七週二次課

時間 2019-12-06

標籤七週 7周二次简体版

原文原文鏈接

七週二次課linux

10.6 監控io性能 ios

10.7 free命令web

10.8 ps命令面試

10.9 查看網絡狀態數據庫

10.10 linux下抓包緩存

10.6 監控io性能 bash

在平常運維過程當中，除了CPU、內存外，磁盤的io也是很是重要的指標。有時候CPU、內存明明有剩餘，但系統就是負載很高，咱們用vmstat命令查看會發現b列或wa列比較大，那就說明系統磁盤有瓶頸。咱們會想更詳細的查看磁盤的狀態，咱們在安裝sysstat包時，就會安裝iostat命令，它和sar屬於同一個包。服務器

iostat的用法：網絡

[root@localhost ~]# iostat
Linux 3.10.0-693.el7.x86_64 (localhost.localdomain) 01/21/2018 _x86_64_ (2 CPU)session

avg-cpu: %user %nice %system %iowait %steal %idle
0.06 0.00 0.22 0.07 0.00 99.65

Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
scd0 0.00 0.04 0.00 1028 0
sda 0.77 16.62 2.34 443211 62322
sdb 0.00 0.08 0.00 2200 0

[root@localhost ~]#

也能夠加參數1，這個和vmstat很像。

[root@localhost ~]# iostat 1
Linux 3.10.0-693.el7.x86_64 (localhost.localdomain) 01/21/2018 _x86_64_ (2 CPU)

avg-cpu: %user %nice %system %iowait %steal %idle
0.06 0.00 0.22 0.07 0.00 99.65

Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
scd0 0.00 0.04 0.00 1028 0
sda 0.77 16.60 2.33 443219 62324
sdb 0.00 0.08 0.00 2200 0

avg-cpu: %user %nice %system %iowait %steal %idle
0.00 0.00 0.00 0.00 0.00 100.00

Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
scd0 0.00 0.00 0.00 0 0
sda 0.00 0.00 0.00 0 0
sdb 0.00 0.00 0.00 0 0

avg-cpu: %user %nice %system %iowait %steal %idle
0.00 0.00 0.50 0.00 0.00 99.50

Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
scd0 0.00 0.00 0.00 0 0
sda 0.00 0.00 0.00 0 0
sdb 0.00 0.00 0.00 0 0

^C
[root@localhost ~]#

這裏看不出特別的信息，用sar -b也能夠看得出來。

[root@localhost ~]# sar -b
Linux 3.10.0-693.el7.x86_64 (localhost.localdomain) 01/21/2018 _x86_64_ (2 CPU)

10:50:02 AM tps rtps wtps bread/s bwrtn/s
11:00:01 AM 0.50 0.00 0.50 0.00 14.12
11:10:01 AM 0.08 0.00 0.08 0.00 1.04
11:20:01 AM 0.04 0.00 0.04 0.00 0.52
11:30:01 AM 0.12 0.00 0.12 0.00 1.68
11:40:01 AM 0.96 0.00 0.96 0.00 66.18
11:50:01 AM 0.04 0.00 0.04 0.00 0.49
Average: 0.29 0.00 0.29 0.00 14.01
[root@localhost ~]#

要講的是iostat -x命令，這裏有一個很是重要的指標。

[root@localhost ~]# iostat -x 1

Linux 3.10.0-693.el7.x86_64 (localhost.localdomain) 01/21/2018 _x86_64_ (2 CPU)

avg-cpu: %user %nice %system %iowait %steal %idle
0.06 0.00 0.22 0.07 0.00 99.65

Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util
scd0 0.00 0.00 0.00 0.00 0.04 0.00 114.22 0.00 5.11 5.11 0.00 4.22 0.00
sda 0.00 0.02 0.55 0.22 16.50 2.33 49.05 0.01 12.62 12.22 13.59 3.70 0.28
sdb 0.00 0.00 0.00 0.00 0.08 0.00 37.61 0.00 0.15 0.15 0.00 0.15 0.00

avg-cpu: %user %nice %system %iowait %steal %idle
0.00 0.00 0.50 0.00 0.00 99.50

Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util
scd0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
sda 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
sdb 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

avg-cpu: %user %nice %system %iowait %steal %idle
0.00 0.00 0.00 0.00 0.00 100.00

^C
[root@localhost ~]#

%util首先是一個百分比，這一列表示io等待，總之就是磁盤使用有多少時間是佔用你CPU的。CPU有一部分時間是給進程處理、計算的，也有一部分是等待io的，等待磁盤讀寫的，磁盤讀寫都是須要時間的。若是這個數字很大，是50%以上，就說明磁盤太差了，它很是忙碌。若是rkB/s和wkB/s不大，可是%util很大，就說明硬盤可能有問題。若是硬盤很慢，即便CPU再快，再厲害，硬盤跟不上存在很大的瓶頸。若是磁盤嚴重不行，只能更換磁盤。

若是發現磁盤io很忙，很頻繁，若是想知道是哪個進程在頻繁的讀寫，就可使用iotop命令。但發現沒有安裝，使用yum install -y iotop安裝。

它和top很像，是動態的，按排行來排,咱們看的是io百分比。

10.7 free命令

[root@localhost ~]# free
total used free shared buff/cache available
Mem: 1867048 390860 925636 9356 550552 1227604
Swap: 4194300 0 4194300
[root@localhost ~]#

free命令能夠查看當前系統的總內存大小以及使用內存的狀況。CentOS 7系統的free命令顯示結果比CentOS 6更簡潔一些，但大致一致。

總共有三行，第一行是說明，第二行是內存的使用狀況，第三行是交換分區的使用狀況，咱們關注的是第二列。

total：內存總大小

used:真正使用的實際內存大小

free:剩餘物理內存大小（沒有被分配，純剩餘）

shared:共享內存大小，這個不用關注

buff/cache:分配格buff/cache的內存總共有多大。

簡單區分一下buff（緩衝）和cache（緩存），聽起來差很少，可是數據的流向不同，所叫的名字也不同。

數據（磁盤）到CPU，中間要通過內存，由於數據（磁盤）和CPU差得很大，因此這麼作是爲了在它們的速度之間作一個緩和。0000（數據）----緩存（cache）---CPU。

數據通過CPU計算完了，要存到磁盤裏去，這個過程很難實現，由於CPU很快，磁盤很慢，直接寫到磁盤裏時間要好久，CPU等不了。這就要把數據先放到內存裏，再放到磁盤裏。

CPU（處理過的數據）---緩衝（buff）--磁盤。

能夠這樣理解：數據通過CPU計算，即將要寫入磁盤，這是用的內存爲buff；CPU要計算時，須要把數據從磁盤中讀出來，臨時先放到內存中，這部份內存就是cache。

avaliable:系統可以使用內存有多大，它包含了free。linux系統爲了讓應用跑得更快，系統會預先預留出一部分（buff/cache）給某些應用使用，雖然這部份內存並無真正使用，但也已經分配出去了。然而，當另一個服務要使用更多內存時，是能夠把這一部分預先分配的內存拿來用的。因此，

available=free+buff/cache的剩餘部分（沒有被分配出去的）

total=used+free+buff/cache

swap不夠，是內存不夠，內存泄露了，程序有BUG，須要排查。

[root@localhost ~]# free
total used free shared buff/cache available
Mem: 1867048 390860 925636 9356 550552 1227604
Swap: 4194300 0 4194300
[root@localhost ~]# free -m
total used free shared buff/cache available
Mem: 1823 377 908 9 537 1203
Swap: 4095 0 4095
[root@localhost ~]# free -h
total used free shared buff/cache available
Mem: 1.8G 377M 908M 9.1M 537M 1.2G
Swap: 4.0G 0B 4.0G
[root@localhost ~]# free -g
total used free shared buff/cache available
Mem: 1 0 0 0 0 1
Swap: 3 0 3
[root@localhost ~]#

buffer和cache如此重要，系統會預先預留出一部分給buffer和cache。

使用free命令須要關注的是available這一項。

10.8 ps命令

• ps 查看系統進程

[root@localhost ~]# ps
PID TTY TIME CMD
17790 pts/0 00:00:00 bash
18148 pts/0 00:00:00 ps
[root@localhost ~]#

• 用法：ps aux、ps -elf

ps aux會列出系統的全部進程

[root@localhost ~]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.3 128564 7308 ? Ss Jan21 0:07 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
root 2 0.0 0.0 0 0 ? S Jan21 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S Jan21 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< Jan21 0:00 [kworker/0:0H]
root 7 0.0 0.0 0 0 ? S Jan21 0:00 [migration/0]
root 8 0.0 0.0 0 0 ? S Jan21 0:00 [rcu_bh]
root 9 0.0 0.0 0 0 ? S Jan21 0:23 [rcu_sched]
root 10 0.0 0.0 0 0 ? S Jan21 0:01 [watchdog/0]
root 11 0.0 0.0 0 0 ? S Jan21 0:00 [watchdog/1]
root 12 0.0 0.0 0 0 ? S Jan21 0:00 [migration/1]
gdm 1855 0.0 0.4 451640 8576 ? Sl Jan21 0:00 /usr/libexec/ibus-x11 --kill-daemon
gdm 1864 0.0 0.2 424524 4812 ? Sl Jan21 0:00 /usr/libexec/xdg-permission-store
root 1868 0.0 0.3 406180 7288 ? Ssl Jan21 0:02 /usr/libexec/packagekitd
gdm 1871 0.1 1.1 1247580 21276 ? Sl Jan21 2:13 /usr/libexec/gnome-settings-daemon
root 1878 0.0 0.1 54456 2984 ? Ss Jan21 0:00 /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa
colord 1899 0.0 0.3 410996 6192 ? Ssl Jan21 0:00 /usr/libexec/colord
root 1906 0.1 0.2 252428 5552 ? Ssl Jan21 2:34 /usr/sbin/pcscd --foreground --auto-exit
gdm 1921 0.0 0.1 299748 3240 ? Sl Jan21 0:00 /usr/libexec/ibus-engine-simple
root 2117 0.0 0.2 123164 3836 ? Ss Jan21 0:00 login -- root
root 17701 0.0 0.1 116580 3268 tty2 Ss+ 13:41 0:00 -bash
root 21177 0.0 0.0 0 0 ? S 17:30 0:00 [kworker/u256:1]
root 21530 0.0 0.0 0 0 ? S 17:58 0:00 [kworker/1:2]
root 21573 0.0 0.0 0 0 ? R 18:00 0:00 [kworker/0:3]
root 21682 0.0 0.0 0 0 ? S 18:10 0:00 [kworker/u256:0]
postfix 21717 0.0 0.2 91732 4004 ? S 18:13 0:00 pickup -l -t unix -u
root 21890 0.0 0.0 0 0 ? S 18:26 0:00 [kworker/0:1]
root 21942 0.0 0.0 0 0 ? S 18:28 0:00 [kworker/1:1]
root 22000 0.0 0.0 0 0 ? S 18:31 0:00 [kworker/0:0]
root 22041 0.0 0.0 0 0 ? S 18:36 0:00 [kworker/0:2]
root 22058 0.8 0.2 147788 5228 ? Ds 18:39 0:00 sshd: root@pts/0
root 22066 0.1 0.1 116580 3268 pts/0 Ss 18:39 0:00 -bash
root 22084 0.0 0.3 341496 6480 ? Sl 18:39 0:00 /usr/sbin/abrt-dbus -t133
root 22126 0.0 0.0 107904 608 ? S 18:39 0:00 sleep 60
root 22127 0.0 0.0 151064 1804 pts/0 R+ 18:39 0:00 ps aux
[root@localhost ~]#

ps aux最經常使用的形式以下：

第1列是用戶是誰；

第2列是PID，也就是一個進程的ID，在殺死一個進程的時候使用。

若是想殺死進程pickup，可使用以下命令：

[root@localhost ~]# kill 21717
[root@localhost ~]# ps aux | grep pickup
postfix 22154 0.1 0.2 91732 4004 ? S 18:41 0:00 pickup -l -t unix -u
root 22156 0.0 0.0 112660 972 pts/0 S+ 18:41 0:00 grep --color=auto pickup
[root@localhost ~]#

若是懷疑colord進程有問題，那就須要看一下這個進程在哪裏，在哪裏啓動起來的，可使用以下命令查看：

[root@localhost ~]# ll /proc/1899/
total 0
dr-xr-xr-x. 2 colord colord 0 Jan 22 18:47 attr
-rw-r--r--. 1 colord colord 0 Jan 22 18:47 autogroup
-r--------. 1 colord colord 0 Jan 22 18:47 auxv
-r--r--r--. 1 colord colord 0 Jan 19 07:14 cgroup
--w-------. 1 colord colord 0 Jan 22 18:47 clear_refs
-r--r--r--. 1 colord colord 0 Jan 19 07:14 cmdline
-rw-r--r--. 1 colord colord 0 Jan 19 07:14 comm
-rw-r--r--. 1 colord colord 0 Jan 22 18:47 coredump_filter
-r--r--r--. 1 colord colord 0 Jan 22 18:47 cpuset
lrwxrwxrwx. 1 colord colord 0 Jan 22 18:47 cwd -> /
-r--------. 1 colord colord 0 Jan 22 18:47 environ
lrwxrwxrwx. 1 colord colord 0 Jan 19 07:14 exe -> /usr/libexec/colord
dr-x------. 2 colord colord 0 Jan 19 07:14 fd
dr-x------. 2 colord colord 0 Jan 22 18:47 fdinfo
-rw-r--r--. 1 colord colord 0 Jan 22 18:47 gid_map
-r--------. 1 colord colord 0 Jan 22 18:47 io
dr-xr-xr-x. 5 colord colord 0 Jan 21 12:04 task
-r--r--r--. 1 colord colord 0 Jan 22 18:47 timers
-rw-r--r--. 1 colord colord 0 Jan 22 18:47 uid_map
-r--r--r--. 1 colord colord 0 Jan 22 08:00 wchan
[root@localhost ~]#

colord進程的PID是一個目錄，每一個進程都有一個目錄。

[root@localhost ~]# ps aux | grep sshd
root 1254 0.0 0.2 105996 4080 ? Ss Jan21 0:00 /usr/sbin/sshd -D
root 17782 0.0 0.2 147788 5232 ? Ss 07:27 0:00 sshd: root@pts/0
root 18224 0.0 0.0 112664 968 pts/0 S+ 07:56 0:00 grep --color=auto sshd
[root@localhost ~]#

查看全部的進程中有沒有sshd進程在運行。

ps -elf和ps aux結果差很少，根據我的使用習慣而定。

[root@localhost ~]# ps -elf
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
4 S root 1 0 0 80 0 - 32141 ep_pol Jan21 ? 00:00:07 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
1 S root 2 0 0 80 0 - 0 kthrea Jan21 ? 00:00:00 [kthreadd]
1 S root 3 2 0 80 0 - 0 smpboo Jan21 ? 00:00:00 [ksoftirqd/0]
1 S root 5 2 0 60 -20 - 0 worker Jan21 ? 00:00:00 [kworker/0:0H]
1 S root 7 2 0 -40 - - 0 smpboo Jan21 ? 00:00:00 [migration/0]
1 S root 8 2 0 80 0 - 0 rcu_gp Jan21 ? 00:00:00 [rcu_bh]
1 S root 9 2 0 80 0 - 0 rcu_gp Jan21 ? 00:00:22 [rcu_sched]
5 S root 10 2 0 -40 - - 0 smpboo Jan21 ? 00:00:01 [watchdog/0]
5 S root 11 2 0 -40 - - 0 smpboo Jan21 ? 00:00:00 [watchdog/1]
1 S root 12 2 0 -40 - - 0 smpboo Jan21 ? 00:00:00 [migration/1]
1 S root 13 2 0 80 0 - 0 smpboo Jan21 ? 00:00:00 [ksoftirqd/1]
1 S root 15 2 0 60 -20 - 0 worker Jan21 ? 00:00:00 [kworker/1:0H]
5 S root 17 2 0 80 0 - 0 devtmp Jan21 ? 00:00:00 [kdevtmpfs]
1 S root 18 2 0 60 -20 - 0 rescue Jan21 ? 00:00:00 [netns]
1 S root 19 2 0 80 0 - 0 watchd Jan21 ? 00:00:00 [khungtaskd]
1 S root 20 2 0 60 -20 - 0 rescue Jan21 ? 00:00:00 [writeback]
1 S root 21 2 0 60 -20 - 0 rescue Jan21 ? 00:00:00 [kintegrityd]
4 S root 2117 1 0 80 0 - 30791 do_wai Jan21 ? 00:00:00 login -- root
1 S root 14969 2 0 80 0 - 0 worker 04:10 ? 00:00:33 [kworker/1:2]
1 S root 16901 2 0 80 0 - 0 worker 06:35 ? 00:00:00 [kworker/u256:0]
1 S root 16922 2 0 80 0 - 0 worker 06:36 ? 00:00:01 [kworker/0:0]
1 S root 17289 2 0 80 0 - 0 worker 07:05 ? 00:00:00 [kworker/u256:2]
4 S postfix 17637 1522 0 80 0 - 22933 ep_pol 07:24 ? 00:00:00 pickup -l -t unix -u
1 S root 17685 2 0 80 0 - 0 worker 07:25 ? 00:00:15 [kworker/1:1]
4 S root 17701 2117 0 80 0 - 29145 n_tty_ 07:25 tty2 00:00:00 -bash
4 D root 17782 1254 0 80 0 - 36947 flush_ 07:27 ? 00:00:00 sshd: root@pts/0
4 S root 17790 17782 0 80 0 - 29145 do_wai 07:27 pts/0 00:00:00 -bash
1 S root 18131 2 0 80 0 - 0 worker 07:51 ? 00:00:00 [kworker/0:1]
1 R root 18202 2 0 80 0 - 0 - 07:55 ? 00:00:00 [kworker/0:3]
1 S root 18277 2 0 80 0 - 0 worker 07:58 ? 00:00:00 [kworker/1:0]
0 S root 18299 902 0 80 0 - 26976 hrtime 07:59 ? 00:00:00 sleep 60
0 R root 18314 17790 0 80 0 - 37766 - 08:00 pts/0 00:00:00 ps -elf
[root@localhost ~]#

• STAT部分說明

表示進程的狀態，進程狀態分爲如下幾種：

• D 不能中斷的進程

由於中斷了會影響結果，這個不多見，一般爲IO。

• R run狀態的進程

正在運行中的進程，其中包括了等待CPU時間片的進程。不是說這個時刻就使用着CPU，而是說在某一個時間段內在使用着CPU。

• S sleep狀態的進程

已經中斷的進程，系統中大部分進程都是這個狀態。

• T 暫停的進程

已經中止或者暫停的進程，若是咱們正在運行一個命令，好比說 sleep 10 若是咱們按一下ctrl z 讓它暫停，那麼咱們用ps查看就會顯示T這個狀態。
[root@localhost ~]# sleep 10
^Z
[1]+ Stopped sleep 10
[root@localhost ~]# ps aux | grep sleep
root 22519 0.0 0.0 107904 608 ? S 19:06 0:00 sleep 60
root 22520 0.0 0.0 107904 608 pts/0 T 19:07 0:00 sleep 10
root 22522 0.0 0.0 112660 972 pts/0 S+ 19:07 0:00 grep --color=auto sleep
[root@localhost ~]#

• Z 殭屍進程

殭屍進程，殺不掉，打不死的垃圾進程，佔系統一小點資源，不過沒有關係。若是太多，就有問題了。

• < 高優先級進程

誰的優先級高，CPU就先給誰用。

• N 低優先級進程

意味着不着急，晚一下子用CPU也是能夠的。

• L 內存中被鎖了內存分頁

• s 主進程

• l 多線程進程

線程和進程的關係：

線程由一個大的進程組成的，一個進程裏有多個線程。固然裏面是有涉及到內存的使用的狀況，進程之間內存相互是不共享的，線程使用了同一個進程的內存的區域。好比說給一個進程分配了一個內存塊，這個進程原本是對這個內存有使用權限的，無論進程下有多少線程，它們共享這個內存。

多線程進程是說，這個進程有多個線程。

• + 前臺進程

ps命令是工做中用的很是多的一個命令，常常和管道符一塊兒使用，用來查看某個進程或者它的數量。

[root@localhost ~]# ps aux | grep -c sshd
3
[root@localhost ~]# ps aux | grep sshd
root 1254 0.0 0.2 105996 4080 ? Ss Jan21 0:00 /usr/sbin/sshd -D
root 22058 0.0 0.2 147788 5228 ? Ss 18:39 0:00 sshd: root@pts/0
root 22639 0.0 0.0 112664 968 pts/0 S+ 19:19 0:00 grep --color=auto sshd
[root@localhost ~]#

上例中的3並不許確，須要減掉1。由於使用grep命令時，grep自己也算是一個進程。

10.9 用netstat命令查看網絡狀態

linux做爲服務器的操做系統，服務器上會有不少服務，服務每每是和客戶端相互通訊的，這就意味着它要有監聽端口，要有對外的通訊端口。這個netstat命令查看的就是TCP/IP通訊的狀態。好比說要給這個系統安裝一個ngix，就要提供一個WEB服務；要安裝一個MySQL，提供一個數據庫服務，有了這樣一個服務，就要有一個監聽端口，那麼何爲監聽端口呢？正常狀況下一臺機器是沒有任何的端口監聽的，這就意味着它沒有辦法和其餘的機器通訊。你要想提供WEB服務，要想讓其餘人訪問你的網站，它就須要監聽一個端口，它把這個端口放開，打開一個孔。就像網卡上搞了一個小孔出來，而後遠程的設備想辦法和這個孔相連，數據就能夠經過這個孔進入到網卡里，進入到服務器裏，相互的進行通訊。

端口查看命令：

[root@localhost ~]# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1633/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1254/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1256/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1522/master
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1254/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1256/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 1522/master
udp 0 0 0.0.0.0:34496 0.0.0.0:* 799/avahi-daemon: r
udp 0 0 192.168.122.1:53 0.0.0.0:* 1633/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1633/dnsmasq
udp 0 0 0.0.0.0:5353 0.0.0.0:* 799/avahi-daemon: r
udp 0 0 127.0.0.1:323 0.0.0.0:* 810/chronyd
udp6 0 0 ::1:323 :::* 810/chronyd
raw6 0 0 :::58 :::* 7 910/NetworkManager
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 27011 1849/ibus-daemon @/tmp/dbus-IFTIxXwX
unix 2 [ ACC ] STREAM LISTENING 18186 779/abrtd /var/run/abrt/abrt.socket
unix 2 [ ACC ] STREAM LISTENING 26528 1266/gdm @/tmp/dbus-qCnJ8arG
unix 2 [ ACC ] STREAM LISTENING 18194 776/VGAuthService /var/run/vmware/guestServicePipe
unix 2 [ ACC ] STREAM LISTENING 25448 1752/dbus-daemon @/tmp/dbus-zSF9tbEANa
unix 2 [ ACC ] STREAM LISTENING 26657 1734/gnome-session- @/tmp/.ICE-unix/1734
unix 2 [ ACC ] STREAM LISTENING 26359 1680/X @/tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 27699 1791/pulseaudio /run/user/42/pulse/native
unix 2 [ ACC ] STREAM LISTENING 17303 1/systemd @ISCSID_UIP_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 24917 1522/master private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 24920 1522/master private/rewrite
unix 2 [ ACC ] STREAM LISTENING 24923 1522/master private/bounce
unix 2 [ ACC ] STREAM LISTENING 24926 1522/master private/defer
unix 2 [ ACC ] STREAM LISTENING 24929 1522/master private/trace
unix 2 [ ACC ] STREAM LISTENING 24932 1522/master private/verify
unix 2 [ ACC ] STREAM LISTENING 24938 1522/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 24941 1522/master private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 24944 1522/master private/smtp
unix 2 [ ACC ] STREAM LISTENING 24947 1522/master private/relay
unix 2 [ ACC ] STREAM LISTENING 24953 1522/master private/error
unix 2 [ ACC ] STREAM LISTENING 24956 1522/master private/retry
unix 2 [ ACC ] STREAM LISTENING 24959 1522/master private/discard
unix 2 [ ACC ] STREAM LISTENING 24962 1522/master private/local
unix 2 [ ACC ] STREAM LISTENING 24965 1522/master private/virtual
unix 2 [ ACC ] STREAM LISTENING 24968 1522/master private/lmtp
unix 2 [ ACC ] STREAM LISTENING 24971 1522/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 24974 1522/master private/scache
unix 2 [ ACC ] STREAM LISTENING 26658 1734/gnome-session- /tmp/.ICE-unix/1734
unix 2 [ ACC ] STREAM LISTENING 24906 1522/master public/pickup
unix 2 [ ACC ] STREAM LISTENING 24910 1522/master public/cleanup
unix 2 [ ACC ] STREAM LISTENING 24913 1522/master public/qmgr
unix 2 [ ACC ] STREAM LISTENING 24935 1522/master public/flush
unix 2 [ ACC ] STREAM LISTENING 24950 1522/master public/showq
unix 2 [ ACC ] STREAM LISTENING 26360 1680/X /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 19596 823/gssproxy /run/gssproxy.sock
unix 2 [ ACC ] STREAM LISTENING 17293 1/systemd /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 17296 1/systemd /var/run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 17300 1/systemd /var/run/pcscd/pcscd.comm
unix 2 [ ACC ] STREAM LISTENING 17304 1/systemd /var/run/libvirt/virtlogd-sock
unix 2 [ ACC ] STREAM LISTENING 17307 1/systemd /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 17310 1/systemd /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 17312 1/systemd /var/run/libvirt/virtlockd-sock
unix 2 [ ACC ] STREAM LISTENING 26525 1266/gdm @/tmp/dbus-Rb8g1qmG
unix 2 [ ACC ] STREAM LISTENING 18339 788/lsmd /var/run/lsm/ipc/simc
unix 2 [ ACC ] STREAM LISTENING 18341 788/lsmd /var/run/lsm/ipc/sim
unix 2 [ ACC ] STREAM LISTENING 18345 892/mcelog /var/run/mcelog-client
unix 2 [ ACC ] STREAM LISTENING 19595 823/gssproxy /var/lib/gssproxy/default.sock
unix 2 [ ACC ] STREAM LISTENING 24497 1263/libvirtd /var/run/libvirt/libvirt-sock
unix 2 [ ACC ] STREAM LISTENING 13238 1/systemd /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 24504 1263/libvirtd /var/run/libvirt/libvirt-sock-ro
unix 2 [ ACC ] STREAM LISTENING 24506 1263/libvirtd /var/run/libvirt/libvirt-admin-sock
unix 2 [ ACC ] STREAM LISTENING 10940 1/systemd /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 26527 1266/gdm @/tmp/dbus-jI2llL96
unix 2 [ ACC ] STREAM LISTENING 17314 1/systemd @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] SEQPACKET LISTENING 10957 1/systemd /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 10959 1/systemd /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 206 1/systemd /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 26524 1266/gdm @/tmp/dbus-GTxI0HA6
unix 2 [ ACC ] STREAM LISTENING 26583 1741/dbus-daemon @/tmp/dbus-xYLJnvHn8J
[root@localhost ~]#

netstat -lnp 查看當前系統開啓的端口以及socket

l表明的是listen，監聽的意思，看看你的機器上都監聽了哪些端口，哪些服務呢？

以前講的配置IP，遠程鏈接，鏈接的就是22端口。

sshd有兩個，一個是tcp,一個是tcp6，tcp6就是Ipv6（tcp和udp的資料自行查閱，這個不做爲重點）的IP。

master 25端口，發郵件的端口。

socket文件也是用來進程間通訊的，前提是同一臺服務器，2個進程之間相互通訊使用這種socket文件。

netstat命令也能夠查看都有哪些socket文件在監聽。

須要關注的就是上面的，就是看監聽了哪些端口，之後講到服務的時候，都會檢查這些服務是否是正常啓動了。可使用ps查看進程，也可使用netstat查看端口監聽，之後會屢次使用這個命令。

第二種用法：

netstat -an 查看當前系統全部的鏈接。

[root@localhost ~]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 52 192.168.231.128:22 192.168.231.1:52975 ESTABLISHED
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
udp 0 0 0.0.0.0:34496 0.0.0.0:*
udp 0 0 192.168.122.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:67 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 ::1:323 :::*
raw6 0 0 :::58 :::* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 27011 @/tmp/dbus-IFTIxXwX
unix 2 [ ACC ] STREAM LISTENING 18186 /var/run/abrt/abrt.socket
unix 2 [ ACC ] STREAM LISTENING 26528 @/tmp/dbus-qCnJ8arG
unix 2 [ ACC ] STREAM LISTENING 18194 /var/run/vmware/guestServicePipe
unix 2 [ ACC ] STREAM LISTENING 25448 @/tmp/dbus-zSF9tbEANa
unix 2 [ ACC ] STREAM LISTENING 26657 @/tmp/.ICE-unix/1734

這個命令會查看tcp/ip狀態

netstat -lntp 只看出tcp的，不包含socket

[root@localhost ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1633/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1254/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1256/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1522/master
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1254/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1256/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 1522/master
[root@localhost ~]#

netstat -ltunp只查看udp的

[root@localhost ~]# netstat -ltunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1633/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1254/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1256/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1522/master
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1254/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1256/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 1522/master
udp 0 0 0.0.0.0:34496 0.0.0.0:* 799/avahi-daemon: r
udp 0 0 192.168.122.1:53 0.0.0.0:* 1633/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1633/dnsmasq
udp 0 0 0.0.0.0:5353 0.0.0.0:* 799/avahi-daemon: r
udp 0 0 127.0.0.1:323 0.0.0.0:* 810/chronyd
udp6 0 0 ::1:323 :::* 810/chronyd
[root@localhost ~]#

擴展知識：tcp/ip的三次握手，四次揮手，這個每每在面試的時候被問到

查看netstat，須要關注一個值就是ESTABLISHED，若是這個值很大，說明你的系統很忙。併發鏈接數，就是同一時間有多少客戶端在鏈接你，咱們能夠拿這個數字來講明併發鏈接數有多少。上面說明有45個客戶端和服務端進行通訊，正在保持鏈接。TIME_WATE雖然有3598個，可是隻是在等待，這個是真正的通訊，1000之內服務器都是能接受的。若是有幾萬個，那是不多見的。上面這個命令須要記住。

[root@localhost ~]# netstat -an | awk '/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}'
LISTEN 9
ESTABLISHED 1
[root@localhost ~]#

ss命令和netstat很類似，ss -an用的比較多，這個命令也能顯示tcp/ip的狀態

[root@localhost ~]# ss -an
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
nl UNCONN 0 0 0:1620 *
nl UNCONN 0 0 0:0 *
nl UNCONN 0 0 0:-1098906385 *
nl UNCONN 0 0 0:1868 *
nl UNCONN 0 0 0:-1153432690 *
nl UNCONN 0 0 0:469763311 *
nl UNCONN 0 0 0:799 *

下面還有不少，查看一下Listen的。

[root@localhost ~]# ss -an | grep -i listen
u_str LISTEN 0 10 @/tmp/dbus-IFTIxXwX 27011 * 0
u_str LISTEN 0 10 /var/run/abrt/abrt.socket 18186 * 0
u_str LISTEN 0 10 @/tmp/dbus-qCnJ8arG 26528 * 0
u_str LISTEN 0 32 /var/run/vmware/guestServicePipe 18194 * 0
u_str LISTEN 0 30 @/tmp/dbus-zSF9tbEANa 25448 * 0
u_str LISTEN 0 128 @/tmp/.ICE-unix/1734 26657 * 0
u_str LISTEN 0 128 @/tmp/.X11-unix/X0 26359 * 0
u_str LISTEN 0 5 /run/user/42/pulse/native 27699 * 0
u_str LISTEN 0 128 @ISCSID_UIP_ABSTRACT_NAMESPACE 17303 * 0
u_str LISTEN 0 100 private/tlsmgr 24917 * 0
u_str LISTEN 0 100 private/rewrite 24920 * 0
u_str LISTEN 0 100 private/bounce 24923 * 0
u_str LISTEN 0 100 private/defer 24926 * 0
u_str LISTEN 0 100 private/trace 24929 * 0
u_str LISTEN 0 100 private/verify 24932 * 0
u_str LISTEN 0 100 private/proxymap 24938 * 0
u_str LISTEN 0 100 private/proxywrite 24941 * 0
u_str LISTEN 0 100 private/smtp 24944 * 0
u_str LISTEN 0 100 private/relay 24947 * 0
u_str LISTEN 0 100 private/error 24953 * 0
u_str LISTEN 0 100 private/retry 24956 * 0
u_str LISTEN 0 100 private/discard 24959 * 0
u_str LISTEN 0 100 private/local 24962 * 0
u_str LISTEN 0 100 private/virtual 24965 * 0
u_str LISTEN 0 100 private/lmtp 24968 * 0
u_str LISTEN 0 100 private/anvil 24971 * 0
u_str LISTEN 0 100 private/scache 24974 * 0
u_str LISTEN 0 128 /tmp/.ICE-unix/1734 26658 * 0
u_str LISTEN 0 100 public/pickup 24906 * 0
u_str LISTEN 0 100 public/cleanup 24910 * 0
u_str LISTEN 0 100 public/qmgr 24913 * 0
u_str LISTEN 0 100 public/flush 24935 * 0
u_str LISTEN 0 100 public/showq 24950 * 0
u_str LISTEN 0 128 /tmp/.X11-unix/X0 26360 * 0
u_str LISTEN 0 10 /run/gssproxy.sock 19596 * 0
u_str LISTEN 0 128 /var/run/avahi-daemon/socket 17293 * 0
u_str LISTEN 0 128 /var/run/rpcbind.sock 17296 * 0
u_str LISTEN 0 128 /var/run/pcscd/pcscd.comm 17300 * 0
u_str LISTEN 0 128 /var/run/libvirt/virtlogd-sock 17304 * 0
u_str LISTEN 0 128 /var/run/dbus/system_bus_socket 17307 * 0
u_str LISTEN 0 128 /var/run/cups/cups.sock 17310 * 0
u_str LISTEN 0 128 /var/run/libvirt/virtlockd-sock 17312 * 0
u_str LISTEN 0 10 @/tmp/dbus-Rb8g1qmG 26525 * 0
u_str LISTEN 0 5 /var/run/lsm/ipc/simc 18339 * 0
u_str LISTEN 0 5 /var/run/lsm/ipc/sim 18341 * 0
u_str LISTEN 0 10 /var/run/mcelog-client 18345 * 0
u_str LISTEN 0 10 /var/lib/gssproxy/default.sock 19595 * 0
u_str LISTEN 0 128 /var/run/libvirt/libvirt-sock 24497 * 0
u_str LISTEN 0 128 /run/systemd/private 13238 * 0
u_str LISTEN 0 128 /var/run/libvirt/libvirt-sock-ro 24504 * 0
u_str LISTEN 0 20 /var/run/libvirt/libvirt-admin-sock 24506 * 0
u_str LISTEN 0 128 /run/lvm/lvmetad.socket 10940 * 0
u_str LISTEN 0 10 @/tmp/dbus-jI2llL96 26527 * 0
u_str LISTEN 0 128 @ISCSIADM_ABSTRACT_NAMESPACE 17314 * 0
u_seq LISTEN 0 128 /run/udev/control 10957 * 0
u_str LISTEN 0 128 /run/lvm/lvmpolld.socket 10959 * 0
u_str LISTEN 0 128 /run/systemd/journal/stdout 206 * 0
u_str LISTEN 0 10 @/tmp/dbus-GTxI0HA6 26524 * 0
u_str LISTEN 0 30 @/tmp/dbus-xYLJnvHn8J 26583 * 0
tcp LISTEN 0 128 *:111 *:*
tcp LISTEN 0 5 192.168.122.1:53 *:*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 128 127.0.0.1:631 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp LISTEN 0 128 :::111 :::*
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 128 ::1:631 :::*
tcp LISTEN 0 100 ::1:25 :::*
[root@localhost ~]#

上面這個命令沒法顯示進程的名字，netstat是能夠的。

10.10 linux下抓包

若是受到攻擊，網卡流量會異常，進入的包會大於1w，這個時候你可能會想知道都有哪些包進來，那麼就可使用tcpdump命令來查看。

[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.231.128 netmask 255.255.255.0 broadcast 192.168.231.255
inet6 fe80::77e9:3d29:fad9:b570 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b7:62:f8 txqueuelen 1000 (Ethernet)
RX packets 74830 bytes 10154281 (9.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 76858 bytes 18781631 (17.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 108 bytes 9456 (9.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 108 bytes 9456 (9.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:c9:f0:09 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@localhost ~]#

[root@localhost ~]# tcpdump -nn -i ens33
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
20:09:51.376591 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 534398562:534398758, ack 4065891896, win 260, length 196
20:09:51.376770 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 196, win 2052, length 0
20:09:51.376815 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 196:472, ack 1, win 260, length 276
20:09:51.377259 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 472:636, ack 1, win 260, length 164
20:09:51.377349 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 636, win 2050, length 0
20:09:51.377413 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 636:896, ack 1, win 260, length 260
20:09:51.377626 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 896:1060, ack 1, win 260, length 164
20:09:51.377709 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 1060, win 2048, length 0
20:09:51.377755 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 1060:1320, ack 1, win 260, length 260
20:09:51.377937 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 1320:1484, ack 1, win 260, length 164
20:09:51.378019 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 1484, win 2053, length 0
20:09:51.378073 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 1484:1744, ack 1, win 260, length 260
20:09:51.378262 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 1744:1908, ack 1, win 260, length 164
20:09:51.378344 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 1908, win 2051, length 0
20:09:51.378380 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 1908:2168, ack 1, win 260, length 260
20:09:51.378573 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 2168:2332, ack 1, win 260, length 164
20:09:51.378654 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 2332, win 2049, length 0
20:09:51.378699 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 2332:2592, ack 1, win 260, length 260
20:09:51.378889 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 2592:2756, ack 1, win 260, length 164
20:09:51.378970 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 2756, win 2048, length 0
20:09:51.379007 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 2756:3016, ack 1, win 260, length 260
20:09:51.379195 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 3016:3180, ack 1, win 260, length 164
20:09:51.379281 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 3180, win 2053, length 0
20:09:51.379324 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 3180:3440, ack 1, win 260, length 260
20:09:51.379510 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 3440:3604, ack 1, win 260, length 164
20:09:51.379624 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 3604, win 2051, length 0

回車後會出現一堆字符串，在按ctrl c以前，這些字符串會一直刷屏，刷屏越快說明網卡上的數據包越多。上例中，咱們只須要關注第3列和第4列，它們顯示的信息爲哪個IP+端口號在鏈接哪個IP+端口號。後面的信息是該數據包的相關信息，若是不懂，也沒有關係。

-i選項後面跟設備名稱，若是想抓取其餘網卡的數據包，後面則要跟其餘網卡的名字。-nn選項的做用是讓第3列和第4列顯示成「IP+端口號」的形式，若是不加會顯示成「主機名+服務名稱」。

[root@localhost ~]# tcpdump -i ens33

21:11:24.210977 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3667324:3667504, ack 609, win 260, length 180
21:11:24.211061 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3667504:3667796, ack 609, win 260, length 292
21:11:24.211162 IP 192.168.231.1.52975 > localhost.localdomain.ssh: Flags [.], ack 3667796, win 2047, length 0
21:11:24.211186 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3667796:3667976, ack 609, win 260, length 180
21:11:24.211273 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3667976:3668268, ack 609, win 260, length 292
21:11:24.211363 IP 192.168.231.1.52975 > localhost.localdomain.ssh: Flags [.], ack 3668268, win 2053, length 0
21:11:24.211381 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3668268:3668448, ack 609, win 260, length 180
21:11:24.211454 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3668448:3668740, ack 609, win 260, length 292
21:11:24.211543 IP 192.168.231.1.52975 > localhost.localdomain.ssh: Flags [.], ack 3668740, win 2051, length 0
21:11:24.211561 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3668740:3668920, ack 609, win 260, length 180
21:11:24.211645 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3668920:3669212, ack 609, win 260, length 292
21:11:24.211764 IP 192.168.231.1.52975 > localhost.localdomain.ssh: Flags [.], ack 3669212, win 2049, length 0
21:11:24.211784 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3669212:3669392, ack 609, win 260, length 180
21:11:24.211919 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3669392:3669684, ack 609, win 260, length 292
21:11:24.212048 IP 192.168.231.1.52975 > localhost.localdomain.ssh: Flags [.], ack 3669684, win 2047, length 0
21:11:24.212095 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3669684:3669864, ack 609, win 260, length 180
21:11:24.212192 IP localhost.localdomain.ssh > 192.168.231.1.52975: Flags [P.], seq 3669864:3670156, ack 609, win 260, length 292
21:11:24.212317 IP 192.168.231.1.52975 > localhost.localdomain.ssh: Flags [.], ack 3670156, win 2053, length 0

主機名對咱們來講不知道時哪一個因此仍是用-nn比較直觀。

•tcpdump -nn -i ens33 port 22

指定端口22

[root@localhost ~]# tcpdump -nn -i ens33 port 22

21:27:32.021849 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 38144, win 2049, length 0
21:27:32.021926 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 38144:38308, ack 53, win 260, length 164
21:27:32.022167 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 38308:38568, ack 53, win 260, length 260
21:27:32.022641 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 38568, win 2047, length 0
21:27:32.022995 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 38568:38828, ack 53, win 260, length 260
21:27:32.023284 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 38828:38992, ack 53, win 260, length 164
21:27:32.023424 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 38992, win 2053, length 0
21:27:32.023500 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 38992:39252, ack 53, win 260, length 260
21:27:32.023597 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [P.], seq 53:105, ack 38992, win 2053, length 52
21:27:32.023622 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 39252:39416, ack 105, win 260, length 164
^C
279 packets captured
281 packets received by filter
0 packets dropped by kernel

固然也可使用排除法

[root@localhost ~]# tcpdump -nn -i ens33 not port 22

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
21:29:23.475070 IP 192.168.231.1.138 > 192.168.231.255.138: NBT UDP PACKET(138)
21:29:40.780479 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:41.845407 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:42.780027 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:43.778248 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:44.847882 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:45.777573 ARP, Request who-has 192.168.231.128 (00:0c:29:b7:62:f8) tell 192.168.231.1, length 46
21:29:45.777602 ARP, Reply 192.168.231.128 is-at 00:0c:29:b7:62:f8, length 28
21:29:45.777698 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:46.779040 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:47.849318 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:48.779097 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:49.778181 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:50.852261 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:51.778414 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:29:52.777131 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
^C
16 packets captured
17 packets received by filter
0 packets dropped by kernel
[root@localhost ~]#

• tcpdump -nn not port 22 and host 192.168.0.100

[root@localhost ~]# tcpdump -nn -i ens33 not port 22 and host 192.168.231.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
21:31:40.778568 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:31:41.849239 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:31:42.778402 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:31:43.780803 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:31:44.852342 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:31:45.781098 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:31:46.781781 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
21:31:47.858820 ARP, Request who-has 192.168.231.2 tell 192.168.231.1, length 46
^C
8 packets captured
9 packets received by filter
0 packets dropped by kernel
[root@localhost ~]#

• tcpdump -nn -c 100 -w 1.cap

也能夠給數據包指定長度，指定腳本。有時候咱們寫腳本，抓一個數據包出來，存到一個文件裏去，是不能用ctrl c結束的。

如今只抓100個包。

[root@localhost ~]# tcpdump -nn -i ens33 -c 100
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
21:34:58.166502 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 539349586:539349782, ack 4065902096, win 260, length 196
21:34:58.166651 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 196, win 2051, length 0
21:34:58.166710 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 196:472, ack 1, win 260, length 276
21:34:58.166915 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 472:636, ack 1, win 260, length 164
21:34:58.167018 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 636, win 2050, length 0
21:34:58.167097 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 636:896, ack 1, win 260, length 260
21:34:58.167345 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 896:1060, ack 1, win 260, length 164
21:34:58.167532 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 1060, win 2048, length 0
21:34:58.167604 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 1060:1320, ack 1, win 260, length 260
21:34:58.167857 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 1320:1484, ack 1, win 260, length 164
21:34:58.167943 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 1484, win 2053, length 0
21:34:58.167990 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 1484:1744, ack 1, win 260, length 260
21:34:58.168178 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 1744:1908, ack 1, win 260, length 164
21:34:58.168261 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 1908, win 2051, length 0
21:34:58.168298 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 1908:2168, ack 1, win 260, length 260
21:34:58.168386 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 2168:2332, ack 1, win 260, length 164
21:34:58.168452 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 2332, win 2049, length 0
21:34:58.168545 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 2332:2592, ack 1, win 260, length 260
21:34:58.168744 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 2592:2756, ack 1, win 260, length 164
21:34:58.168828 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 2756, win 2048, length 0
21:34:58.168872 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 2756:3016, ack 1, win 260, length 260
21:34:58.169064 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 3016:3180, ack 1, win 260, length 164
21:34:58.169148 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 3180, win 2053, length 0
21:34:58.169218 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 3180:3440, ack 1, win 260, length 260
21:34:58.169404 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 3440:3604, ack 1, win 260, length 164
21:34:58.169489 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 3604, win 2051, length 0
21:34:58.169541 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 3604:3768, ack 1, win 260, length 164
21:34:58.169620 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 3768:4028, ack 1, win 260, length 260
21:34:58.169687 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 4028, win 2049, length 0
21:34:58.169719 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 4028:4288, ack 1, win 260, length 260
21:34:58.169839 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 4288:4452, ack 1, win 260, length 164
21:34:58.169911 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 4452, win 2048, length 0
21:34:58.169944 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 4452:4712, ack 1, win 260, length 260
21:34:58.170065 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 4712:4876, ack 1, win 260, length 164
21:34:58.170128 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 4876, win 2053, length 0
21:34:58.170174 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 4876:5040, ack 1, win 260, length 164
21:34:58.170351 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 5040:5300, ack 1, win 260, length 260
21:34:58.170454 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 5300, win 2051, length 0
21:34:58.170606 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 5300:5560, ack 1, win 260, length 260
21:34:58.170892 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 5560:5724, ack 1, win 260, length 164
21:34:58.170985 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 5724, win 2049, length 0
21:34:58.171004 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 5724:5888, ack 1, win 260, length 164
21:34:58.171083 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 5888:6148, ack 1, win 260, length 260
21:34:58.171162 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 6148, win 2048, length 0
21:34:58.171307 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 6148:6408, ack 1, win 260, length 260
21:34:58.171500 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 6408:6572, ack 1, win 260, length 164
21:34:58.171595 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 6572, win 2053, length 0
21:34:58.171719 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 6572:6832, ack 1, win 260, length 260
21:34:58.171891 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 6832:6996, ack 1, win 260, length 164
21:34:58.171970 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 6996, win 2051, length 0
21:34:58.172085 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 6996:7256, ack 1, win 260, length 260
21:34:58.172498 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 7256:7420, ack 1, win 260, length 164
21:34:58.172605 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 7420, win 2049, length 0
21:34:58.172729 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 7420:7680, ack 1, win 260, length 260
21:34:58.172888 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 7680:7844, ack 1, win 260, length 164
21:34:58.172962 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 7844, win 2048, length 0
21:34:58.173087 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 7844:8104, ack 1, win 260, length 260
21:34:58.173442 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 8104:8268, ack 1, win 260, length 164
21:34:58.173518 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 8268, win 2053, length 0
21:34:58.173634 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 8268:8528, ack 1, win 260, length 260
21:34:58.173803 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 8528:8692, ack 1, win 260, length 164
21:34:58.173877 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 8692, win 2051, length 0
21:34:58.173988 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 8692:8952, ack 1, win 260, length 260
21:34:58.174153 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 8952:9116, ack 1, win 260, length 164
21:34:58.174229 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 9116, win 2049, length 0
21:34:58.174339 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 9116:9376, ack 1, win 260, length 260
21:34:58.174502 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 9376:9540, ack 1, win 260, length 164
21:34:58.174580 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 9540, win 2048, length 0
21:34:58.174695 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 9540:9800, ack 1, win 260, length 260
21:34:58.174858 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 9800:9964, ack 1, win 260, length 164
21:34:58.174932 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 9964, win 2053, length 0
21:34:58.175045 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 9964:10224, ack 1, win 260, length 260
21:34:58.175226 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 10224:10388, ack 1, win 260, length 164
21:34:58.175300 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 10388, win 2051, length 0
21:34:58.175410 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 10388:10648, ack 1, win 260, length 260
21:34:58.175580 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 10648:10812, ack 1, win 260, length 164
21:34:58.175653 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 10812, win 2049, length 0
21:34:58.175766 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 10812:11072, ack 1, win 260, length 260
21:34:58.175931 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 11072:11236, ack 1, win 260, length 164
21:34:58.176005 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 11236, win 2048, length 0
21:34:58.176181 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 11236:11496, ack 1, win 260, length 260
21:34:58.176313 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 11496:11660, ack 1, win 260, length 164
21:34:58.176391 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 11660, win 2053, length 0
21:34:58.176500 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 11660:11920, ack 1, win 260, length 260
21:34:58.176676 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 11920:12084, ack 1, win 260, length 164
21:34:58.176758 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 12084, win 2051, length 0
21:34:58.177064 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 12084:12344, ack 1, win 260, length 260
21:34:58.177269 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 12344:12508, ack 1, win 260, length 164
21:34:58.177380 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 12508, win 2049, length 0
21:34:58.177521 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 12508:12768, ack 1, win 260, length 260
21:34:58.177628 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 12768:12932, ack 1, win 260, length 164
21:34:58.177713 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 12932, win 2048, length 0
21:34:58.177722 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 12932:13096, ack 1, win 260, length 164
21:34:58.177797 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 13096:13356, ack 1, win 260, length 260
21:34:58.177886 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 13356, win 2053, length 0
21:34:58.177893 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 13356:13520, ack 1, win 260, length 164
21:34:58.178057 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 13520:13780, ack 1, win 260, length 260
21:34:58.178219 IP 192.168.231.1.52975 > 192.168.231.128.22: Flags [.], ack 13780, win 2051, length 0
21:34:58.178310 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 13780:13944, ack 1, win 260, length 164
21:34:58.178659 IP 192.168.231.128.22 > 192.168.231.1.52975: Flags [P.], seq 13944:14204, ack 1, win 260, length 260
100 packets captured
101 packets received by filter
0 packets dropped by kernel
[root@localhost ~]#

若是想把它存到一個文件裏去。

[root@localhost ~]# tcpdump -nn -i ens33 -c 100 -w /tmp/1.cap
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
100 packets captured
100 packets received by filter
0 packets dropped by kernel
[root@localhost ~]#

查看一下這個文件，固然是不能用cat的。

[root@localhost ~]# file /tmp/1.cap
/tmp/1.cap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 262144)
[root@localhost ~]#

若是用cat查看，會出現亂碼，由於這個文件就是從你的網卡里捕獲的數據包信息，它就是真正的通訊的數據。

使用tcpdump -r /tmp/1.cap是能夠查看的。

下面介紹tshark命令，在介紹這個命令以前須要安裝wireshark。

• yum install -y wireshark

• tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"

能夠查看指定網卡，80端口web訪問的一個狀況，這裏的服務器是抓不到的，本身的虛擬機也是抓不到的，由於尚未任何的80端口在監聽，沒有提供web服務，因此這個實驗是作不出效果的，可是這個命令是須要記住的。

[root@localhost ~]# tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
Running as user "root" and group "root". This could be dangerous.
Capturing on 'virbr0'
^C0 packets captured
[root@localhost ~]#

友情連接：阿銘Linux

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。