1. 监控磁盘IO性能
iostat命令用于输出与磁盘IO相关的统计信息,一般使用“iostat -x”查看磁盘使用情况。
[root@yuioplvlinux-128 ~]# iostat -x Linux 3.10.0-693.el7.x86_64 (yuioplvlinux-128) 2018年05月07日 _x86_64_ (1 CPU) avg-cpu: %user %nice %system %iowait %steal %idle 0.44 0.00 1.13 2.73 0.00 95.69 Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util sdb 0.00 0.00 0.42 0.00 5.44 0.00 26.23 0.01 19.62 19.62 0.00 15.90 0.66 sda 0.00 0.16 7.50 0.93 139.62 15.89 36.88 0.18 21.81 15.62 71.70 5.75 4.85 dm-0 0.00 0.00 0.06 0.00 1.48 0.00 48.19 0.00 7.42 7.42 0.00 6.56 0.04
一般关注‘%util’这一行,它表示UO请求发送到设备请求期间,占用CPU时间的百分比,即等待时间比,当这个值接近100%时,代表设备带宽已经占满,需要更换设备,一般也使用“iostat -x 1”查看,每秒刷新一次。
使用命令“yum install -y iotop”,安装iotop工具,该命令可以用来监控磁盘的读写情况。直接执行该命令,输出结果如下,动态显示磁盘的读写情况:
Total DISK READ : 0.00 B/s | Total DISK WRITE : 0.00 B/s Actual DISK READ: 0.00 B/s | Actual DISK WRITE: 0.00 B/s TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND 1 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % systemd --switched-root --system --deserialize 21 2 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kthreadd] 3 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksoftirqd/0] 5 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kworker/0:0H] 6 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kworker/u128:0] 7 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [migration/0] 8 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [rcu_bh] 9 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [rcu_sched] 10 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [watchdog/0] 12 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kdevtmpfs] 13 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [netns] 14 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [khungtaskd] 15 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [writeback] 16 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kintegrityd] 17 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [bioset] 18 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kblockd] 19 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [md] 1047 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kworker/0:0] 25 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kswapd0] 26 be/5 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksmd] 27 be/7 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [khugepaged] 28 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [crypto] 36 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kthrotld] 37 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kworker/u128:1]
其中READ和WRITE表示磁盘读写速度。
2. 查看内存使用情况
free命令可以查看内存使用情况,第二行Mem表示内存,Swap则是交换分区:
[root@yuioplvlinux-128 ~]# free total used free shared buff/cache available Mem: 1008152 129152 628936 6900 250064 713112 Swap: 2097148 0 2097148
[root@yuioplvlinux-128 ~]# free -h total used free shared buff/cache available Mem: 984M 126M 614M 6.7M 244M 696M Swap: 2.0G 0B 2.0G
total:内存总大小;
used:真正使用的实际内存大小;
free:剩余物理内存大小(没有被分配,纯剩余);
shared:共享内存大小,不用关注;
buff/cache:缓冲/缓存(数据经过CPU计算,即将要写入磁盘,这时用的内存为buff;CPU要计算时,需要把数据从磁盘中读出来,临时先放到内存中,这部分内存就是cache);
available:系统可使用的内存有多大,包含了free。
其中,tpya;=used+free+buff/cache,
此外,available是由free这部分内存以及buff/cache还未被占用的内存组成。
3. 查看系统进程
在Windows下,想要知道系统内有那些进程在运行,打开任务管理器即可查看,在Linux系统中,使用ps命令,ps命令是显示系统进程的命令:
[root@yuioplvlinux-128 ~]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.3 125232 3728 ? Ss 5ÔÂ07 0:01 /usr/lib/systemd/systemd --switched-root --system --deserialize 21 root 2 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [ksoftirqd/0] root 5 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [kworker/0:0H] root 6 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [kworker/u128:0] root 7 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [migration/0] root 8 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [rcu_bh] root 9 0.0 0.0 0 0 ? R 5ÔÂ07 0:00 [rcu_sched] root 10 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [watchdog/0] root 12 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [kdevtmpfs] root 13 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [netns] root 14 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [khungtaskd] root 15 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [writeback] root 16 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [kintegrityd] root 17 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [bioset] root 18 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [kblockd] root 19 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [md] root 25 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [kswapd0] root 26 0.0 0.0 0 0 ? SN 5ÔÂ07 0:00 [ksmd] root 27 0.0 0.0 0 0 ? SN 5ÔÂ07 0:00 [khugepaged] root 28 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [crypto] root 36 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [kthrotld] root 37 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [kworker/u128:1] root 38 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [kmpath_rdacd] root 39 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [kpsmoused] root 41 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [ipv6_addrconf] root 60 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [deferwq] root 92 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [kauditd] root 231 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [ata_sff] root 232 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [mpt_poll_0] root 233 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [mpt/0] root 239 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [scsi_eh_0] root 240 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [scsi_tmf_0] root 242 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [scsi_eh_1] root 245 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [scsi_tmf_1] root 248 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [scsi_eh_2] root 250 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [scsi_tmf_2] root 252 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [ttm_swap] root 277 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [bioset] root 278 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfsalloc] root 279 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs_mru_cache] root 280 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-buf/sda3] root 281 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-data/sda3] root 282 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-conv/sda3] root 283 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-cil/sda3] root 284 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-reclaim/sda] root 285 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-log/sda3] root 286 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-eofblocks/s] root 287 0.0 0.0 0 0 ? S 5ÔÂ07 0:01 [xfsaild/sda3] root 353 0.0 0.2 34940 2892 ? Ss 5ÔÂ07 0:00 /usr/lib/systemd/systemd-journald root 377 0.0 0.1 340044 1472 ? Ss 5ÔÂ07 0:00 /usr/sbin/lvmetad -f root 383 0.0 0.1 43844 1840 ? Ss 5ÔÂ07 0:02 /usr/lib/systemd/systemd-udevd root 385 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [kworker/0:1H] root 419 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [kworker/u129:0] root 420 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [hci0] root 421 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [hci0] root 423 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [kworker/u129:2] root 489 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-buf/sda1] root 490 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-data/sda1] root 491 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-conv/sda1] root 492 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-cil/sda1] root 493 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-reclaim/sda] root 494 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-log/sda1] root 495 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [xfs-eofblocks/s] root 496 0.0 0.0 0 0 ? S 5ÔÂ07 0:00 [xfsaild/sda1] root 501 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [kdmflush] root 502 0.0 0.0 0 0 ? S< 5ÔÂ07 0:00 [bioset] root 524 0.0 0.0 55452 892 ? S<sl 5ÔÂ07 0:00 /sbin/auditd dbus 548 0.0 0.1 24548 1692 ? Ss 5ÔÂ07 0:00 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile - root 552 0.0 1.2 214504 12924 ? Ssl 5ÔÂ07 0:01 /usr/sbin/rsyslogd -n polkitd 556 0.0 1.4 534892 14876 ? Ssl 5ÔÂ07 0:00 /usr/lib/polkit-1/polkitd --no-debug root 561 0.0 0.1 24204 1676 ? Ss 5ÔÂ07 0:00 /usr/lib/systemd/systemd-logind root 562 0.0 0.6 99608 6100 ? Ss 5ÔÂ07 0:00 /usr/bin/VGAuthService -s root 563 0.1 0.6 305368 6340 ? Ssl 5ÔÂ07 0:19 /usr/bin/vmtoolsd root 564 0.0 0.1 126228 1604 ? Ss 5ÔÂ07 0:00 /usr/sbin/crond -n root 568 0.0 0.0 110044 816 tty1 Ss+ 5ÔÂ07 0:00 /sbin/agetty --noclear tty1 linux chrony 571 0.0 0.1 115640 1784 ? S 5ÔÂ07 0:00 /usr/sbin/chronyd root 589 0.0 2.8 334256 28960 ? Ssl 5ÔÂ07 0:01 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid root 602 0.0 0.8 472068 9024 ? Ssl 5ÔÂ07 0:00 /usr/sbin/NetworkManager --no-daemon root 847 0.0 1.8 562388 18632 ? Ssl 5ÔÂ07 0:02 /usr/bin/python -Es /usr/sbin/tuned -l -P root 850 0.0 0.4 105996 4068 ? Ss 5ÔÂ07 0:00 /usr/sbin/sshd -D root 936 0.0 0.2 89544 2084 ? Ss 5ÔÂ07 0:00 /usr/libexec/postfix/master -w postfix 940 0.0 0.3 89716 4032 ? S 5ÔÂ07 0:00 qmgr -l -t unix -u root 970 0.0 0.5 145700 5168 ? Rs 5ÔÂ07 0:01 sshd: root@pts/0 root 972 0.0 0.2 115524 2248 pts/0 Ss 5ÔÂ07 0:00 -bash postfix 1120 0.0 0.3 89648 4008 ? S 00:00 0:00 pickup -l -t unix -u root 1171 0.1 0.0 0 0 ? R 00:50 0:01 [kworker/0:2] root 1178 0.0 0.0 0 0 ? S 01:00 0:00 [kworker/0:0] root 1193 0.0 0.0 0 0 ? S 01:05 0:00 [kworker/0:1] root 1194 0.0 0.1 151064 1820 pts/0 R+ 01:06 0:00 ps aux
也有人使用命令“ps -elf”,但它们显示的信息基本是一样的;
PID:表示进程的ID,如果想要终止一个进程,使用命令‘kill -9 进程的ID’,来终止某个进程;
STAT:进程的状态,主要分为一下几种:
1)D:不能中断的进程(通常为IO);
2)R:run,正在运行中的进程,其中包括了等待CPU时间片的进程;
3)S:sleep,已经中断的进程;
4)T:已经停止或暂停的进程;
5)W:没有足够的内存页分配;
6)X:已经死掉的进程;
7)Z:僵尸进程;
8)<:高优先级进程;
9)N:低优先级进程;
10)L:在内存中被锁了内存分页;
11)s:主进程;
12)l:多线性进程;
13)+:在前台运行的进程。
4. 查看网络状况
使用netstat命令查看网络状况,最常用的命令如下:
[root@yuioplvlinux-128 ~]# netstat -lnp #打印当前系统启动那些端口 Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 850/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 936/master tcp6 0 0 :::22 :::* LISTEN 850/sshd tcp6 0 0 ::1:25 :::* LISTEN 936/master udp 0 0 127.0.0.1:323 0.0.0.0:* 571/chronyd udp6 0 0 ::1:323 :::* 571/chronyd raw6 0 0 :::58 :::* 7 602/NetworkManager Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 12040 1/systemd /run/lvm/lvmpolld.socket unix 2 [ ACC ] STREAM LISTENING 18610 936/master private/proxymap unix 2 [ ACC ] STREAM LISTENING 18616 936/master private/proxywrite unix 2 [ ACC ] STREAM LISTENING 18619 936/master private/smtp unix 2 [ ACC ] STREAM LISTENING 11827 1/systemd /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 18622 936/master private/relay unix 2 [ ACC ] STREAM LISTENING 18628 936/master private/error unix 2 [ ACC ] STREAM LISTENING 18631 936/master private/retry unix 2 [ ACC ] STREAM LISTENING 11843 1/systemd /run/lvm/lvmetad.socket unix 2 [ ACC ] SEQPACKET LISTENING 11846 1/systemd /run/udev/control unix 2 [ ACC ] STREAM LISTENING 14701 1/systemd /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 18578 936/master public/pickup unix 2 [ ACC ] STREAM LISTENING 18582 936/master public/cleanup unix 2 [ ACC ] STREAM LISTENING 18585 936/master public/qmgr unix 2 [ ACC ] STREAM LISTENING 18607 936/master public/flush unix 2 [ ACC ] STREAM LISTENING 18625 936/master public/showq unix 2 [ ACC ] STREAM LISTENING 18634 936/master private/discard unix 2 [ ACC ] STREAM LISTENING 18637 936/master private/local unix 2 [ ACC ] STREAM LISTENING 18640 936/master private/virtual unix 2 [ ACC ] STREAM LISTENING 18643 936/master private/lmtp unix 2 [ ACC ] STREAM LISTENING 18589 936/master private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 18646 936/master private/anvil unix 2 [ ACC ] STREAM LISTENING 18592 936/master private/rewrite unix 2 [ ACC ] STREAM LISTENING 18649 936/master private/scache unix 2 [ ACC ] STREAM LISTENING 18595 936/master private/bounce unix 2 [ ACC ] STREAM LISTENING 18598 936/master private/defer unix 2 [ ACC ] STREAM LISTENING 18601 936/master private/trace unix 2 [ ACC ] STREAM LISTENING 15848 562/VGAuthService /var/run/vmware/guestServicePipe unix 2 [ ACC ] STREAM LISTENING 18604 936/master private/verify unix 2 [ ACC ] STREAM LISTENING 7661 1/systemd /run/systemd/journal/stdout
[root@yuioplvlinux-128 ~]# netstat -an #打印网络连接情况 Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 52 192.168.30.128:22 192.168.30.1:57338 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN udp 0 0 127.0.0.1:323 0.0.0.0:* udp6 0 0 ::1:323 :::* raw6 0 0 :::58 :::* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 12040 /run/lvm/lvmpolld.socket unix 2 [ ] DGRAM 12061 /run/systemd/shutdownd unix 2 [ ACC ] STREAM LISTENING 18610 private/proxymap unix 2 [ ACC ] STREAM LISTENING 18616 private/proxywrite unix 2 [ ACC ] STREAM LISTENING 18619 private/smtp unix 2 [ ] DGRAM 15662 /var/run/chrony/chronyd.sock unix 2 [ ACC ] STREAM LISTENING 11827 /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 18622 private/relay unix 2 [ ACC ] STREAM LISTENING 18628 private/error unix 2 [ ACC ] STREAM LISTENING 18631 private/retry unix 2 [ ACC ] STREAM LISTENING 11843 /run/lvm/lvmetad.socket unix 2 [ ACC ] SEQPACKET LISTENING 11846 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 14701 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 18578 public/pickup unix 2 [ ACC ] STREAM LISTENING 18582 public/cleanup unix 2 [ ACC ] STREAM LISTENING 18585 public/qmgr unix 2 [ ACC ] STREAM LISTENING 18607 public/flush unix 2 [ ACC ] STREAM LISTENING 18625 public/showq unix 2 [ ACC ] STREAM LISTENING 18634 private/discard unix 2 [ ACC ] STREAM LISTENING 18637 private/local unix 2 [ ACC ] STREAM LISTENING 18640 private/virtual unix 2 [ ACC ] STREAM LISTENING 18643 private/lmtp unix 2 [ ACC ] STREAM LISTENING 18589 private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 18646 private/anvil unix 2 [ ACC ] STREAM LISTENING 18592 private/rewrite unix 2 [ ] DGRAM 7645 /run/systemd/notify unix 2 [ ACC ] STREAM LISTENING 18649 private/scache unix 2 [ ] DGRAM 7647 /run/systemd/cgroups-agent unix 2 [ ACC ] STREAM LISTENING 18595 private/bounce unix 2 [ ACC ] STREAM LISTENING 18598 private/defer unix 2 [ ACC ] STREAM LISTENING 18601 private/trace unix 2 [ ACC ] STREAM LISTENING 15848 /var/run/vmware/guestServicePipe unix 2 [ ACC ] STREAM LISTENING 18604 private/verify unix 2 [ ACC ] STREAM LISTENING 7661 /run/systemd/journal/stdout unix 5 [ ] DGRAM 7664 /run/systemd/journal/socket unix 14 [ ] DGRAM 7666 /dev/log unix 3 [ ] STREAM CONNECTED 15290 unix 3 [ ] STREAM CONNECTED 15767 unix 3 [ ] STREAM CONNECTED 18624 unix 3 [ ] STREAM CONNECTED 18704 unix 3 [ ] STREAM CONNECTED 18623 unix 3 [ ] STREAM CONNECTED 18626 unix 2 [ ] DGRAM 18551 unix 3 [ ] STREAM CONNECTED 17986 unix 2 [ ] DGRAM 15651 unix 3 [ ] STREAM CONNECTED 18627 unix 3 [ ] STREAM CONNECTED 18705 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 18638 unix 3 [ ] STREAM CONNECTED 18629 unix 3 [ ] STREAM CONNECTED 17987 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 18577 unix 3 [ ] STREAM CONNECTED 14554 unix 2 [ ] DGRAM 15601 unix 3 [ ] STREAM CONNECTED 18630 unix 3 [ ] STREAM CONNECTED 18633 unix 3 [ ] STREAM CONNECTED 18632 unix 3 [ ] STREAM CONNECTED 17807 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 18635 unix 2 [ ] DGRAM 18685 unix 3 [ ] STREAM CONNECTED 15291 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 18636 unix 3 [ ] STREAM CONNECTED 18579 unix 3 [ ] STREAM CONNECTED 18645 unix 2 [ ] DGRAM 15769 unix 3 [ ] STREAM CONNECTED 18644 unix 2 [ ] DGRAM 15626 unix 2 [ ] DGRAM 17198 unix 3 [ ] STREAM CONNECTED 18609 unix 3 [ ] STREAM CONNECTED 18647 unix 3 [ ] STREAM CONNECTED 18590 unix 3 [ ] STREAM CONNECTED 18641 unix 2 [ ] DGRAM 27141 unix 3 [ ] STREAM CONNECTED 18614 unix 3 [ ] STREAM CONNECTED 15565 unix 3 [ ] STREAM CONNECTED 18642 unix 3 [ ] STREAM CONNECTED 15566 /run/systemd/journal/stdout unix 2 [ ] DGRAM 14545 unix 3 [ ] STREAM CONNECTED 18615 unix 3 [ ] STREAM CONNECTED 18580 unix 3 [ ] STREAM CONNECTED 18618 unix 2 [ ] DGRAM 15794 unix 3 [ ] STREAM CONNECTED 18617 unix 2 [ ] DGRAM 12304 unix 3 [ ] STREAM CONNECTED 17806 unix 3 [ ] STREAM CONNECTED 18620 unix 3 [ ] STREAM CONNECTED 18648 unix 3 [ ] STREAM CONNECTED 18651 unix 3 [ ] STREAM CONNECTED 15768 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 18576 unix 3 [ ] STREAM CONNECTED 18650 unix 3 [ ] STREAM CONNECTED 18621 unix 3 [ ] STREAM CONNECTED 16265 unix 3 [ ] STREAM CONNECTED 18639 unix 3 [ ] STREAM CONNECTED 18593 unix 2 [ ] DGRAM 19039 unix 3 [ ] STREAM CONNECTED 18599 unix 3 [ ] DGRAM 12822 unix 2 [ ] DGRAM 12806 unix 3 [ ] STREAM CONNECTED 14828 /var/run/dbus/system_bus_socket unix 2 [ ] DGRAM 16178 unix 3 [ ] STREAM CONNECTED 18597 unix 3 [ ] STREAM CONNECTED 15471 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 18603 unix 2 [ ] DGRAM 15463 unix 2 [ ] DGRAM 16064 unix 3 [ ] STREAM CONNECTED 18600 unix 3 [ ] STREAM CONNECTED 12715 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15923 unix 3 [ ] STREAM CONNECTED 14826 unix 3 [ ] STREAM CONNECTED 18605 unix 3 [ ] STREAM CONNECTED 12714 unix 3 [ ] STREAM CONNECTED 18602 unix 3 [ ] STREAM CONNECTED 12795 unix 3 [ ] STREAM CONNECTED 18591 unix 3 [ ] STREAM CONNECTED 12796 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15978 unix 3 [ ] STREAM CONNECTED 15470 unix 3 [ ] DGRAM 12823 unix 3 [ ] STREAM CONNECTED 15288 unix 3 [ ] STREAM CONNECTED 14812 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15979 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15195 unix 3 [ ] STREAM CONNECTED 16266 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 18606 unix 3 [ ] STREAM CONNECTED 14810 unix 3 [ ] STREAM CONNECTED 18608 unix 3 [ ] STREAM CONNECTED 18587 unix 3 [ ] STREAM CONNECTED 18583 unix 3 [ ] STREAM CONNECTED 16088 unix 3 [ ] STREAM CONNECTED 14811 unix 3 [ ] STREAM CONNECTED 14555 unix 3 [ ] STREAM CONNECTED 16089 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 18596 unix 3 [ ] STREAM CONNECTED 18584 unix 3 [ ] STREAM CONNECTED 15196 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 14827 unix 3 [ ] STREAM CONNECTED 18594 unix 3 [ ] STREAM CONNECTED 15289 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 18586 unix 3 [ ] STREAM CONNECTED 15924 /var/run/dbus/system_bus_socket
可使用如下命令,查看系统所有端口状态;
[root@yuioplvlinux-128 ~]# netstat -an |awk '/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}' LISTEN 4 ESTABLISHED 1
也可以使用“ss -an”命令,但其不会显示具体的路径;
[root@yuioplvlinux-128 ~]# ss -an | head -20 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port nl UNCONN 0 0 0:0 * nl UNCONN 0 0 0:-838860198 * nl UNCONN 0 0 0:-838860198 * nl UNCONN 4352 0 4:1255 * nl UNCONN 768 0 4:0 * nl UNCONN 0 0 6:0 * nl UNCONN 0 0 7:0 * nl UNCONN 0 0 9:524 * nl UNCONN 0 0 9:0 * nl UNCONN 0 0 9:1 * nl UNCONN 0 0 10:0 * nl UNCONN 0 0 11:0 * nl UNCONN 0 0 12:0 * nl UNCONN 0 0 15:-4117 * nl UNCONN 0 0 15:1 * nl UNCONN 0 0 15:-4120 * nl UNCONN 0 0 15:0 * nl UNCONN 0 0 15:561 * nl UNCONN 0 0 15:-4107 *
5. 抓包工具
5.1 tcpdump工具
使用命令“yum install -y tcpdump”安装tcpdump工具;
使用命令“tcpdump -nn -i ens33”(其中-i选项后面跟对应的网卡,若是这条命令不能执行,使用‘ifconfig’查看自己的网卡名称),输出结果如下:
01:51:28.993723 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 398100:398280, ack 53, win 42480, length 180 01:51:28.994178 IP 192.168.30.1.57338 > 192.168.30.128.22: Flags [.], ack 398280, win 63604, length 0 01:51:28.994546 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 398280:398556, ack 53, win 42480, length 276 01:51:28.996392 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 398556:398736, ack 53, win 42480, length 180 01:51:28.998112 IP 192.168.30.1.57338 > 192.168.30.128.22: Flags [.], ack 398736, win 63148, length 0 01:51:28.998482 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 398736:399012, ack 53, win 42480, length 276 01:51:28.999184 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 399012:399192, ack 53, win 42480, length 180 01:51:28.999471 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 399192:399372, ack 53, win 42480, length 180 01:51:28.999709 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 399372:399552, ack 53, win 42480, length 180 01:51:29.000344 IP 192.168.30.1.57338 > 192.168.30.128.22: Flags [.], ack 399552, win 62332, length 0 01:51:29.000668 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 399552:399828, ack 53, win 42480, length 276 01:51:29.001134 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 399828:400008, ack 53, win 42480, length 180 01:51:29.001436 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 400008:400188, ack 53, win 42480, length 180 01:51:29.001671 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 400188:400368, ack 53, win 42480, length 180 01:51:29.002418 IP 192.168.30.1.57338 > 192.168.30.128.22: Flags [.], ack 400368, win 61516, length 0 01:51:29.002692 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 400368:400644, ack 53, win 42480, length 276 01:51:29.004138 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 400644:400824, ack 53, win 42480, length 180 01:51:29.004610 IP 192.168.30.1.57338 > 192.168.30.128.22: Flags [P.], seq 53:105, ack 400644, win 61240, length 52 01:51:29.006652 IP 192.168.30.1.57338 > 192.168.30.128.22: Flags [.], ack 400824, win 64240, length 0 ^C 2543 packets captured 2543 packets received by filter 0 packets dropped by kernel
在按Ctrl+C之前,这些字符串一直在动态刷新,速度越快说明网卡上的数据包越多。
需要关注的是第3列和第4列,如:“192.168.30.128.22 > 192.168.30.1.57338”,显示的信息为哪一个IP+端口号在连接另外的哪一个IP+端口号;
-c选项用来指定行数(一般配合-w选项来将内容保存到指定的文件夹中);
[root@yuioplvlinux-128 ~]# tcpdump -nn -i ens33 -c 20 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 02:28:36.683274 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 399117884:399118096, ack 3753834302, win 42480, length 212 02:28:36.684571 IP 192.168.30.1.57338 > 192.168.30.128.22: Flags [.], ack 212, win 64240, length 0 02:28:36.684703 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 212:408, ack 1, win 42480, length 196 02:28:36.685577 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 408:684, ack 1, win 42480, length 276 02:28:36.686221 IP 192.168.30.1.57338 > 192.168.30.128.22: Flags [.], ack 684, win 63768, length 0 02:28:36.686489 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 684:960, ack 1, win 42480, length 276 02:28:36.686848 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 960:1124, ack 1, win 42480, length 164 02:28:36.687264 IP 192.168.30.1.57338 > 192.168.30.128.22: Flags [.], ack 1124, win 63328, length 0 02:28:36.687517 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 1124:1400, ack 1, win 42480, length 276 02:28:36.687868 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 1400:1580, ack 1, win 42480, length 180 02:28:36.688471 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 1580:1760, ack 1, win 42480, length 180 02:28:36.688807 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 1760:1940, ack 1, win 42480, length 180 02:28:36.689339 IP 192.168.30.1.57338 > 192.168.30.128.22: Flags [.], ack 1940, win 64240, length 0 02:28:36.689580 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 1940:2216, ack 1, win 42480, length 276 02:28:36.690117 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 2216:2396, ack 1, win 42480, length 180 02:28:36.690461 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 2396:2576, ack 1, win 42480, length 180 02:28:36.690790 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 2576:2756, ack 1, win 42480, length 180 02:28:36.691282 IP 192.168.30.1.57338 > 192.168.30.128.22: Flags [.], ack 2756, win 63424, length 0 02:28:36.691518 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 2756:3032, ack 1, win 42480, length 276 02:28:36.691861 IP 192.168.30.128.22 > 192.168.30.1.57338: Flags [P.], seq 3032:3212, ack 1, win 42480, length 180 20 packets captured 21 packets received by filter 0 packets dropped by kernel
[root@yuioplvlinux-128 ~]# tcpdump -nn -i ens33 -c 20 -w 1.cap tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 20 packets captured 20 packets received by filter 0 packets dropped by kernel
使用cat命令查看1.cap文件时,显示乱码,这是因为抓包时是直接抓取的网卡里的通信数据,要想查看文件内容,使用如下命令:
[root@yuioplvlinux-128 ~]# tcpdump -r 1.cap reading from file 1.cap, link-type EN10MB (Ethernet) 02:29:45.108070 IP yuioplvlinux-128.ssh > gateway.57338: Flags [P.], seq 399122212:399122360, ack 3753835098, win 42480, length 148 02:29:45.108950 IP gateway.57338 > yuioplvlinux-128.ssh: Flags [.], ack 148, win 63284, length 0 02:29:46.714724 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:29:49.714627 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:29:52.717114 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:29:56.715816 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:29:59.716211 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:30:02.716411 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:30:06.716832 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:30:09.716949 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:30:12.717060 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:30:16.718594 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:30:19.719538 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:30:22.719814 IP6 fe80::c901:306b:7a7f:6505.65447 > ff02::c.ssdp: UDP, length 146 02:30:24.207700 IP gateway.57338 > yuioplvlinux-128.ssh: Flags [P.], seq 1:53, ack 148, win 63284, length 52 02:30:24.247321 IP yuioplvlinux-128.ssh > gateway.57338: Flags [.], ack 53, win 42480, length 0 02:30:25.954486 IP6 fe80::c901:306b:7a7f:6505 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 02:30:25.954535 IP gateway > igmp.mcast.net: igmp v3 report, 1 group record(s) 02:30:26.014364 IP6 fe80::c901:306b:7a7f:6505 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 02:30:26.014402 IP gateway > igmp.mcast.net: igmp v3 report, 1 group record(s)
tcpdump工具的一些常用命令还有:
tcpdump -nn -i ens33 port 22 #只抓取22端口的包
tcpdump -nn -i ens33 tcp and not port 22 #指定抓tcp的包,但是不要22端口的
5.2 wireshark工具
使用命令“yum inatall -y wireshark”安装wireshark工具;
wireshark工具最常用的命令为:“tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"”,用于web服务器,因为我本地没有配置,执行该命令没有内容。