首页 > Web开发 > 详细

查看磁盘io、内存free、系统进程ps、网络状态netstat、Linux抓包tcpdump

时间:2018-01-23 20:12:09      阅读:322      评论:0      收藏:0      [点我收藏+]
查看磁盘io性能状态

iostat -x

查看磁盘使用(安装包与sar的安装包一起)
主要查看%util

[root@shu-test ~]# iostat -x
Linux 3.10.0-693.el7.x86_64 (shu-test)     2018年01月23日     _x86_64_    (1 CPU)
avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           0.13    0.00    0.44    0.15    0.00   99.28
Device:         rrqm/s   wrqm/s     r/s     w/s    rkB/s    wkB/s avgrq-sz avgqu-sz   await r_await w_await  svctm  %util
sda               0.00     0.12    7.63    2.61   110.65    11.27    23.83     0.01    0.97    0.89    1.18   0.37   0.38
sdb               0.00     0.00    0.10    0.00     2.28     0.00    45.16     0.00    0.35    0.35    0.00   0.35   0.00
scd0              0.00     0.00    0.02    0.00     1.11     0.00   114.22     0.00    2.39    2.39    0.00   2.17   0.00
[root@shu-test ~]#

iotop

当发现io很忙,可以使用iotop查询是哪个进程使用io大;

安装包


yum install -y iotop

查看磁盘io使用进程;

[root@shu-test ~]# iotop
Total DISK READ :    0.00 B/s | Total DISK WRITE :       0.00 B/s
Actual DISK READ:    0.00 B/s | Actual DISK WRITE:       0.00 B/s
  TID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND                                             
    1 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % systemd --switched-root --system --deserialize 21
    2 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kthreadd]
    3 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [ksoftirqd/0]
    5 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kworker/0:0H]
    7 rt/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [migration/0]
    8 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [rcu_bh]
    9 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [rcu_sched]
   10 rt/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [watchdog/0]
   12 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kdevtmpfs]
   13 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [netns]
   14 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [khungtaskd]
   15 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [writeback]
   16 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kintegrityd]
   17 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [bioset]
   18 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kblockd]
   19 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [md]
  533 be/4 dbus        0.00 B/s    0.00 B/s  0.00 %  0.00 % dbus-daemon --system --addr~idfile --systemd-activation
   25 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kswapd0]
   26 be/5 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [ksmd]
   27 be/7 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [khugepaged]
   28 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [crypto]

free命令

查看内存使用情况

[root@shu-test ~]# free
              total        used        free      shared  buff/cache   available
Mem:        1008152      122192      636236        6864      249724      711676
Swap:       2097148           0     2097148
[root@shu-test ~]#

Mem:内存使用情况
Swap:交换分区使用情况
total:总大小;
used:使用中;
free:剩余数量;
shared:共享中的;
buff/cache:缓存;
available:可获得的;

公式:
total=used+free+cache
avaliable包含free和buffer/cache剩余部分

用单位表示数据显示;
free -h

[root@shu-test ~]# free -h
              total        used        free      shared  buff/cache   available
Mem:           984M        119M        621M        6.7M        243M        695M
Swap:          2.0G          0B        2.0G
[root@shu-test ~]#

ps命令

查看系统进程(特重要)

ps aux

将系统是由进程静态的列出(top为动态)

[root@shu-test ~]# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.6 128164  6820 ?        Ss   16:10   0:01 /usr/lib/systemd/systemd --switched-root --system
root         2  0.0  0.0      0     0 ?        S    16:10   0:00 [kthreadd]
root         3  0.0  0.0      0     0 ?        S    16:10   0:00 [ksoftirqd/0]
root         5  0.0  0.0      0     0 ?        S<   16:10   0:00 [kworker/0:0H]
root         7  0.0  0.0      0     0 ?        S    16:10   0:00 [migration/0]
root         8  0.0  0.0      0     0 ?        S    16:10   0:00 [rcu_bh]
root         9  0.0  0.0      0     0 ?        R    16:10   0:00 [rcu_sched]
root        10  0.0  0.0      0     0 ?        S    16:10   0:00 [watchdog/0]
root        12  0.0  0.0      0     0 ?        S    16:10   0:00 [kdevtmpfs]
root        13  0.0  0.0      0     0 ?        S<   16:10   0:00 [netns]
root        14  0.0  0.0      0     0 ?        S    16:10   0:00 [khungtaskd]
root        15  0.0  0.0      0     0 ?        S<   16:10   0:00 [writeback]
root        16  0.0  0.0      0     0 ?        S<   16:10   0:00 [kintegrityd]
root        17  0.0  0.0      0     0 ?        S<   16:10   0:00 [bioset]
root        18  0.0  0.0      0     0 ?        S<   16:10   0:00 [kblockd]
root        19  0.0  0.0      0     0 ?        S<   16:10   0:00 [md]
root        25  0.0  0.0      0     0 ?        S    16:10   0:00 [kswapd0]
root        26  0.0  0.0      0     0 ?        SN   16:10   0:00 [ksmd]
root        27  0.0  0.0      0     0 ?        SN   16:10   0:00 [khugepaged]
root        28  0.0  0.0      0     0 ?        S<   16:10   0:00 [crypto]
root        36  0.0  0.0      0     0 ?        S<   16:10   0:00 [kthrotld]
root        37  0.0  0.0      0     0 ?        S    16:10   0:00 [kworker/u128:1]
root        38  0.0  0.0      0     0 ?        S<   16:10   0:00 [kmpath_rdacd]
root        39  0.0  0.0      0     0 ?        S<   16:10   0:00 [kpsmoused]
root        41  0.0  0.0      0     0 ?        S<   16:10   0:00 [ipv6_addrconf]
root        60  0.0  0.0      0     0 ?        S<   16:10   0:00 [deferwq]
root        92  0.0  0.0      0     0 ?        S    16:10   0:00 [kauditd]
root       229  0.0  0.0      0     0 ?        S<   16:10   0:00 [mpt_poll_0]
root       231  0.0  0.0      0     0 ?        S<   16:10   0:00 [mpt/0]
root       233  0.0  0.0      0     0 ?        S<   16:10   0:00 [ata_sff]
root       241  0.0  0.0      0     0 ?        S    16:10   0:00 [scsi_eh_0]
root       242  0.0  0.0      0     0 ?        S<   16:10   0:00 [scsi_tmf_0]
root       243  0.0  0.0      0     0 ?        S    16:10   0:00 [scsi_eh_1]
root       246  0.0  0.0      0     0 ?        S<   16:10   0:00 [scsi_tmf_1]
root       249  0.0  0.0      0     0 ?        S    16:10   0:00 [scsi_eh_2]
root       251  0.0  0.0      0     0 ?        S<   16:10   0:00 [scsi_tmf_2]
root       252  0.0  0.0      0     0 ?        S    16:10   0:00 [kworker/u128:2]
root       255  0.0  0.0      0     0 ?        S<   16:10   0:00 [ttm_swap]
root       276  0.0  0.0      0     0 ?        S<   16:10   0:00 [bioset]
root       277  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfsalloc]
root       278  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs_mru_cache]
root       279  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-buf/sda3]
root       280  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-data/sda3]
root       281  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-conv/sda3]
root       282  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-cil/sda3]
root       283  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-reclaim/sda]
root       284  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-log/sda3]
root       285  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-eofblocks/s]
root       286  0.0  0.0      0     0 ?        S    16:10   0:00 [xfsaild/sda3]
root       353  0.0  0.2  34940  2788 ?        Ss   16:10   0:00 /usr/lib/systemd/systemd-journald
root       372  0.0  0.4 121356  4084 ?        Ss   16:10   0:00 /usr/sbin/lvmetad -f
root       374  0.0  0.5  47696  5736 ?        Ss   16:10   0:00 /usr/lib/systemd/systemd-udevd
root       417  0.0  0.0      0     0 ?        S<   16:10   0:00 [kworker/0:1H]
root       439  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-buf/sda1]
root       441  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-data/sda1]
root       442  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-conv/sda1]
root       444  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-cil/sda1]
root       446  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-reclaim/sda]
root       448  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-log/sda1]
root       450  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-eofblocks/s]
root       452  0.0  0.0      0     0 ?        S    16:10   0:00 [xfsaild/sda1]
root       500  0.0  0.0  55452   900 ?        S<sl 16:10   0:00 /sbin/auditd
root       524  0.0  0.1  24204  1668 ?        Ss   16:10   0:00 /usr/lib/systemd/systemd-logind
polkitd    527  0.0  1.3 534888 13884 ?        Ssl  16:10   0:00 /usr/lib/polkit-1/polkitd --no-debug
root       529  0.0  0.6  99608  6100 ?        Ss   16:10   0:00 /usr/bin/VGAuthService -s
root       531  0.0  0.4 214500  4720 ?        Ssl  16:10   0:00 /usr/sbin/rsyslogd -n
dbus       533  0.0  0.1  32776  1860 ?        Ssl  16:10   0:00 /bin/dbus-daemon --system --address=systemd: --nof
root       549  0.1  0.6 305368  6324 ?        Ssl  16:10   0:04 /usr/bin/vmtoolsd
root       554  0.0  0.1 126236  1676 ?        Ss   16:10   0:00 /usr/sbin/crond -n
root       556  0.0  0.0 110044   828 tty1     Ss+  16:10   0:00 /sbin/agetty --noclear tty1 linux
chrony     559  0.0  0.1 115640  1780 ?        S    16:10   0:00 /usr/sbin/chronyd
root       569  0.0  2.8 334236 28996 ?        Ssl  16:10   0:00 /usr/bin/python -Es /usr/sbin/firewalld --nofork -
root       584  0.0  0.8 472132  9016 ?        Ssl  16:10   0:00 /usr/sbin/NetworkManager --no-daemon
root       886  0.0  1.8 562392 18644 ?        Ssl  16:10   0:00 /usr/bin/python -Es /usr/sbin/tuned -l -P
root       887  0.0  0.4 105996  4072 ?        Ss   16:10   0:00 /usr/sbin/sshd -D
root       988  0.0  0.2  89544  2092 ?        Ss   16:10   0:00 /usr/libexec/postfix/master -w
postfix    989  0.0  0.3  89648  4004 ?        S    16:10   0:00 pickup -l -t unix -u
postfix    990  0.0  0.3  89716  4024 ?        S    16:10   0:00 qmgr -l -t unix -u
root       998  0.0  0.5 145700  5212 ?        Ss   16:10   0:00 sshd: root@pts/0
root      1001  0.0  0.2 116156  2984 pts/0    Ss   16:10   0:00 -bash
root      1071  0.0  0.0      0     0 ?        R    16:41   0:01 [kworker/0:0]
root      1100  0.0  0.0 123208   780 ?        Ss   17:01   0:00 /usr/sbin/anacron -s
root      1103  0.0  0.0      0     0 ?        S    17:01   0:00 [kworker/0:2]
root      1104  0.0  0.0      0     0 ?        S    17:06   0:00 [kworker/0:1]
root      1111  0.0  0.0      0     0 ?        S    17:11   0:00 [kworker/0:3]
root      1123  0.0  0.1 151064  1820 pts/0    R+   17:14   0:00 ps aux
[root@shu-test ~]#

USER:所属用户;
PID:进程的标签,配合kill杀死进程;

STAT部分详解:
D:不能中断的进程;
R:run状态的进程;
S:sleep状态的进程;
T:暂停的进程;
Z:僵尸进程;
<:高优先级进程;
N:低优先级进程;
L:内存中被锁了的内存分页;
s:主进程;
l:多线程进程;
+:前台进程;

查询进程

ps aux | grep 进程名
查询当前进程是否存在或运行;

[root@shu-test ~]# ps aux | grep nginx
root      1141  0.0  0.0 112676   984 pts/0    S+   17:30   0:00 grep --color=auto nginx
[root@shu-test ~]#

netstat

查看网络状态

netstat -lnp

查看监听的端口

[root@shu-test ~]# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      887/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      988/master          
tcp6       0      0 :::22                   :::*                    LISTEN      887/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      988/master          
udp        0      0 127.0.0.1:323           0.0.0.0:*                           559/chronyd         
udp6       0      0 ::1:323                 :::*                                559/chronyd         
raw6       0      0 :::58                   :::*                    7           584/NetworkManager  
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     18543    988/master           public/flush
unix  2      [ ACC ]     STREAM     LISTENING     18558    988/master           public/showq
unix  2      [ ACC ]     STREAM     LISTENING     18514    988/master           public/pickup
unix  2      [ ACC ]     STREAM     LISTENING     18518    988/master           public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     18521    988/master           public/qmgr
unix  2      [ ACC ]     STREAM     LISTENING     12104    1/systemd            /run/lvm/lvmpolld.socket
unix  2      [ ACC ]     STREAM     LISTENING     15692    529/VGAuthService    /var/run/vmware/guestServicePipe
unix  2      [ ACC ]     STREAM     LISTENING     12121    1/systemd            /run/lvm/lvmetad.socket
unix  2      [ ACC ]     STREAM     LISTENING     11881    1/systemd            /run/systemd/private
unix  2      [ ACC ]     SEQPACKET  LISTENING     12139    1/systemd            /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     14473    1/systemd            /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     18525    988/master           private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     18528    988/master           private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     18531    988/master           private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     18534    988/master           private/defer
unix  2      [ ACC ]     STREAM     LISTENING     18537    988/master           private/trace
unix  2      [ ACC ]     STREAM     LISTENING     18540    988/master           private/verify
unix  2      [ ACC ]     STREAM     LISTENING     18546    988/master           private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     18549    988/master           private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     18552    988/master           private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     18555    988/master           private/relay
unix  2      [ ACC ]     STREAM     LISTENING     18561    988/master           private/error
unix  2      [ ACC ]     STREAM     LISTENING     18564    988/master           private/retry
unix  2      [ ACC ]     STREAM     LISTENING     18567    988/master           private/discard
unix  2      [ ACC ]     STREAM     LISTENING     18570    988/master           private/local
unix  2      [ ACC ]     STREAM     LISTENING     18573    988/master           private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     18576    988/master           private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     18579    988/master           private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     18582    988/master           private/scache
unix  2      [ ACC ]     STREAM     LISTENING     7659     1/systemd            /run/systemd/journal/stdout
[root@shu-test ~]#

netstat -an

查看所有的连接状态

netstat -lntp

只查看tcp的端口监听(不包含socket)

[root@shu-test ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      887/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      988/master          
tcp6       0      0 :::22                   :::*                    LISTEN      887/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      988/master          
[root@shu-test ~]#

netstat -lnup

只查看udp的端口监听(不包含socket)

[root@shu-test ~]# netstat -lnup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
udp        0      0 127.0.0.1:323           0.0.0.0:*                           559/chronyd         
udp6       0      0 ::1:323                 :::*                                559/chronyd         
[root@shu-test ~]#

统计命令

统计netstat下的所有状态的数据;
netstat -an | awk ‘/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}‘

[root@shu-test ~]# netstat -an | awk ‘/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}‘
LISTEN      4
ESTABLISHED      1
[root@shu-test ~]#

Linux抓包工具

tcpdump工具

安装包


yum install -y tcpdump

指定网卡抓包

格式:
tcpdump -nn -i 网卡名
tcpdump -nn -i ens33
指定抓取网卡名为ens33的包

18:15:44.680680 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110393004, win 11469, length 0
18:15:44.680691 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393004:110393184, ack 16121, win 294, length 180
18:15:44.680773 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393184:110393476, ack 16121, win 294, length 292
18:15:44.680862 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110393476, win 11351, length 0
18:15:44.680872 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393476:110393656, ack 16121, win 294, length 180
18:15:44.680953 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393656:110393948, ack 16121, win 294, length 292
18:15:44.681036 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110393948, win 11233, length 0
18:15:44.681046 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393948:110394128, ack 16121, win 294, length 180
18:15:44.681126 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110394128:110394420, ack 16121, win 294, length 292
18:15:44.681200 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110394420, win 11115, length 0
18:15:44.681210 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110394420:110394600, ack 16121, win 294, length 180
^C
672976 packets captured
672978 packets received by filter
0 packets dropped by kernel
[root@shu-test ~]#

其中主要看
192.168.188.1.63319 > 192.168.188.2.22
这一列,前面ip表示ip源与端口,后面ip表示目的ip与端口

指定端口

格式:
tcpdump -nn -i [网卡名] port [端口号]
tcpdump -nn -i ens33 port 22
指定抓取网卡名为ens33 端口号为22的包

19:09:40.694055 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10288736:10288916, ack 1405, win 294, length 180
19:09:40.694109 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10288916:10289096, ack 1405, win 294, length 180
19:09:40.694163 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10289096:10289276, ack 1405, win 294, length 180
19:09:40.694216 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10289276:10289456, ack 1405, win 294, length 180
19:09:40.694274 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10289456:10289572, ack 1405, win 294, length 116
19:09:40.694396 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 10289456, win 9284, length 0
^C
60636 packets captured
60637 packets received by filter
0 packets dropped by kernel
[root@shu-test ~]#

其他命令

tcpdump -nn -i [网卡名] not port [端口号] and host 192.168.0.100
抓取指定网卡名,端口号xx以外的所有端口号,主机名为192.168.0.100的包

指定抓包个数

-c [数值]:
tcpdump -nn -i ens33 -c 100
指定抓取100个包;

19:17:40.694337 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 15628:15904, ack 1, win 294, length 276
19:17:40.694447 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 15904:16084, ack 1, win 294, length 180
100 packets captured
100 packets received by filter
0 packets dropped by kernel
[root@shu-test ~]#

指定抓包个数保存到文件

-w [文件路径]:
tcpdump -nn -i ens33 -c 10 -w ip.txt
指定抓取10个包保存到当前目录的ip.txt文件;

[root@shu-test abc]# tcpdump -nn -i ens33 -c 10 -w ip.txt
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10 packets captured
10 packets received by filter
0 packets dropped by kernel
[root@shu-test abc]#

查看抓取的数据包文件内容

无法cat抓取的数据包文件,只能使用tcpdump命令查看;
格式:
tcpdump -r ip.txt

[root@shu-test abc]# tcpdump -r ip.txt
reading from file ip.txt, link-type EN10MB (Ethernet)
19:22:13.562207 IP shu-test.ssh > 192.168.188.1.63319: Flags [P.], seq 1557505249:1557505397, ack 547063394, win 294, length 148
19:22:13.562796 IP 192.168.188.1.63319 > shu-test.ssh: Flags [.], ack 148, win 16375, length 0
19:22:15.250771 IP6 fe80::1bc:2163:4c7e:5a43.62981 > ff02::1:3.hostmon: UDP, length 22
19:22:15.250816 IP 192.168.188.1.60303 > 224.0.0.252.hostmon: UDP, length 22
19:22:15.451154 IP 192.168.188.1.netbios-ns > 192.168.188.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:22:15.989543 IP shu-test.ssh > 192.168.188.1.63319: Flags [.], seq 148:3068, ack 1, win 294, length 2920
19:22:15.989682 IP shu-test.ssh > 192.168.188.1.63319: Flags [P.], seq 3068:3944, ack 1, win 294, length 876
19:22:15.990097 IP 192.168.188.1.63319 > shu-test.ssh: Flags [.], ack 3944, win 16425, length 0
19:22:15.990418 IP 192.168.188.1.63319 > shu-test.ssh: Flags [P.], seq 1:53, ack 3944, win 16425, length 52
19:22:16.030573 IP shu-test.ssh > 192.168.188.1.63319: Flags [.], ack 53, win 294, length 0
[root@shu-test abc]#

tshark 抓包工具

安装包


yum install -y wireshark

查看当前http服务器访问的ip以及所访问的http链接


tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"

查看磁盘io、内存free、系统进程ps、网络状态netstat、Linux抓包tcpdump

原文:http://blog.51cto.com/shuzonglu/2064354

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!