10月24日任务linux
10.6 监控io性能ios
10.7 free命令centos
10.8 ps命令缓存
10.9 查看网络状态服务器
10.10 linux下抓包网络
磁盘io状态监控(sysstat包内)多线程
isstatdom
[root@centos7 ~]# iostat Linux 3.10.0-693.2.2.el7.x86_64 (centos7) ... _x86_64_ (2 CPU) avg-cpu: %user %nice %system %iowait %steal %idle 0.27 0.00 0.81 1.66 0.00 97.27 Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn sda 6.46 136.94 10.12 99168 7330 scd0 0.02 1.42 0.00 1028 0 [root@centos7 ~]# iostat 1 4 Linux 3.10.0-693.2.2.el7.x86_64 (centos7) ... _x86_64_ (2 CPU) avg-cpu: %user %nice %system %iowait %steal %idle 0.26 0.00 0.79 1.62 0.00 97.33 Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn sda 6.31 133.58 9.92 99176 7364 scd0 0.02 1.38 0.00 1028 0 avg-cpu: %user %nice %system %iowait %steal %idle 0.00 0.00 0.00 0.00 0.00 100.00 Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn sda 0.00 0.00 0.00 0 0 scd0 0.00 0.00 0.00 0 0 avg-cpu: %user %nice %system %iowait %steal %idle 0.00 0.00 0.50 0.00 0.00 99.50 [root@centos7 ~]# iostat -x Linux 3.10.0-693.2.2.el7.x86_64 (centos7) ... _x86_64_ (2 CPU) avg-cpu: %user %nice %system %iowait %steal %idle 0.26 0.00 0.77 1.59 0.00 97.38 Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util sda 0.01 0.06 5.48 0.71 130.95 9.72 45.48 0.10 16.63 13.73 39.25 6.17 3.82 scd0 0.00 0.00 0.02 0.00 1.36 0.00 114.22 0.00 73.44 73.44 0.00 63.17 0.15 -x参数比较重要,查看的重点指标是%util:表明io等待占比(读写时);数值大,磁盘io性能较差,可能须要更换磁盘 读写2列(r/s,w/s)不大,%util很大,可能磁盘有故障
iotop(yum install -y iotop)ssh
相似于top命令,iotop命令会动态显示系统当前的磁盘总的读写速率和各进程的读写状态以及io占比等信息。socket
说明:centos6上的free显示效果跟centos7略有
不加参数,默认是以KB为单位 [root@centos7 ~]# free total used free shared buff/cache available Mem: 999720 123384 587972 6840 288364 691412 Swap: 4194300 0 4194300 根据磁盘大小自动换算单位 [root@centos7 ~]# free -h total used free shared buff/cache available Mem: 976M 120M 573M 6.7M 281M 675M Swap: 4.0G 0B 4.0G 以Mb为单位显示 [root@centos7 ~]# free -m total used free shared buff/cache available Mem: 976 120 573 6 281 675 Swap: 4095 0 4095 使用Gb为单位显示 [root@centos7 ~]# free -g total used free shared buff/cache available Mem: 0 0 0 0 0 0 Swap: 3 0 3
总的磁盘大小total = used + free + buff/cache
查看剩余内存应该看available值
数据处理:数据(磁盘) --> 内存(cache) --> CPU
处理返回:CPU --> 内存(buffer) --> 数据(磁盘)
一次性显示当前系统进程 [root@localhost ~]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.4 128108 6708 ? Ss 19:27 0:02 /usr/lib/systemd/systemd --switched-root --system --deserialize 21 root 2 0.0 0.0 0 0 ? S 19:27 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S 19:27 0:00 [ksoftirqd/0] root 6 0.0 0.0 0 0 ? S 19:27 0:02 [kworker/u256:0] root 7 0.0 0.0 0 0 ? S 19:27 0:00 [migration/0] root 8 0.0 0.0 0 0 ? S 19:27 0:00 [rcu_bh] root 9 0.0 0.0 0 0 ? R 19:27 0:00 [rcu_sched] root 10 0.0 0.0 0 0 ? S 19:27 0:00 [watchdog/0] root 12 0.0 0.0 0 0 ? S< 19:27 0:00 [khelper] root 13 0.0 0.0 0 0 ? S 19:27 0:00 [kdevtmpfs] root 14 0.0 0.0 0 0 ? S< 19:27 0:00 [netns] root 15 0.0 0.0 0 0 ? S 19:27 0:00 [khungtaskd] root 16 0.0 0.0 0 0 ? S< 19:27 0:00 [writeback] root 17 0.0 0.0 0 0 ? S< 19:27 0:00 [kintegrityd] root 18 0.0 0.0 0 0 ? S< 19:27 0:00 [bioset] root 19 0.0 0.0 0 0 ? S< 19:27 0:00 [kblockd] root 20 0.0 0.0 0 0 ? S< 19:27 0:00 [md] root 26 0.0 0.0 0 0 ? S 19:27 0:00 [kswapd0] ...
STAT 表示进程运行状态
与aux选项相似,-elf选项也能够一次性显示系统进程,只是显示的内容有些不一样。 一种用法是找到进程pid,使用kill命令关闭。
[root@localhost ~]# ps -elf F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD 4 S root 1 0 0 80 0 - 32027 ep_pol 19:27 ? 00:00:02 /usr/lib/systemd/systemd --switched-root --system --dese 1 S root 2 0 0 80 0 - 0 kthrea 19:27 ? 00:00:00 [kthreadd] 1 S root 3 2 0 80 0 - 0 smpboo 19:27 ? 00:00:00 [ksoftirqd/0] 1 S root 6 2 0 80 0 - 0 worker 19:27 ? 00:00:02 [kworker/u256:0] 1 S root 7 2 0 -40 - - 0 smpboo 19:27 ? 00:00:00 [migration/0] 1 S root 8 2 0 80 0 - 0 rcu_gp 19:27 ? 00:00:00 [rcu_bh] 1 R root 9 2 0 80 0 - 0 - 19:27 ? 00:00:00 [rcu_sched] 5 S root 10 2 0 -40 - - 0 smpboo 19:27 ? 00:00:00 [watchdog/0] 1 S root 12 2 0 60 -20 - 0 rescue 19:27 ? 00:00:00 [khelper] 5 S root 13 2 0 80 0 - 0 devtmp 19:27 ? 00:00:00 [kdevtmpfs] 1 S root 14 2 0 60 -20 - 0 rescue 19:27 ? 00:00:00 [netns] 1 S root 15 2 0 80 0 - 0 watchd 19:27 ? 00:00:00 [khungtaskd] ...
能够查看监听的端口,包含端口和socket文件信息 [root@centos7 ~]# netstat -lnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 889/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 978/master tcp6 0 0 :::22 :::* LISTEN 889/sshd tcp6 0 0 ::1:25 :::* LISTEN 978/master udp 0 0 127.0.0.1:323 0.0.0.0:* 549/chronyd udp6 0 0 ::1:323 :::* 549/chronyd raw6 0 0 :::58 :::* 7 584/NetworkManager Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 19087 978/master public/pickup unix 2 [ ACC ] STREAM LISTENING 1580 1/systemd /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 15152 1/systemd /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 15926 529/VGAuthService /var/run/vmware/guestServicePipe ...
只查看系统的tcp/udp链接端口信息;-t tcp/-u udp;加上-t/-u后将再也不显示socket文件信息 [root@centos7 ~]# netstat -tulnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 889/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 978/master tcp6 0 0 :::22 :::* LISTEN 889/sshd tcp6 0 0 ::1:25 :::* LISTEN 978/master udp 0 0 127.0.0.1:323 0.0.0.0:* 549/chronyd udp6 0 0 ::1:323 :::* 549/chronyd
还有一个参数方法 -an 查看系统的网络链接情况 [root@centos7 ~]# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 52 192.168.65.130:22 192.168.65.1:49891 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN udp 0 0 127.0.0.1:323 0.0.0.0:* udp6 0 0 ::1:323 :::* raw6 0 0 :::58 :::* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 11009 /run/systemd/shutdownd unix 2 [ ACC ] STREAM LISTENING 19087 public/pickup unix 2 [ ] DGRAM 1566 /run/systemd/notify unix 2 [ ] DGRAM 1568 /run/systemd/cgroups-agent unix 2 [ ACC ] STREAM LISTENING 1580 /run/systemd/journal/stdout ...
小技巧:使用awk命令汇总netstat -an 中的各链接状态
[root@centos7 ~]# netstat -an | awk '/^tcp/ {++sta[$NF]} END {for (key in sta) print key,"\t",sta[key]}' LISTEN 4 ESTABLISHED 1
有个与netstat相似的命令:ss -an
安装:yum install -y tcpdump
用法:tcpdump
-nn
使用ip、端口代替主机名、服务显示 localhost.localdomain.ssh --> 192.168.65.133.22
-i
网卡名[not] port
端口号host
IP-c
抓包数量-w
*.cap (将数据保存到文件,文件格式为tcpdump抓包文件)这个文件是真实网络上传输的数据包,没法使用cat查看内容![root@centos7 ~]# tcpdump -n -i ens33 -c 100 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 22:23:48.015504 IP 192.168.65.130.ssh > 192.168.65.1.49891: Flags [P.], seq 714412558:714412770, ack 3922939984, win 318, length 212 22:23:48.015802 IP 192.168.65.130.ssh > 192.168.65.1.49891: Flags [P.], seq 212:408, ack 1, win 318, length 196 ... 22:23:48.031997 IP 192.168.65.130.ssh > 192.168.65.1.49891: Flags [P.], seq 16784:16964, ack 1, win 318, length 180 22:23:48.032137 IP 192.168.65.130.ssh > 192.168.65.1.49891: Flags [P.], seq 16964:17144, ack 1, win 318, length 180 100 packets captured 100 packets received by filter 0 packets dropped by kernel
[root@localhost ~]# tcpdump -nn -i ens33 -c 5 port 22 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 21:32:57.500685 IP 192.168.65.133.22 > 192.168.65.1.50775: Flags [P.], seq 3945596256:3945596468, ack 661489939, win 251, length 212 21:32:57.501660 IP 192.168.65.1.50775 > 192.168.65.133.22: Flags [.], ack 212, win 256, length 0 21:32:57.502907 IP 192.168.65.133.22 > 192.168.65.1.50775: Flags [P.], seq 212:504, ack 1, win 251, length 292 21:32:57.504053 IP 192.168.65.133.22 > 192.168.65.1.50775: Flags [P.], seq 504:668, ack 1, win 251, length 164 21:32:57.505222 IP 192.168.65.133.22 > 192.168.65.1.50775: Flags [P.], seq 668:832, ack 1, win 251, length 164 5 packets captured 6 packets received by filter 0 packets dropped by kernel
# 保存的文件没法直接查看 [root@centos7 ~]# tcpdump -n -i ens33 -c 5 -w ./test.cap tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 5 packets captured 5 packets received by filter 0 packets dropped by kernel
[root@centos7 ~]# tcpdump -r test.cap reading from file test.cap, link-type EN10MB (Ethernet) 22:25:52.971050 IP centos7.ssh > 192.168.65.1.49891: Flags [P.], seq 714434958:714435106, ack 3922943564, win 318, length 148 22:25:52.971518 IP 192.168.65.1.49891 > centos7.ssh: Flags [.], ack 148, win 254, length 0 22:25:54.100199 ARP, Request who-has gateway tell 192.168.65.1, length 46 22:25:54.872750 ARP, Request who-has gateway tell 192.168.65.1, length 46 22:25:55.874164 ARP, Request who-has gateway tell 192.168.65.1, length 46
可使用tcpdump -r *.cap 来查看抓取的包文件
安装: yum install -y wireshark
实用命令:
tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"
简单的来讲TCP的三次握手创建链接的过程:
J
;K
,ACK位为J+1
;k+1
。一样的TCP的四次挥手断开链接的过程:
至此一个双向的断开链接请求发送接收完毕,链接断开。