Linux系统状态查看命令2
10月24日任务linux
10.6 监控io性能ios
10.7 free命令centos
10.8 ps命令缓存
10.9 查看网络状态服务器
10.10 linux下抓包网络
监控io性能
磁盘io状态监控(sysstat包内)多线程
isstatdom
[root@centos7 ~]# iostat
Linux 3.10.0-693.2.2.el7.x86_64 (centos7) ... _x86_64_ (2 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.27 0.00 0.81 1.66 0.00 97.27
Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
sda 6.46 136.94 10.12 99168 7330
scd0 0.02 1.42 0.00 1028 0
[root@centos7 ~]# iostat 1 4
Linux 3.10.0-693.2.2.el7.x86_64 (centos7) ... _x86_64_ (2 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.26 0.00 0.79 1.62 0.00 97.33
Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
sda 6.31 133.58 9.92 99176 7364
scd0 0.02 1.38 0.00 1028 0
avg-cpu: %user %nice %system %iowait %steal %idle
0.00 0.00 0.00 0.00 0.00 100.00
Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
sda 0.00 0.00 0.00 0 0
scd0 0.00 0.00 0.00 0 0
avg-cpu: %user %nice %system %iowait %steal %idle
0.00 0.00 0.50 0.00 0.00 99.50
[root@centos7 ~]# iostat -x
Linux 3.10.0-693.2.2.el7.x86_64 (centos7) ... _x86_64_ (2 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.26 0.00 0.77 1.59 0.00 97.38
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.01 0.06 5.48 0.71 130.95 9.72 45.48 0.10 16.63 13.73 39.25 6.17 3.82
scd0 0.00 0.00 0.02 0.00 1.36 0.00 114.22 0.00 73.44 73.44 0.00 63.17 0.15
-x参数比较重要,查看的重点指标是%util:表明io等待占比(读写时);数值大,磁盘io性能较差,可能须要更换磁盘
读写2列(r/s,w/s)不大,%util很大,可能磁盘有故障
iotop(yum install -y iotop)ssh
相似于top命令,iotop命令会动态显示系统当前的磁盘总的读写速率和各进程的读写状态以及io占比等信息。socket
内存使用状况查看:free
说明:centos6上的free显示效果跟centos7略有
不加参数,默认是以KB为单位
[root@centos7 ~]# free
total used free shared buff/cache available
Mem: 999720 123384 587972 6840 288364 691412
Swap: 4194300 0 4194300
根据磁盘大小自动换算单位
[root@centos7 ~]# free -h
total used free shared buff/cache available
Mem: 976M 120M 573M 6.7M 281M 675M
Swap: 4.0G 0B 4.0G
以Mb为单位显示
[root@centos7 ~]# free -m
total used free shared buff/cache available
Mem: 976 120 573 6 281 675
Swap: 4095 0 4095
使用Gb为单位显示
[root@centos7 ~]# free -g
total used free shared buff/cache available
Mem: 0 0 0 0 0 0
Swap: 3 0 3
总的磁盘大小total = used + free + buff/cache
- used 已经使用的内存大小
- free 剩余未使用的内存大小
- buff/cache 缓冲/缓存
- available = free + buff/cache
查看剩余内存应该看available值
数据处理:数据(磁盘) --> 内存(cache) --> CPU
处理返回:CPU --> 内存(buffer) --> 数据(磁盘)
系统进程状态查看: ps
一次性显示当前系统进程 [root@localhost ~]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.4 128108 6708 ? Ss 19:27 0:02 /usr/lib/systemd/systemd --switched-root --system --deserialize 21 root 2 0.0 0.0 0 0 ? S 19:27 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S 19:27 0:00 [ksoftirqd/0] root 6 0.0 0.0 0 0 ? S 19:27 0:02 [kworker/u256:0] root 7 0.0 0.0 0 0 ? S 19:27 0:00 [migration/0] root 8 0.0 0.0 0 0 ? S 19:27 0:00 [rcu_bh] root 9 0.0 0.0 0 0 ? R 19:27 0:00 [rcu_sched] root 10 0.0 0.0 0 0 ? S 19:27 0:00 [watchdog/0] root 12 0.0 0.0 0 0 ? S< 19:27 0:00 [khelper] root 13 0.0 0.0 0 0 ? S 19:27 0:00 [kdevtmpfs] root 14 0.0 0.0 0 0 ? S< 19:27 0:00 [netns] root 15 0.0 0.0 0 0 ? S 19:27 0:00 [khungtaskd] root 16 0.0 0.0 0 0 ? S< 19:27 0:00 [writeback] root 17 0.0 0.0 0 0 ? S< 19:27 0:00 [kintegrityd] root 18 0.0 0.0 0 0 ? S< 19:27 0:00 [bioset] root 19 0.0 0.0 0 0 ? S< 19:27 0:00 [kblockd] root 20 0.0 0.0 0 0 ? S< 19:27 0:00 [md] root 26 0.0 0.0 0 0 ? S 19:27 0:00 [kswapd0] ...
- 第一列:运行的用户USER
- 第二列:进程ID
- 第三列:占CPU资源百分比
- 第四列:占内存的百分比
- 第八列:进程状态STAT
- 第九列:进程启动的时间
- 第十列:运行的命令
STAT 表示进程运行状态
- D 不能中断的进程
- R 运行状态的进程
- S 休眠状态的进程
- T 暂停的进程(好比执行了ctrl + Z命令)
- Z 僵尸进程(看到尽可能关闭)
- < 高优先级的进程
- N 低优先级的进程
- L 内存中被锁了内存分页
- s 主进程(Ss)
- l 多线程进程(Sl)
- + 前台进程(S+)
与aux选项相似,-elf选项也能够一次性显示系统进程,只是显示的内容有些不一样。 一种用法是找到进程pid,使用kill命令关闭。
[root@localhost ~]# ps -elf F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD 4 S root 1 0 0 80 0 - 32027 ep_pol 19:27 ? 00:00:02 /usr/lib/systemd/systemd --switched-root --system --dese 1 S root 2 0 0 80 0 - 0 kthrea 19:27 ? 00:00:00 [kthreadd] 1 S root 3 2 0 80 0 - 0 smpboo 19:27 ? 00:00:00 [ksoftirqd/0] 1 S root 6 2 0 80 0 - 0 worker 19:27 ? 00:00:02 [kworker/u256:0] 1 S root 7 2 0 -40 - - 0 smpboo 19:27 ? 00:00:00 [migration/0] 1 S root 8 2 0 80 0 - 0 rcu_gp 19:27 ? 00:00:00 [rcu_bh] 1 R root 9 2 0 80 0 - 0 - 19:27 ? 00:00:00 [rcu_sched] 5 S root 10 2 0 -40 - - 0 smpboo 19:27 ? 00:00:00 [watchdog/0] 1 S root 12 2 0 60 -20 - 0 rescue 19:27 ? 00:00:00 [khelper] 5 S root 13 2 0 80 0 - 0 devtmp 19:27 ? 00:00:00 [kdevtmpfs] 1 S root 14 2 0 60 -20 - 0 rescue 19:27 ? 00:00:00 [netns] 1 S root 15 2 0 80 0 - 0 watchd 19:27 ? 00:00:00 [khungtaskd] ...
查看网络状态:netstat
- -lnp选项
能够查看监听的端口,包含端口和socket文件信息 [root@centos7 ~]# netstat -lnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 889/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 978/master tcp6 0 0 :::22 :::* LISTEN 889/sshd tcp6 0 0 ::1:25 :::* LISTEN 978/master udp 0 0 127.0.0.1:323 0.0.0.0:* 549/chronyd udp6 0 0 ::1:323 :::* 549/chronyd raw6 0 0 :::58 :::* 7 584/NetworkManager Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 19087 978/master public/pickup unix 2 [ ACC ] STREAM LISTENING 1580 1/systemd /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 15152 1/systemd /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 15926 529/VGAuthService /var/run/vmware/guestServicePipe ...
- -t / -u选项
只查看系统的tcp/udp链接端口信息;-t tcp/-u udp;加上-t/-u后将再也不显示socket文件信息 [root@centos7 ~]# netstat -tulnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 889/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 978/master tcp6 0 0 :::22 :::* LISTEN 889/sshd tcp6 0 0 ::1:25 :::* LISTEN 978/master udp 0 0 127.0.0.1:323 0.0.0.0:* 549/chronyd udp6 0 0 ::1:323 :::* 549/chronyd
- -an选项:查看全部的链接状态
还有一个参数方法 -an 查看系统的网络链接情况 [root@centos7 ~]# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 52 192.168.65.130:22 192.168.65.1:49891 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN udp 0 0 127.0.0.1:323 0.0.0.0:* udp6 0 0 ::1:323 :::* raw6 0 0 :::58 :::* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 11009 /run/systemd/shutdownd unix 2 [ ACC ] STREAM LISTENING 19087 public/pickup unix 2 [ ] DGRAM 1566 /run/systemd/notify unix 2 [ ] DGRAM 1568 /run/systemd/cgroups-agent unix 2 [ ACC ] STREAM LISTENING 1580 /run/systemd/journal/stdout ...
小技巧:使用awk命令汇总netstat -an 中的各链接状态
[root@centos7 ~]# netstat -an | awk '/^tcp/ {++sta[$NF]} END {for (key in sta) print key,"\t",sta[key]}'
LISTEN 4
ESTABLISHED 1
有个与netstat相似的命令:ss -an
linux下抓包:tcpdump
安装:yum install -y tcpdump
用法:tcpdump
-nn使用ip、端口代替主机名、服务显示localhost.localdomain.ssh --> 192.168.65.133.22-i网卡名[not] port端口号hostIP-c抓包数量-w*.cap (将数据保存到文件,文件格式为tcpdump抓包文件)这个文件是真实网络上传输的数据包,没法使用cat查看内容!
- 基本使用
[root@centos7 ~]# tcpdump -n -i ens33 -c 100 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 22:23:48.015504 IP 192.168.65.130.ssh > 192.168.65.1.49891: Flags [P.], seq 714412558:714412770, ack 3922939984, win 318, length 212 22:23:48.015802 IP 192.168.65.130.ssh > 192.168.65.1.49891: Flags [P.], seq 212:408, ack 1, win 318, length 196 ... 22:23:48.031997 IP 192.168.65.130.ssh > 192.168.65.1.49891: Flags [P.], seq 16784:16964, ack 1, win 318, length 180 22:23:48.032137 IP 192.168.65.130.ssh > 192.168.65.1.49891: Flags [P.], seq 16964:17144, ack 1, win 318, length 180 100 packets captured 100 packets received by filter 0 packets dropped by kernel
- port指定抓取特定端口的包
[root@localhost ~]# tcpdump -nn -i ens33 -c 5 port 22 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 21:32:57.500685 IP 192.168.65.133.22 > 192.168.65.1.50775: Flags [P.], seq 3945596256:3945596468, ack 661489939, win 251, length 212 21:32:57.501660 IP 192.168.65.1.50775 > 192.168.65.133.22: Flags [.], ack 212, win 256, length 0 21:32:57.502907 IP 192.168.65.133.22 > 192.168.65.1.50775: Flags [P.], seq 212:504, ack 1, win 251, length 292 21:32:57.504053 IP 192.168.65.133.22 > 192.168.65.1.50775: Flags [P.], seq 504:668, ack 1, win 251, length 164 21:32:57.505222 IP 192.168.65.133.22 > 192.168.65.1.50775: Flags [P.], seq 668:832, ack 1, win 251, length 164 5 packets captured 6 packets received by filter 0 packets dropped by kernel
- -w 参数将抓包存入指定文件
# 保存的文件没法直接查看 [root@centos7 ~]# tcpdump -n -i ens33 -c 5 -w ./test.cap tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 5 packets captured 5 packets received by filter 0 packets dropped by kernel
- 读取保存的抓包文件
[root@centos7 ~]# tcpdump -r test.cap reading from file test.cap, link-type EN10MB (Ethernet) 22:25:52.971050 IP centos7.ssh > 192.168.65.1.49891: Flags [P.], seq 714434958:714435106, ack 3922943564, win 318, length 148 22:25:52.971518 IP 192.168.65.1.49891 > centos7.ssh: Flags [.], ack 148, win 254, length 0 22:25:54.100199 ARP, Request who-has gateway tell 192.168.65.1, length 46 22:25:54.872750 ARP, Request who-has gateway tell 192.168.65.1, length 46 22:25:55.874164 ARP, Request who-has gateway tell 192.168.65.1, length 46
可使用tcpdump -r *.cap 来查看抓取的包文件
tshark
安装: yum install -y wireshark
实用命令:
tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"
简单的来讲TCP的三次握手创建链接的过程:
- 客户端发送一个数据包给服务器,其中包含一个SYN位,其值为
J; - 服务器端接收到这个包,解包后发送一个确认数据包给客户端,其中的SYN位为
K,ACK位为J+1; - 客户端查看返回的包,知道服务器赞成创建链接(ACK)后发送确认数据包,ACK位为
k+1。
一样的TCP的四次挥手断开链接的过程:
- 客户端须要断开链接,因此发送一个包含FIN位的数据包给服务器,FIN值为M;
- 服务器接收到这个包,知道客户端想要断开链接,因此发送一个确认数据包,包含ACK位,其值为M+1;
- 同时服务器端也须要发送一个数据包,包含FIN位,去告诉客户端断开链接,其值为N;
- 客户端接收到包含FIN位的数据包后,就发送确认数据包返回给服务器,其内ACK值设为N+1(代表收到上个断开请求包)。
至此一个双向的断开链接请求发送接收完毕,链接断开。