sysstat.x86_64 0:10.1.5-17.el7
作为依赖被安装:
lm_sensors-libs.x86_64 0:3.4.0-6.20160601gitf9185e5.el7
完毕!
[root@linux-01 ceshi]#
## sar命令安装好后,发现会报错,其实是因为sar没有历史记录导致的报错,不影响,可以加参数既可使用。 ##
[root@linux-01 ceshi]# sar
无法打开 /var/log/sa/sa13: 没有那个文件或目录
每列信息 | 含义 |
---|---|
08:40:30 PM | 时间 |
IFACE | 网卡设备名称 |
rxpck/s | 每秒钟接受的数据包 |
txpck/s | 每秒钟发送的数据库 |
rxkB/s | 每秒钟接受的数据包大小,单位为KB |
txkB/s | 每秒钟发送的数据包大小,单位为KB |
rxcmp/s | 每秒钟接受的压缩数据包 |
txcmp/s | 每秒钟发送的压缩包 |
rxmcst/s | 每秒钟接收的多播数据包 |
sa17是二进制文件,我们无法使用cat查看;
sar17文件可以使用cat查看。
[root@linux-01 ceshi]# yum install -y nload
已加载插件:fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.cn99.com
* updates: mirrors.nju.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 nload.x86_64.0.0.7.4-4.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
=========================================================================================================================================
Package 架构 版本 源 大小
=========================================================================================================================================
正在安装:
nload x86_64 0.7.4-4.el7 epel 70 k
事务概要
=========================================================================================================================================
安装 1 软件包
总下载量:70 k
安装大小:176 k
Downloading packages:
警告:/var/cache/yum/x86_64/7/epel/packages/nload-0.7.4-4.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 352c64e5: NOKEY00:00:00 ETA
nload-0.7.4-4.el7.x86_64.rpm 的公钥尚未安装
nload-0.7.4-4.el7.x86_64.rpm | 70 kB 00:00:01
从 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 检索密钥
导入 GPG key 0x352C64E5:
用户ID : "Fedora EPEL (7) "
指纹 : 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
软件包 : epel-release-7-11.noarch (@extras)
来自 : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : nload-0.7.4-4.el7.x86_64 1/1
验证中 : nload-0.7.4-4.el7.x86_64 1/1
已安装:
nload.x86_64 0:0.7.4-4.el7
完毕!
[root@linux-01 ceshi]#
在使用nload命令时,我们需要注意的是curr哪行的数据,incoming为进入网卡的流量,outgoing为网卡出去的流量。
[root@linux-01 ceshi]# nload
Device ens33 [192.168.141.128] (1/2):
=========================================================================================================================================
Incoming:
Curr: 872.00 Bit/s
Avg: 960.00 Bit/s
Min: 872.00 Bit/s
Max: 1.73 kBit/s
Ttl: 32.87 MByte
Outgoing:
Curr: 8.15 kBit/s
Avg: 7.73 kBit/s
Min: 3.98 kBit/s
Max: 8.16 kBit/s
Ttl: 6.61 MByte
## 点击向右光标 ##
Device lo [127.0.0.1] (2/2):
=========================================================================================================================================
Incoming:
Curr: 0.00 Bit/s
Avg: 0.00 Bit/s
Min: 0.00 Bit/s
Max: 0.00 Bit/s
Ttl: 0.00 Byte
Outgoing:
Curr: 0.00 Bit/s
Avg: 0.00 Bit/s
Min: 0.00 Bit/s
Max: 0.00 Bit/s
Ttl: 0.00 Byte
## 按q退出 ##
iostat 依赖的软件包是sysstat 和sar命令一样,在安装好sysstat之后,iostat也一样安装上咯。%util是一个很重要的指标,如果io读写不打,%util很大,说明磁盘io严重不足。
iotop命令是系统本身所没有,所以我们需要去安装iotop软件包,iotop命令和top命令相识,也是动态显示。如果磁盘io很高,我们想查看那个进程使用io比较大就需要用到iotop。
[root@linux-01 ceshi]# yum install -y iotop
已加载插件:fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.cn99.com
* updates: mirrors.nju.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 iotop.noarch.0.0.6-4.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
=========================================================================================================================================
Package 架构 版本 源 大小
=========================================================================================================================================
正在安装:
iotop noarch 0.6-4.el7 base 52 k
事务概要
=========================================================================================================================================
安装 1 软件包
总下载量:52 k
安装大小:156 k
Downloading packages:
iotop-0.6-4.el7.noarch.rpm | 52 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : iotop-0.6-4.el7.noarch 1/1
验证中 : iotop-0.6-4.el7.noarch 1/1
已安装:
iotop.noarch 0:0.6-4.el7
完毕!
[root@linux-01 ceshi]#
[root@linux-01 ceshi]# iotop
Total DISK READ : 0.00 B/s | Total DISK WRITE : 0.00 B/s
Actual DISK READ: 0.00 B/s | Actual DISK WRITE: 0.00 B/s
TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND
1 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % systemd --switched-root --system --deserialize 22
2 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kthreadd]
3 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksoftirqd/0]
5 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kworker/0:0H]
7 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [migration/0]
8 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [rcu_bh]
9 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [rcu_sched]
10 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [lru-add-drain]
11 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [watchdog/0]
13 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kdevtmpfs]
14 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [netns]
15 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [khungtaskd]
16 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [writeback]
17 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kintegrityd]
18 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [bioset]
19 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [bioset]
20 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [bioset]
21 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kblockd]
22 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [md]
23 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [edac-poller]
24 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [watchdogd]
6319 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % VGAuthService -s
30 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kswapd0]
31 be/5 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksmd]
32 be/7 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [khugepaged]
centos7系统的free命令显示结果比centos6 更加简洁,大体内容上是一致的。
[root@linux-01 ceshi]# free
total used free shared buff/cache available
Mem: 1864248 154264 1347132 9752 362852 1509080
Swap: 4194300 0 4194300
[root@linux-01 ceshi]#
列 | 含义 |
---|---|
total | 内存总大小 |
used | 真正使用的实际内存大小 |
free | 剩余物理内存大小 |
shared | 共享物理内存大小 |
buff/cache | 数据经过cpu写入磁盘,用的内存是buffer,数据经过磁盘交给cpu做运算处理,用的内存是cache |
available | 系统可使用内存有多大,它包含了free,还有没有被占用的buff+cache |
[readonly@wxbManager ~]$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 19340 1116 ? Ss 2017 0:47 /sbin/init
root 2 0.0 0.0 0 0 ? S 2017 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 2017 2:06 [migration/0]
root 4 0.0 0.0 0 0 ? S 2017 4:04 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S 2017 0:00 [stopper/0]
root 6 0.0 0.0 0 0 ? S 2017 0:58 [watchdog/0]
root 7 0.0 0.0 0 0 ? S 2017 2:58 [migration/1]
root 8 0.0 0.0 0 0 ? S 2017 0:00 [stopper/1]
root 9 0.0 0.0 0 0 ? S 2017 5:45 [ksoftirqd/1]
root 10 0.0 0.0 0 0 ? S 2017 0:52 [watchdog/1]
root 11 0.0 0.0 0 0 ? S 2017 30:36 [events/0]
root 12 0.0 0.0 0 0 ? S 2017 139:36 [events/1]
root 13 0.0 0.0 0 0 ? S 2017 0:00 [events/0]
root 14 0.0 0.0 0 0 ? S 2017 0:00 [events/1]
root 15 0.0 0.0 0 0 ? S 2017 0:00 [events_long/0]
root 16 0.0 0.0 0 0 ? S 2017 0:00 [events_long/1]
root 17 0.0 0.0 0 0 ? S 2017 0:00 [events_power_ef]
root 18 0.0 0.0 0 0 ? S 2017 0:00 [events_power_ef]
root 19 0.0 0.0 0 0 ? S 2017 0:00 [cgroup]
root 20 0.0 0.0 0 0 ? S 2017 0:00 [khelper]
root 21 0.0 0.0 0 0 ? S 2017 0:00 [netns]
root 22 0.0 0.0 0 0 ? S 2017 0:00 [async/mgr]
root 23 0.0 0.0 0 0 ? S 2017 0:00 [pm]
root 24 0.0 0.0 0 0 ? S 2017 0:00 [xenwatch]
root 25 0.0 0.0 0 0 ? S 2017 0:00 [xenbus]
root 26 0.0 0.0 0 0 ? S 2017 2:29 [sync_supers]
root 27 0.0 0.0 0 0 ? S 2017 0:02 [bdi-default]
root 28 0.0 0.0 0 0 ? S 2017 0:00 [kintegrityd/0]
root 29 0.0 0.0 0 0 ? S 2017 0:00 [kintegrityd/1]
root 30 0.0 0.0 0 0 ? S 2017 4:36 [kblockd/0]
root 31 0.0 0.0 0 0 ? S 2017 0:02 [kblockd/1]
root 32 0.0 0.0 0 0 ? S 2017 0:00 [kacpid]
root 33 0.0 0.0 0 0 ? S 2017 0:00 [kacpi_notify]
root 34 0.0 0.0 0 0 ? S 2017 0:00 [kacpi_hotplug]
root 35 0.0 0.0 0 0 ? S 2017 0:00 [ata_aux]
root 36 0.0 0.0 0 0 ? S 2017 0:00 [ata_sff/0]
root 37 0.0 0.0 0 0 ? S 2017 0:00 [ata_sff/1]
root 38 0.0 0.0 0 0 ? S 2017 0:00 [ksuspend_usbd]
root 39 0.0 0.0 0 0 ? S 2017 0:00 [khubd]
root 40 0.0 0.0 0 0 ? S 2017 0:00 [kseriod]
root 41 0.0 0.0 0 0 ? S 2017 0:00 [md/0]
root 42 0.0 0.0 0 0 ? S 2017 0:00 [md/1]
root 43 0.0 0.0 0 0 ? S 2017 0:00 [md_misc/0]
root 44 0.0 0.0 0 0 ? S 2017 0:00 [md_misc/1]
root 45 0.0 0.0 0 0 ? S 2017 0:00 [linkwatch]
root 47 0.0 0.0 0 0 ? S 2017 0:15 [khungtaskd]
root 48 0.0 0.0 0 0 ? S 2017 6:07 [kswapd0]
root 49 0.0 0.0 0 0 ? SN 2017 0:00 [ksmd]
root 50 0.0 0.0 0 0 ? SN 2017 2:13 [khugepaged]
root 51 0.0 0.0 0 0 ? S 2017 0:00 [aio/0]
root 52 0.0 0.0 0 0 ? S 2017 0:00 [aio/1]
root 53 0.0 0.0 0 0 ? S 2017 0:00 [crypto/0]
root 54 0.0 0.0 0 0 ? S 2017 0:00 [crypto/1]
root 61 0.0 0.0 0 0 ? S 2017 0:00 [kthrotld/0]
root 62 0.0 0.0 0 0 ? S 2017 0:00 [kthrotld/1]
root 64 0.0 0.0 0 0 ? S 2017 0:00 [kpsmoused]
root 65 0.0 0.0 0 0 ? S 2017 0:00 [usbhid_resumer]
root 66 0.0 0.0 0 0 ? S 2017 0:00 [deferwq]
root 98 0.0 0.0 0 0 ? S 2017 0:00 [kdmremove]
root 99 0.0 0.0 0 0 ? S 2017 0:00 [kstriped]
root 229 0.0 0.0 0 0 ? S 2017 0:00 [scsi_eh_0]
root 230 0.0 0.0 0 0 ? S 2017 0:00 [scsi_eh_1]
root 343 0.0 0.0 0 0 ? S 2017 15:33 [jbd2/xvda1-8]
root 344 0.0 0.0 0 0 ? S 2017 0:00 [ext4-dio-unwrit]
root 440 0.0 0.0 10760 876 ? S
stat进程状态 | 含义 |
---|---|
D | 不能中断的进行(通常为io进程) |
R | 正在运行中的进行,包含瞪大icpu时间片的进程 |
S | 已经中断的进程。通常情况下,系统的大部分进程都是这个状态 |
T | 已经停止或者暂停的进程。 |
W | (内核2.6xx以后不可用)没有足够的内存也分配 |
X | 已经死掉的进程 |
Z | 僵尸进程,既不杀掉,打不死的垃圾进程,占用系统一点资源,不过没有关系,如果占用太多,就需要重视了 |
< | 高优先级进程 |
N | 低优先级进程 |
L | 在内存中被锁了内存分页 |
s | 主进程,后面讲到的nginx服务的时候,很容易理解 |
l | 多线程进程 |
+ | 在前台运行的进程 |
[readonly@wxbManager ~]$ ps aux | grep nginx
root 7331 0.0 0.0 45984 2520 ? Ss 2017 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 9595 0.0 0.3 73268 30672 ? S Feb14 13:01 nginx: worker process
nobody 9596 0.0 0.3 73668 30996 ? S Feb14 12:18 nginx: worker process
readonly 21461 0.0 0.0 103324 848 pts/0 S+ 23:07 0:00 grep nginx
[readonly@wxbManager ~]$
## netstat -lnp 查看监听端口 ##
[root@linux-01 ceshi]# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6967/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7260/master
tcp6 0 0 :::22 :::* LISTEN 6967/sshd
tcp6 0 0 ::1:25 :::* LISTEN 7260/master
raw6 0 0 :::58 :::* 7 6519/NetworkManager
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 39265 7260/master private/trace
unix 2 [ ACC ] STREAM LISTENING 39268 7260/master private/verify
unix 2 [ ACC ] STREAM LISTENING 39277 7260/master private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 39292 7260/master private/retry
unix 2 [ ACC ] STREAM LISTENING 39295 7260/master private/discard
unix 2 [ ACC ] STREAM LISTENING 39298 7260/master private/local
unix 2 [ ACC ] STREAM LISTENING 39301 7260/master private/virtual
unix 2 [ ACC ] STREAM LISTENING 39304 7260/master private/lmtp
unix 2 [ ACC ] STREAM LISTENING 39307 7260/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 39310 7260/master private/scache
unix 2 [ ACC ] SEQPACKET LISTENING 21315 1/systemd /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 39262 7260/master private/defer
unix 2 [ ACC ] STREAM LISTENING 35410 6319/VGAuthService /var/run/vmware/guestServicePipe
unix 2 [ ACC ] STREAM LISTENING 21140 1/systemd /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 39280 7260/master private/smtp
unix 2 [ ACC ] STREAM LISTENING 39283 7260/master private/relay
unix 2 [ ACC ] STREAM LISTENING 39289 7260/master private/error
unix 2 [ ACC ] STREAM LISTENING 39241 7260/master public/pickup
unix 2 [ ACC ] STREAM LISTENING 39245 7260/master public/cleanup
unix 2 [ ACC ] STREAM LISTENING 39249 7260/master public/qmgr
unix 2 [ ACC ] STREAM LISTENING 39271 7260/master public/flush
unix 2 [ ACC ] STREAM LISTENING 39286 7260/master public/showq
unix 2 [ ACC ] STREAM LISTENING 39274 7260/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 39253 7260/master private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 39256 7260/master private/rewrite
unix 2 [ ACC ] STREAM LISTENING 39259 7260/master private/bounce
unix 2 [ ACC ] STREAM LISTENING 21223 1/systemd /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 21226 1/systemd /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 34025 1/systemd /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 8946 1/systemd /run/systemd/journal/stdout
[root@linux-01 ceshi]#
## netstat -an 查看系统的网络连接状态 ##
[root@linux-01 ceshi]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.141.128:22 192.168.141.1:65423 ESTABLISHED
tcp 0 52 192.168.141.128:22 192.168.141.1:60176 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
raw6 0 0 :::58 :::* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 39265 private/trace
unix 2 [ ACC ] STREAM LISTENING 39268 private/verify
unix 2 [ ACC ] STREAM LISTENING 39277 private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 39292 private/retry
unix 2 [ ACC ] STREAM LISTENING 39295 private/discard
unix 2 [ ACC ] STREAM LISTENING 39298 private/local
unix 2 [ ACC ] STREAM LISTENING 39301 private/virtual
unix 2 [ ACC ] STREAM LISTENING 39304 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 39307 private/anvil
unix 2 [ ACC ] STREAM LISTENING 39310 private/scache
unix 2 [ ACC ] SEQPACKET LISTENING 21315 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 39262 private/defer
unix 2 [ ACC ] STREAM LISTENING 35410 /var/run/vmware/guestServicePipe
unix 2 [ ACC ] STREAM LISTENING 21140 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 39280 private/smtp
unix 2 [ ACC ] STREAM LISTENING 39283 private/relay
unix 2 [ ACC ] STREAM LISTENING 39289 private/error
unix 2 [ ACC ] STREAM LISTENING 39241 public/pickup
unix 2 [ ACC ] STREAM LISTENING 39245 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 39249 public/qmgr
unix 2 [ ACC ] STREAM LISTENING 39271 public/flush
unix 2 [ ACC ] STREAM LISTENING 39286 public/showq
unix 2 [ ] DGRAM 21427 /run/systemd/shutdownd
unix 2 [ ACC ] STREAM LISTENING 39274 private/proxymap
unix 3 [ ] DGRAM 8926 /run/systemd/notify
unix 2 [ ] DGRAM 8928 /run/systemd/cgroups-agent
unix 2 [ ACC ] STREAM LISTENING 39253 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 39256 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 39259 private/bounce
unix 2 [ ACC ] STREAM LISTENING 21223 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 21226 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 34025 /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 8946 /run/systemd/journal/stdout
unix 5 [ ] DGRAM 8949 /run/systemd/journal/socket
unix 13 [ ] DGRAM 8951 /dev/log
unix 3 [ ] STREAM CONNECTED 39312
unix 3 [ ] STREAM CONNECTED 34453 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 39311
unix 3 [ ] STREAM CONNECTED 39246
unix 3 [ ] STREAM CONNECTED 39309
unix 3 [ ] STREAM CONNECTED 38165 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 39250
unix 3 [ ] STREAM CONNECTED 39251
unix 3 [ ] STREAM CONNECTED 38164
unix 3 [ ] STREAM CONNECTED 34452
unix 3 [ ] STREAM CONNECTED 39248
unix 3 [ ] STREAM CONNECTED 34711
unix 2 [ ] DGRAM 35686
unix 3 [ ] STREAM CONNECTED 39242
unix 3 [ ] STREAM CONNECTED 36842 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 39303
unix 3 [ ] STREAM CONNECTED 39239
unix 3 [ ] STREAM CONNECTED 36841
unix 3 [ ] STREAM CONNECTED 39302
unix 3 [ ] STREAM CONNECTED 39243
unix 2 [ ] DGRAM 1027790
unix 3 [ ] STREAM CONNECTED 39308
unix 3 [ ] STREAM CONNECTED 34516 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 34941
unix 3 [ ] STREAM CONNECTED 39306
unix 3 [ ] STREAM CONNECTED 39240
unix 3 [ ] STREAM CONNECTED 39267
unix 3 [ ] STREAM CONNECTED 39305
unix 3 [ ] STREAM CONNECTED 34467
unix 3 [ ] STREAM CONNECTED 39257
unix 3 [ ] STREAM CONNECTED 21706
unix 3 [ ] STREAM CONNECTED 34713 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 39258
unix 3 [ ] STREAM CONNECTED 34554
unix 3 [ ] STREAM CONNECTED 21707 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 39255
unix 2 [ ] DGRAM 34788
unix 3 [ ] STREAM CONNECTED 39261
unix 3 [ ] STREAM CONNECTED 34712
unix 3 [ ] STREAM CONNECTED 38295 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 35633
unix 2 [ ] DGRAM 34536
unix 3 [ ] STREAM CONNECTED 39260
unix 3 [ ] STREAM CONNECTED 34718 /run/dbus/system_bus_socket
unix 2 [ ] DGRAM 21422
unix 3 [ ] STREAM CONNECTED 39266
unix 3 [ ] STREAM CONNECTED 34515
unix 3 [ ] STREAM CONNECTED 38294
unix 3 [ ] STREAM CONNECTED 39439
unix 2 [ ] DGRAM 1109850
unix 2 [ ] DGRAM 39330
unix 3 [ ] STREAM CONNECTED 39254
unix 3 [ ] STREAM CONNECTED 35634 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 39608
unix 3 [ ] STREAM CONNECTED 39300
unix 3 [ ] STREAM CONNECTED 39440 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 39299
unix 3 [ ] STREAM CONNECTED 34942 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 39279
unix 3 [ ] STREAM CONNECTED 35709
unix 3 [ ] STREAM CONNECTED 39278
unix 3 [ ] STREAM CONNECTED 39276
unix 3 [ ] STREAM CONNECTED 35569
unix 3 [ ] STREAM CONNECTED 39264
unix 3 [ ] STREAM CONNECTED 39282
unix 3 [ ] STREAM CONNECTED 39281
unix 3 [ ] STREAM CONNECTED 34391 /run/systemd/journal/stdout
unix 3 [ ] DGRAM 22225
unix 3 [ ] STREAM CONNECTED 34158 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 22207
unix 3 [ ] STREAM CONNECTED 39270
unix 2 [ ] DGRAM 35775
unix 3 [ ] DGRAM 22226
unix 3 [ ] STREAM CONNECTED 39269
unix 2 [ ] DGRAM 681719
unix 3 [ ] STREAM CONNECTED 34157
unix 3 [ ] STREAM CONNECTED 34885
unix 3 [ ] STREAM CONNECTED 39275
unix 2 [ ] DGRAM 33504
unix 3 [ ] STREAM CONNECTED 39263
unix 3 [ ] STREAM CONNECTED 39273
unix 3 [ ] STREAM CONNECTED 35570 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 39272
unix 3 [ ] STREAM CONNECTED 33516
unix 3 [ ] STREAM CONNECTED 39294
unix 3 [ ] STREAM CONNECTED 39293
unix 3 [ ] STREAM CONNECTED 34390
unix 3 [ ] STREAM CONNECTED 34886 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 39291
unix 2 [ ] DGRAM 1205914
unix 2 [ ] DGRAM 35332
unix 3 [ ] STREAM CONNECTED 39297
unix 2 [ ] DGRAM 35296
unix 3 [ ] STREAM CONNECTED 22196 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 39296
unix 3 [ ] STREAM CONNECTED 22195
unix 3 [ ] STREAM CONNECTED 39287
unix 3 [ ] STREAM CONNECTED 35710 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 39285
unix 3 [ ] STREAM CONNECTED 33515
unix 3 [ ] STREAM CONNECTED 39284
unix 3 [ ] STREAM CONNECTED 39290
unix 2 [ ] DGRAM 39213
unix 3 [ ] STREAM CONNECTED 39288
[root@linux-01 ceshi]#
## netstat -ltnp 查看tcp的网络接口状态 ##
[root@linux-01 ceshi]# netstat -ltnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6967/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7260/master
tcp6 0 0 :::22 :::* LISTEN 6967/sshd
tcp6 0 0 ::1:25 :::* LISTEN 7260/master
## netstat -ltunp 查看tcp和udp的网络接口状态 ##
[root@linux-01 ceshi]# netstat -ltunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6967/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7260/master
tcp6 0 0 :::22 :::* LISTEN 6967/sshd
tcp6 0 0 ::1:25 :::* LISTEN 7260/master
[root@linux-01 ceshi]#
## ss -an 和netstat 类似,可以查看网络接口 ##
[root@linux-01 ceshi]# ss -an
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 0:6519 *
nl UNCONN 0 0 0:0 *
nl UNCONN 0 0 0:6519 *
nl UNCONN 4352 0 4:19380 *
nl UNCONN 768 0 4:0 *
nl UNCONN 0 0 6:0 *
nl UNCONN 0 0 7:0 *
nl UNCONN 0 0 7:6325 *
nl UNCONN 0 0 7:1 *
nl UNCONN 0 0 7:6325 *
nl UNCONN 0 0 7:1 *
nl UNCONN 0 0 9:6161 *
nl UNCONN 0 0 9:1 *
nl UNCONN 0 0 9:0 *
nl UNCONN 0 0 10:0 *
nl UNCONN 0 0 11:0 *
nl UNCONN 0 0 12:0 *
nl UNCONN 0 0 15:6965 *
nl UNCONN 0 0 15:-4119 *
nl UNCONN 0 0 15:6519 *
nl UNCONN 0 0 15:-4120 *
nl UNCONN 0 0 15:-4118 *
nl UNCONN 0 0 15:-4117 *
nl UNCONN 0 0 15:3027 *
nl UNCONN 0 0 15:1 *
nl UNCONN 0 0 15:0 *
nl UNCONN 0 0 15:6309 *
nl UNCONN 0 0 15:-4107 *
nl UNCONN 0 0 15:6965 *
nl UNCONN 0 0 15:-4120 *
nl UNCONN 0 0 15:6519 *
nl UNCONN 0 0 15:-4119 *
nl UNCONN 0 0 15:-4118 *
nl UNCONN 0 0 15:-4117 *
nl UNCONN 0 0 15:6309 *
nl UNCONN 0 0 15:-4107 *
nl UNCONN 0 0 15:1 *
nl UNCONN 0 0 16:0 *
nl UNCONN 0 0 18:0 *
p_dgr UNCONN 0 0 arp:ens33 *
u_str LISTEN 0 100 private/trace 39265 * 0
u_str LISTEN 0 100 private/verify 39268 * 0
u_str LISTEN 0 100 private/proxywrite 39277 * 0
u_str LISTEN 0 100 private/retry 39292 * 0
u_str LISTEN 0 100 private/discard 39295 * 0
u_str LISTEN 0 100 private/local 39298 * 0
u_str LISTEN 0 100 private/virtual 39301 * 0
u_str LISTEN 0 100 private/lmtp 39304 * 0
u_str LISTEN 0 100 private/anvil 39307 * 0
u_str LISTEN 0 100 private/scache 39310 * 0
u_seq LISTEN 0 128 /run/udev/control 21315 * 0
u_str LISTEN 0 100 private/defer 39262 * 0
u_str LISTEN 0 32 /var/run/vmware/guestServicePipe 35410 * 0
u_str LISTEN 0 128 /run/systemd/private 21140 * 0
u_str LISTEN 0 100 private/smtp 39280 * 0
u_str LISTEN 0 100 private/relay 39283 * 0
u_str LISTEN 0 100 private/error 39289 * 0
u_str LISTEN 0 100 public/pickup 39241 * 0
u_str LISTEN 0 100 public/cleanup 39245 * 0
u_str LISTEN 0 100 public/qmgr 39249 * 0
u_str LISTEN 0 100 public/flush 39271 * 0
u_str LISTEN 0 100 public/showq 39286 * 0
u_dgr UNCONN 0 0 /run/systemd/shutdownd 21427 * 0
u_str LISTEN 0 100 private/proxymap 39274 * 0
u_dgr UNCONN 0 0 /run/systemd/notify 8926 * 0
u_dgr UNCONN 0 0 /run/systemd/cgroups-agent 8928 * 0
u_str LISTEN 0 100 private/tlsmgr 39253 * 0
u_str LISTEN 0 100 private/rewrite 39256 * 0
u_str LISTEN 0 100 private/bounce 39259 * 0
u_str LISTEN 0 128 /run/lvm/lvmetad.socket 21223 * 0
u_str LISTEN 0 128 /run/lvm/lvmpolld.socket 21226 * 0
u_str LISTEN 0 128 /run/dbus/system_bus_socket 34025 * 0
u_str LISTEN 0 128 /run/systemd/journal/stdout 8946 * 0
u_dgr UNCONN 0 0 /run/systemd/journal/socket 8949 * 0
u_dgr UNCONN 0 0 /dev/log 8951 * 0
u_str ESTAB 0 0 * 39312 * 39311
u_str ESTAB 0 0 /run/systemd/journal/stdout 34453 * 34452
u_str ESTAB 0 0 * 39311 * 39312
u_str ESTAB 0 0 * 39246 * 39248
u_str ESTAB 0 0 * 39309 * 39308
u_str ESTAB 0 0 /run/systemd/journal/stdout 38165 * 38164
u_str ESTAB 0 0 * 39250 * 39251
u_str ESTAB 0 0 * 39251 * 39250
u_str ESTAB 0 0 * 38164 * 38165
u_str ESTAB 0 0 * 34452 * 34453
u_str ESTAB 0 0 * 39248 * 39246
u_str ESTAB 0 0 * 34711 * 34712
u_dgr UNCONN 0 0 * 35686 * 8951
u_str ESTAB 0 0 * 39242 * 39243
u_str ESTAB 0 0 /run/dbus/system_bus_socket 36842 * 36841
u_str ESTAB 0 0 * 39303 * 39302
u_str ESTAB 0 0 * 39239 * 39240
u_str ESTAB 0 0 * 36841 * 36842
u_str ESTAB 0 0 * 39302 * 39303
u_str ESTAB 0 0 * 39243 * 39242
u_dgr UNCONN 0 0 * 1027790 * 8951
u_str ESTAB 0 0 * 39308 * 39309
u_str ESTAB 0 0 /run/systemd/journal/stdout 34516 * 34515
u_str ESTAB 0 0 * 34941 * 34942
u_str ESTAB 0 0 * 39306 * 39305
u_str ESTAB 0 0 * 39240 * 39239
u_str ESTAB 0 0 * 39267 * 39266
u_str ESTAB 0 0 * 39305 * 39306
u_str ESTAB 0 0 * 34467 * 34713
u_str ESTAB 0 0 * 39257 * 39258
u_str ESTAB 0 0 * 21706 * 21707
u_str ESTAB 0 0 /run/dbus/system_bus_socket 34713 * 34467
u_str ESTAB 0 0 * 39258 * 39257
u_str ESTAB 0 0 * 34554 * 34718
u_str ESTAB 0 0 /run/systemd/journal/stdout 21707 * 21706
u_str ESTAB 0 0 * 39255 * 39254
u_dgr UNCONN 0 0 * 34788 * 0
u_str ESTAB 0 0 * 39261 * 39260
u_str ESTAB 0 0 * 34712 * 34711
u_str ESTAB 0 0 /run/systemd/journal/stdout 38295 * 38294
u_str ESTAB 0 0 * 35633 * 35634
u_dgr UNCONN 0 0 * 34536 * 8949
u_str ESTAB 0 0 * 39260 * 39261
u_str ESTAB 0 0 /run/dbus/system_bus_socket 34718 * 34554
u_dgr UNCONN 0 0 * 21422 * 8926
u_str ESTAB 0 0 * 39266 * 39267
u_str ESTAB 0 0 * 34515 * 34516
u_str ESTAB 0 0 * 38294 * 38295
u_str ESTAB 0 0 * 39439 * 39440
u_dgr UNCONN 0 0 * 1109850 * 8949
u_dgr UNCONN 0 0 * 39330 * 8951
u_str ESTAB 0 0 * 39254 * 39255
u_str ESTAB 0 0 /run/systemd/journal/stdout 35634 * 35633
u_dgr UNCONN 0 0 * 39608 * 8951
u_str ESTAB 0 0 * 39300 * 39299
u_str ESTAB 0 0 /run/dbus/system_bus_socket 39440 * 39439
u_str ESTAB 0 0 * 39299 * 39300
u_str ESTAB 0 0 /run/systemd/journal/stdout 34942 * 34941
u_str ESTAB 0 0 * 39279 * 39278
u_str ESTAB 0 0 * 35709 * 35710
u_str ESTAB 0 0 * 39278 * 39279
u_str ESTAB 0 0 * 39276 * 39275
u_str ESTAB 0 0 * 35569 * 35570
u_str ESTAB 0 0 * 39264 * 39263
u_str ESTAB 0 0 * 39282 * 39281
u_str ESTAB 0 0 * 39281 * 39282
u_str ESTAB 0 0 /run/systemd/journal/stdout 34391 * 34390
u_dgr UNCONN 0 0 * 22225 * 22226
u_str ESTAB 0 0 /run/systemd/journal/stdout 34158 * 34157
u_dgr UNCONN 0 0 * 22207 * 8949
u_str ESTAB 0 0 * 39270 * 39269
u_dgr UNCONN 0 0 * 35775 * 8951
u_dgr UNCONN 0 0 * 22226 * 22225
u_str ESTAB 0 0 * 39269 * 39270
u_dgr UNCONN 0 0 * 681719 * 8951
u_str ESTAB 0 0 * 34157 * 34158
u_str ESTAB 0 0 * 34885 * 34886
u_str ESTAB 0 0 * 39275 * 39276
u_dgr UNCONN 0 0 * 33504 * 8951
u_str ESTAB 0 0 * 39263 * 39264
u_str ESTAB 0 0 * 39273 * 39272
u_str ESTAB 0 0 /run/dbus/system_bus_socket 35570 * 35569
u_str ESTAB 0 0 * 39272 * 39273
u_str ESTAB 0 0 * 33516 * 33515
u_str ESTAB 0 0 * 39294 * 39293
u_str ESTAB 0 0 * 39293 * 39294
u_str ESTAB 0 0 * 34390 * 34391
u_str ESTAB 0 0 /run/dbus/system_bus_socket 34886 * 34885
u_str ESTAB 0 0 * 39291 * 39290
u_dgr UNCONN 0 0 * 1205914 * 8951
u_dgr UNCONN 0 0 * 35332 * 8951
u_str ESTAB 0 0 * 39297 * 39296
u_dgr UNCONN 0 0 * 35296 * 8951
u_str ESTAB 0 0 /run/systemd/journal/stdout 22196 * 22195
u_str ESTAB 0 0 * 39296 * 39297
u_str ESTAB 0 0 * 22195 * 22196
u_str ESTAB 0 0 * 39287 * 39288
u_str ESTAB 0 0 /run/dbus/system_bus_socket 35710 * 35709
u_str ESTAB 0 0 * 39285 * 39284
u_str ESTAB 0 0 * 33515 * 33516
u_str ESTAB 0 0 * 39284 * 39285
u_str ESTAB 0 0 * 39290 * 39291
u_dgr UNCONN 0 0 * 39213 * 8951
u_str ESTAB 0 0 * 39288 * 39287
raw UNCONN 0 0 :::58 :::*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp ESTAB 0 0 192.168.141.128:22 192.168.141.1:65423
tcp ESTAB 0 0 192.168.141.128:22 192.168.141.1:60176
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 100 ::1:25 :::*
v_str ESTAB 0 0 2993521101:1023 0:976
[root@linux-01 ceshi]#
## ss -an | grep -i listen 只查看网络接口背监听的状态 ##
[root@linux-01 ceshi]# ss -an | grep -i listen
u_str LISTEN 0 100 private/trace 39265 * 0
u_str LISTEN 0 100 private/verify 39268 * 0
u_str LISTEN 0 100 private/proxywrite 39277 * 0
u_str LISTEN 0 100 private/retry 39292 * 0
u_str LISTEN 0 100 private/discard 39295 * 0
u_str LISTEN 0 100 private/local 39298 * 0
u_str LISTEN 0 100 private/virtual 39301 * 0
u_str LISTEN 0 100 private/lmtp 39304 * 0
u_str LISTEN 0 100 private/anvil 39307 * 0
u_str LISTEN 0 100 private/scache 39310 * 0
u_seq LISTEN 0 128 /run/udev/control 21315 * 0
u_str LISTEN 0 100 private/defer 39262 * 0
u_str LISTEN 0 32 /var/run/vmware/guestServicePipe 35410 * 0
u_str LISTEN 0 128 /run/systemd/private 21140 * 0
u_str LISTEN 0 100 private/smtp 39280 * 0
u_str LISTEN 0 100 private/relay 39283 * 0
u_str LISTEN 0 100 private/error 39289 * 0
u_str LISTEN 0 100 public/pickup 39241 * 0
u_str LISTEN 0 100 public/cleanup 39245 * 0
u_str LISTEN 0 100 public/qmgr 39249 * 0
u_str LISTEN 0 100 public/flush 39271 * 0
u_str LISTEN 0 100 public/showq 39286 * 0
u_str LISTEN 0 100 private/proxymap 39274 * 0
u_str LISTEN 0 100 private/tlsmgr 39253 * 0
u_str LISTEN 0 100 private/rewrite 39256 * 0
u_str LISTEN 0 100 private/bounce 39259 * 0
u_str LISTEN 0 128 /run/lvm/lvmetad.socket 21223 * 0
u_str LISTEN 0 128 /run/lvm/lvmpolld.socket 21226 * 0
u_str LISTEN 0 128 /run/dbus/system_bus_socket 34025 * 0
u_str LISTEN 0 128 /run/systemd/journal/stdout 8946 * 0
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 100 ::1:25 :::*
[root@linux-01 ceshi]#
## 下面的命令可以查看网络接口中的状态有几个 ##
[root@linux-01 ceshi]# netstat -an | awk '/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}'
LISTEN 4
ESTABLISHED 2
[root@linux-01 ceshi]#
## 系统默认没有tcpdump命令,需要yum安装一下 ##
[root@linux-01 ceshi]# tcpdump
-bash: tcpdump: 未找到命令
[root@linux-01 ceshi]# yum install -y tcpdump
已加载插件:fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 5.8 kB 00:00:00
* base: mirrors.163.com
* epel: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.cn99.com
* updates: mirrors.nju.edu.cn
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/2): epel/x86_64/updateinfo | 986 kB 00:00:01
(2/2): epel/x86_64/primary_db | 6.7 MB 00:01:34
正在解决依赖关系
--> 正在检查事务
---> 软件包 tcpdump.x86_64.14.4.9.2-3.el7 将被 安装
--> 正在处理依赖关系 libpcap >= 14:1.5.3-10,它被软件包 14:tcpdump-4.9.2-3.el7.x86_64 需要
--> 正在处理依赖关系 libpcap.so.1()(64bit),它被软件包 14:tcpdump-4.9.2-3.el7.x86_64 需要
--> 正在检查事务
---> 软件包 libpcap.x86_64.14.1.5.3-11.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
=========================================================================================================================================
Package 架构 版本 源 大小
=========================================================================================================================================
正在安装:
tcpdump x86_64 14:4.9.2-3.el7 base 421 k
为依赖而安装:
libpcap x86_64 14:1.5.3-11.el7 base 138 k
事务概要
=========================================================================================================================================
安装 1 软件包 (+1 依赖软件包)
总下载量:559 k
安装大小:1.3 M
Downloading packages:
(1/2): libpcap-1.5.3-11.el7.x86_64.rpm | 138 kB 00:00:00
(2/2): tcpdump-4.9.2-3.el7.x86_64.rpm | 421 kB 00:00:00
-----------------------------------------------------------------------------------------------------------------------------------------
总计 2.5 MB/s | 559 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : 14:libpcap-1.5.3-11.el7.x86_64 1/2
正在安装 : 14:tcpdump-4.9.2-3.el7.x86_64 2/2
验证中 : 14:tcpdump-4.9.2-3.el7.x86_64 1/2
验证中 : 14:libpcap-1.5.3-11.el7.x86_64 2/2
已安装:
tcpdump.x86_64 14:4.9.2-3.el7
作为依赖被安装:
libpcap.x86_64 14:1.5.3-11.el7
完毕!
[root@linux-01 ceshi]#
## tcpdump -nn (显示ip地址)-i (指定网卡名字)##
[root@linux-01 ceshi]# tcpdump -nn -i ens33
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
23:38:58.029804 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 143933360:143933572, ack 2117960428, win 318, length 212
23:38:58.030089 IP 192.168.141.1.60176 > 192.168.141.128.22: Flags [.], ack 212, win 250, length 0
23:38:58.030728 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 212:504, ack 1, win 318, length 292
23:38:58.031099 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 504:668, ack 1, win 318, length 164
23:38:58.031299 IP 192.168.141.1.60176 > 192.168.141.128.22: Flags [.], ack 668, win 255, length 0
23:38:58.031689 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 668:944, ack 1, win 318, length 276
23:38:58.032000 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 944:1108, ack 1, win 318, length 164
23:38:58.032164 IP 192.168.141.1.60176 > 192.168.141.128.22: Flags [.], ack 1108, win 254, length 0
23:38:58.032476 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 1108:1384, ack 1, win 318, length 276
23:38:58.032773 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 1384:1564, ack 1, win 318, length 180
23:38:58.032916 IP 192.168.141.1.60176 > 192.168.141.128.22: Flags [.], ack 1564, win 252, length 0
23:38:58.033153 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 1564:1840, ack 1, win 318, length 276
23:38:58.033565 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 1840:2020, ack 1, win 318, length 180
23:38:58.033715 IP 192.168.141.1.60176 > 192.168.141.128.22: Flags [.], ack 2020, win 250, length 0
## 可以设置不用那个端口和那个ip的包 ##
[root@linux-01 ceshi]# tcpdump -nn -i ens33 not port 22 and host 192.168.141.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
[root@linux-01 ceshi]#
## 抓取一个包存到一个文件 ##
[root@linux-01 ceshi]# tcpdump -nn -i ens33 -c 100 -w 1.cap
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C4 packets captured
5 packets received by filter
0 packets dropped by kernel
[root@linux-01 ceshi]# ls
# 1.cap 1.txt 2.sh exec.sh passwd passwd1 source.sh
[root@linux-01 ceshi]# tcpdump -nn -i ens33 -c 10 -w 1.cap
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10 packets captured
10 packets received by filter
0 packets dropped by kernel
[root@linux-01 ceshi]# file 1.cap
1.cap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 262144)
[root@linux-01 ceshi]# tcpdump -r 1.cap
reading from file 1.cap, link-type EN10MB (Ethernet)
00:57:33.051784 IP linux-01.ssh > 192.168.141.1.60176: Flags [P.], seq 144863656:144863804, ack 2117974276, win 362, length 148
00:57:33.052190 IP 192.168.141.1.60176 > linux-01.ssh: Flags [.], ack 148, win 251, length 0
00:57:34.528624 IP 192.168.141.1 > igmp.mcast.net: igmp v3 report, 1 group record(s)
00:57:34.528666 IP6 fe80::41c8:1472:340f:c8db > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
00:57:34.587128 IP 192.168.141.1 > igmp.mcast.net: igmp v3 report, 1 group record(s)
00:57:34.587165 IP6 fe80::41c8:1472:340f:c8db > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
00:57:34.587190 IP6 fe80::41c8:1472:340f:c8db.53559 > ff02::1:3.hostmon: UDP, length 33
00:57:34.587204 IP 192.168.141.1.52209 > 224.0.0.252.hostmon: UDP, length 33
00:57:34.681633 IP6 fe80::41c8:1472:340f:c8db.53559 > ff02::1:3.hostmon: UDP, length 33
00:57:34.681701 IP 192.168.141.1.52209 > 224.0.0.252.hostmon: UDP, length 33
[root@linux-01 ceshi]#
## 安装tshark命令 ##
yum install -y wireshark
## 查看一个网站用户在访问服务器的地址 ##
shark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"
[root@linux-01 ceshi]# ifconfig
ens33: flags=4163 mtu 1500
inet 192.168.141.128 netmask 255.255.255.0 broadcast 192.168.141.255
inet6 fe80::8db4:d867:92de:d2d1 prefixlen 64 scopeid 0x20
ether 00:0c:29:6d:81:cc txqueuelen 1000 (Ethernet)
RX packets 352365 bytes 47836917 (45.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 151822 bytes 33225129 (31.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@linux-01 ~]# cd /etc/sysconfig/network-scripts/
[root@linux-01 network-scripts]# cp ifcfg-ens33 ifcfg-ens33\:0 //这儿的反斜杠是为了注释冒号
[root@linux-01 network-scripts]# ls
ifcfg-ens33 ifdown-bnep ifdown-isdn ifdown-sit ifup ifup-ippp ifup-plusb ifup-sit ifup-wireless
ifcfg-ens33:0 ifdown-eth ifdown-post ifdown-Team ifup-aliases ifup-ipv6 ifup-post ifup-Team init.ipv6-global
ifcfg-lo ifdown-ippp ifdown-ppp ifdown-TeamPort ifup-bnep ifup-isdn ifup-ppp ifup-TeamPort network-functions
ifdown ifdown-ipv6 ifdown-routes ifdown-tunnel ifup-eth ifup-plip ifup-routes ifup-tunnel network-functions-ipv6
[root@linux-01 network-scripts]# vim ifcfg-ens33:0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33:0
UUID=a6258a23-8add-4e49-b1f8-799e60a3bdbe
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.141.122
NETMASK=255.255.255.0
GATEWAY=192.168.141.2
## 如果在使用远程连接的服务器,尽量不适用ifdown ens33,这样关闭掉网卡需要从本机启动网卡 ##
[root@linux-01 network-scripts]# ifdown ens33 && ifup ens33
成功断开设备 'ens33'。
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/4)
[root@linux-01 network-scripts]# ifconfig
ens33: flags=4163 mtu 1500
inet 192.168.141.128 netmask 255.255.255.0 broadcast 192.168.141.255
inet6 fe80::8db4:d867:92de:d2d1 prefixlen 64 scopeid 0x20
ether 00:0c:29:6d:81:cc txqueuelen 1000 (Ethernet)
RX packets 353689 bytes 47962251 (45.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 152668 bytes 33335091 (31.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163 mtu 1500
inet 192.168.141.122 netmask 255.255.255.0 broadcast 192.168.141.255
ether 00:0c:29:6d:81:cc txqueuelen 1000 (Ethernet)
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@linux-01 network-scripts]# mii-tool ens33
ens33: negotiated 1000baseT-FD flow-control, link ok
[root@linux-01 network-scripts]#
[root@linux-01 network-scripts]# ethtool ens33
Settings for ens33:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full å
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Supported FEC modes: Not reported
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Advertised FEC modes: Not reported
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
MDI-X: off (auto)
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)
drv probe link
Link detected: yes //查看此处的的状态是yes或者no
[root@linux-01 network-scripts]#
使用hostnamectl,命令只有centos7有,centos6是没有的
[root@linux-01 ~]# hostnamectl set-hostname linux-001
[root@linux-01 ~]# hostname
linux-001
[root@linux-01 ~]# bash
[root@linux-001 ~]# exit
exit
[root@linux-01 ~]#
/etc/resolv.conf 此配置文件是dns的配置文件,如果修改此配置文件,再次登录系统后,会去读取网卡的配置里面的dns配置信息。
[root@linux-01 ~]# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
nameserver 192.168.141.2
[root@linux-01 ~]#
[root@linux-01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@linux-01 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.141.128 www.baidu.com www.qq.com
[root@linux-01 ~]# ping www.baidu.com
PING www.baidu.com (192.168.141.128) 56(84) bytes of data.
64 bytes from www.baidu.com (192.168.141.128): icmp_seq=1 ttl=64 time=0.159 ms
64 bytes from www.baidu.com (192.168.141.128): icmp_seq=2 ttl=64 time=0.120 ms
64 bytes from www.baidu.com (192.168.141.128): icmp_seq=3 ttl=64 time=0.096 ms
^C
--- www.baidu.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.096/0.125/0.159/0.025 ms
[root@linux-01 ~]# ping www.qq.com
PING www.baidu.com (192.168.141.128) 56(84) bytes of data.
64 bytes from www.baidu.com (192.168.141.128): icmp_seq=1 ttl=64 time=0.116 ms
64 bytes from www.baidu.com (192.168.141.128): icmp_seq=2 ttl=64 time=0.095 ms
^C
--- www.baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.095/0.105/0.116/0.014 ms
[root@linux-01 ~]#
三次握手小例子:
在红军时代,A连和B连分在左右翼,约定在几时几分一同发起打击。这个几时几分的信息就需要人工通过通讯员来走路传递。所以A连指挥官派出通讯员。
这是第一次。
假设通讯员到达了B连,并且告知了B连指挥官几时几分,B连指挥官一定会让通讯员再回去通知A连指挥官,可怜的通讯员只能冒着危险返回A连,因为A连指挥官看不到通讯员返回的话,不知道几时几分这个信息到底传达到了B连没有。
这是第二次。
现在B连指挥官开始担心通讯员是否回到了A连,如果没回到,B连指挥官会设身处地的想一想A连指挥官见不到返回的通讯员,肯定是不敢打的,所以B连指挥官最盼望的是再次看到通讯员出现在B连,所以A连指挥官会让通讯员再回B连一次。
这是第三次。 这就是三次握手由于TCP连接时全双工的,因此,每个方向都必须要单独进行关闭,这一原则是当一方完成数据发送任务后,发送一个FIN来终止这一方向的连接,收到一个FIN只是意味着这一方向上没有数据流动了,即不会再收到数据了,但是在这个TCP连接上仍然能够发送数据,直到这一方向也发送了FIN。首先进行关闭的一方将执行主动关闭,而另一方则执行被动关闭,下图描述的即是如此。
tcp连接过程: 在TCP/IP协议中,TCP协议提供可靠的连接服务,采用三次握手建立一个连接。
第一次握手:建立连接时,客户端A发送SYN包(SYN=j)到服务器B,并进入SYN_SEND状态,等待服务器B确认。第二次握手:服务器B收到SYN包,必须确认客户A的SYN(ACK=j+1),同时自己也发送一个SYN包(SYN=k),即SYN+ACK包,此时服务器B进入SYN_RECV状态。
第三次握手:客户端A收到服务器B的SYN+ACK包,向服务器B发送确认包ACK(ACK=k+1),此包发送完毕,客户端A和服务器B进入ESTABLISHED状态,完成三次握手。
完成三次握手,客户端与服务器开始传送数据。
SYN攻击:在三次握手过程中,服务器发送SYN-ACK之后,收到客户端的ACK之前的TCP连接称为半连接(half-open
connect).此时服务器处于Syn_RECV状态.当收到ACK后,服务器转入ESTABLISHED状态. Syn攻击就是 攻击客户端
在短时间内伪造大量不存在的IP地址,向服务器不断地发送syn包,服务器回复确认包,并等待客户的确认,由于源地址是不存在的,服务器需要不断的重发直
至超时,这些伪造的SYN包将长时间占用未连接队列,正常的SYN请求被丢弃,目标系统运行缓慢,严重者引起网络堵塞甚至系统瘫痪。
Syn攻击是一个典型的DDOS攻击。检测SYN攻击非常的方便,当你在服务器上看到大量的半连接状态时,特别是源IP地址是随机的,基本上可以断定这是一次SYN攻击.在Linux下可以如下命令检测是否被Syn攻击
netstat -n -p TCP | grep SYN_RECV
一般较新的TCP/IP协议栈都对这一过程进行修正来防范Syn攻击,修改tcp协议实现。主要方法有SynAttackProtect保护机制、SYN
cookies技术、增加最大半连接和缩短超时时间等. 但是不能完全防范syn攻击。
TCP的连接的拆除需要发送四个包,因此称为四次挥手(four-way handshake)。客户端或服务器均可主动发起挥手动作,在socket编程中,任何一方执行close()操作即可产生挥手操作。
第一次挥手:
Client发送一个FIN,用来关闭Client到Server的数据传送,Client进入FIN_WAIT_1状态。
第二次挥手:
Server收到FIN后,发送一个ACK给Client,确认序号为收到序号+1(与SYN相同,一个FIN占用一个序号),Server进入CLOSE_WAIT状态。
第三次挥手:
Server发送一个FIN,用来关闭Server到Client的数据传送,Server进入LAST_ACK状态。
第四次挥手:
client发回ACK报文确认,并将确认序号设置为收到序号加1
CLOSED:初始状态,表示TCP连接是“关闭着的”或“未打开的”。
LISTEN :表示服务器端的某个SOCKET处于监听状态,可以接受客户端的连接。
SYN_RCVD :表示接收到了SYN报文。在正常情况下,这个状态是服务器端的SOCKET在建立TCP连接时的三次握手会话过程中的一个中间状态,很短暂,基本上用netstat很难看到这种状态,除非故意写一个监测程序,将三次TCP握手过程中最后一个ACK报文不予发送。当TCP连接处于此状态时,再收到客户端的ACK报文,它就会进入到ESTABLISHED 状态。
SYN_SENT :这个状态与SYN_RCVD 状态相呼应,当客户端SOCKET执行connect()进行连接时,它首先发送SYN报文,然后随即进入到SYN_SENT 状态,并等待服务端的发送三次握手中的第2个报文。SYN_SENT 状态表示客户端已发送SYN报文。
ESTABLISHED :表示TCP连接已经成功建立。
四次挥手状态:
FIN_WAIT_1 :这个状态得好好解释一下,其实FIN_WAIT_1 和FIN_WAIT_2 两种状态的真正含义都是表示等待对方的FIN报文。而这两种状态的区别是:FIN_WAIT_1状态实际上是当SOCKET在ESTABLISHED状态时,它想主动关闭连接,向对方发送了FIN报文,此时该SOCKET进入到FIN_WAIT_1 状态。而当对方回应ACK报文后,则进入到FIN_WAIT_2 状态。当然在实际的正常情况下,无论对方处于任何种情况下,都应该马上回应ACK报文,所以FIN_WAIT_1 状态一般是比较难见到的,而FIN_WAIT_2 状态有时仍可以用netstat看到。
FIN_WAIT_2 :上面已经解释了这种状态的由来,实际上FIN_WAIT_2状态下的SOCKET表示半连接,即有一方调用close()主动要求关闭连接。注意:FIN_WAIT_2 是没有超时的(不像TIME_WAIT 状态),这种状态下如果对方不关闭(不配合完成4次挥手过程),那这个 FIN_WAIT_2 状态将一直保持到系统重启,越来越多的FIN_WAIT_2 状态会导致内核crash。
TIME_WAIT :表示收到了对方的FIN报文,并发送出了ACK报文。 TIME_WAIT状态下的TCP连接会等待2*MSL(Max Segment Lifetime,最大分段生存期,指一个TCP报文在Internet上的最长生存时间。每个具体的TCP协议实现都必须选择一个确定的MSL值,RFC 1122建议是2分钟,但BSD传统实现采用了30秒,Linux可以cat /proc/sys/net/ipv4/tcp_fin_timeout看到本机的这个值),然后即可回到CLOSED 可用状态了。如果FIN_WAIT_1状态下,收到了对方同时带FIN标志和ACK标志的报文时,可以直接进入到TIME_WAIT状态,而无须经过FIN_WAIT_2状态。
CLOSING :这种状态在实际情况中应该很少见,属于一种比较罕见的例外状态。正常情况下,当一方发送FIN报文后,按理来说是应该先收到(或同时收到)对方的ACK报文,再收到对方的FIN报文。但是CLOSING 状态表示一方发送FIN报文后,并没有收到对方的ACK报文,反而却也收到了对方的FIN报文。什么情况下会出现此种情况呢?那就是当双方几乎在同时close()一个SOCKET的话,就出现了双方同时发送FIN报文的情况,这是就会出现CLOSING 状态,表示双方都正在关闭SOCKET连接。
CLOSE_WAIT :表示正在等待关闭。怎么理解呢?当对方close()一个SOCKET后发送FIN报文给自己,你的系统毫无疑问地将会回应一个ACK报文给对方,此时TCP连接则进入到CLOSE_WAIT状态。接下来呢,你需要检查自己是否还有数据要发送给对方,如果没有的话,那你也就可以close()这个SOCKET并发送FIN报文给对方,即关闭自己到对方这个方向的连接。有数据的话则看程序的策略,继续发送或丢弃。简单地说,当你处于CLOSE_WAIT 状态下,需要完成的事情是等待你去关闭连接。
LAST_ACK :当被动关闭的一方在发送FIN报文后,等待对方的ACK报文的时候,就处于LAST_ACK 状态。当收到对方的ACK报文后,也就可以进入到CLOSED 可用状态了。
设置和删除IP
ip addr add 192.168.10.10/24 dev eth0
ip addr show eth0
ip addr del 192.168.10.10/24 dev eth0
路由相关设置
ip route show
ip route add default via 192.168.10.1
ip route add 192.168.5.0/24 dev eth0
ip route del 192.168.10.1
另外用route命令来管理路由:
(a)、网络路由
route add -net 192.168.1.0/24 gw 172.16.1.106
(b)、主机路由
route add -host 192.168.1.110 gw 172.16.1.106
(c)、默认路由
route add default gw 172.16.1.106
或
route add -net 0.0.0.0 gw 172.16.1.106
(d)、删除路由
route del -host 192.168.1.110
route del -net 192.168.1.0/24
显示网络统计数据
ip -s link
ip -s -s link ls eth0
停止开启网卡
ip link set eth0 down
ip linke set eth0 up
ip link set ens37 name eth1
永久保存:https://blog.csdn.net/jyusun/article/details/71513086