5.1 監控Linux系統狀態 至 監控Linux系統狀態5.9
5.1 - 5.4 監控Linux系統狀態1-4php
查看系統負載:python
w/uptime 最後面三個數字表示1分鐘,5分鐘,15分鐘平均有多少個進程佔用CPU 佔用CPU的進程能夠是Running,也能夠是Waiting 某一時刻1顆CPU只能有一個進程在使用其資源
top命令:mysql
top 回車就能夠進入到top界面 每3秒刷新一次 默認按cpu百分比排序,能夠按M鍵按照內存使用率大小排序 按數字1,能夠顯示全部CPU使用率詳情 top -bn1 靜態顯示全部進程的狀況,也是按cpu百分比排序 靜態顯示進程信息,方便在shell腳本中使用top命令
free命令:linux
free查看內存和swap使用狀況,關注最後一列的available,這個數字是真正剩餘的物理內存大小 free -k -m -g -h
手動增長swapios
dd if=/dev/zero of=/bigfile bs=1M count=1000 mkswap /bigfile chmod 600 /bigfile swapon /bigfile
監控磁盤:nginx
iostat --> yum install -y sysstat iostat -dx 1 iostat -dx 1 5 iotop --> yum install -y iotop iotop 回車 動態顯示,按IO使用率大小排序
綜合工具,判定瓶頸點:sql
vmstat 1 vmstat 1 10 關注:r、b、si、so、bi、bo、id、wa
監控網卡流量:shell
sar -n DEV 1 10 yum install -y epel-release yum install nload nload 回車後查看網卡流量,動態顯示 ethtool ens33 mii-tool ens33
查看進程:windows
ps aux 、 ps -elf 、 ps -eLf (查看線程)
STAT
S Sleep
R Running
s 父進程
N 低優先級
< 高優先級
+ 前臺進程
l 多線程進程
Z 殭屍進程
ls -l /proc/pid/ #查看一個進程的一些詳細信息
查看網絡鏈接情況:api
netstat -lnp 、netstat -lntp 、 netstat -lntup netstat -an ss -an
抓包工具:
tcpdump (安裝:yum install -y tcpdump) tcpdump -nn -i ens33 port 80 tcpdump -nn -i ens33 -c 100 -w 1.cap tcpdump -i ens33 -nn not port 22 and not port 80 and not host 192.168.222.1 tcpdump -nn -r 1.cap wireshark (安裝:yum install -y wireshark) tshark -i ens33 -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"
補充:
查看cpu核數
cat /proc/cpuinfo lscpu
buffer和cached
buffer : 這部份內存是從CPU產生即將寫入到磁盤裏去的那部分數據; cached 這部分數據是先從磁盤裏讀出來,然 後臨時存到內存裏的那部分數據,
小常識:
bit 比特(帶寬單位) Byte 字節 (速度傳輸單位) 8bit = 1Byte 2MB/s 2*8=16Mbit 100Mbit 12.8MB/s
代碼正在補充
w/uptime命令
[root@test01 ~]# w
11:57:24 up 5 min, 1 user, load average: 0.01, 0.06, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.28.1 11:52 4.00s 0.06s 0.01s w
時間,有幾個用戶在登陸 ,負載值 平均一分鐘,平均5分鐘,平均15分鐘(平均時間內有多少個活動的進程,排隊等待的進程也算是活動的進程)running and waiting
[root@test01 ~]# uptime
12:14:16 up 22 min, 1 user, load average: 0.00, 0.01, 0.05
top命令(能夠動態查看系統狀態,比較綜合)(默認按cpu的使用率從高到低排序)
也能夠顯示系統的負載值,任務數量,有幾個running 有幾個sleeping等
[root@test01 ~]# top
top - 12:16:36 up 24 min, 1 user, load average: 0.00, 0.01, 0.05
Tasks: 99 total, 1 running, 98 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.3 us, 0.3 sy, 0.0 ni, 99.3 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 999936 total, 564892 free, 213240 used, 221804 buff/cache
KiB Swap: 3907580 total, 3907580 free, 0 used. 606240 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
619 root 20 0 229368 6192 4836 S 0.7 0.6 0:02.26 vmtoolsd
3 root 20 0 0 0 0 S 0.3 0.0 0:00.09 ksoftirqd/0
2437 root 20 0 0 0 0 S 0.3 0.0 0:00.03 kworker/0:0
2440 root 20 0 157636 2172 1552 R 0.3 0.2 0:00.15 top
1 root 20 0 128152 6728 3972 S 0.0 0.7 0:01.37 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
6 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kworker/u256:0
7 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
9 root 20 0 0 0 0 S 0.0 0.0 0:00.43 rcu_sched
10 root rt 0 0 0 0 S 0.0 0.0 0:00.03 watchdog/0
12 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 khelper
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kdevtmpfs
14 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 netns
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khungtaskd
16 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 writeback
17 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
18 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
19 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kblockd
20 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 md
26 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0
27 root 25 5 0 0 0 S 0.0 0.0 0:00.00 ksmd
以上都是動態的(每隔3秒刷新一次)
分析解釋
系統負載值等
top - 12:16:36 up 24 min, 1 user, load average: 0.00, 0.01, 0.05
任務數量,有幾個running 有幾個sleeping等
Tasks: 99 total, 1 running, 98 sleeping, 0 stopped, 0 zombie
cpu使用率,us表示用戶級別的進程,sy表示系統級別的進程。99.3 id空閒百分比,其餘幾個常年都是0不用太關注
%Cpu(s): 0.3 us, 0.3 sy, 0.0 ni, 99.3 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
內存使用率 avaail Mem是系統裏面真正可以使用的內存大小
KiB Mem : 999936 total, 564892 free, 213240 used, 221804 buff/cache
KiB Swap: 3907580 total, 3907580 free, 0 used. 606240 avail Mem
須要關注的如下內容,RES %CPU %MEM
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
619 root 20 0 229368 6192 4836 S 0.7 0.6 0:02.26 vmtoolsd
3 root 20 0 0 0 0 S 0.3 0.0 0:00.09 ksoftirqd/0
2437 root 20 0 0 0 0 S 0.3 0.0 0:00.03 kworker/0:0
2440 root 20 0 157636 2172 1552 R 0.3 0.2 0:00.15 top
1 root 20 0 128152 6728 3972 S 0.0 0.7 0:01.37 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
6 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kworker/u256:0
7 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
9 root 20 0 0 0 0 S 0.0 0.0 0:00.43 rcu_sched
10 root rt 0 0 0 0 S 0.0 0.0 0:00.03 watchdog/0
12 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 khelper
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kdevtmpfs
14 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 netns
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khungtaskd
16 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 writeback
17 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
18 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
19 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kblockd
20 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 md
26 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0
27 root 25 5 0 0 0 S 0.0 0.0 0:00.00 ksmd
按內存的大小排序,按大寫M,按數字1顯示全部CPU的使用率
[root@test01 mail]# top -bn1 靜態顯示(但不會按cpu或者MEM排序)
top - 12:44:12 up 52 min, 1 user, load average: 0.00, 0.01, 0.05
Tasks: 99 total, 1 running, 98 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.3 us, 0.5 sy, 0.0 ni, 99.2 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 999936 total, 545660 free, 217036 used, 237240 buff/cache
KiB Swap: 3907580 total, 3907580 free, 0 used. 597716 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 128152 6728 3972 S 0.0 0.7 0:01.39 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:00.19 ksoftirqd/0
6 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kworker/u256:0
7 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
9 root 20 0 0 0 0 S 0.0 0.0 0:00.48 rcu_sched
10 root rt 0 0 0 0 S 0.0 0.0 0:00.04 watchdog/0
12 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 khelper
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kdevtmpfs
14 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 netns
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khungtaskd
16 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 writeback
17 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
18 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
19 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kblockd
20 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 md
26 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0
27 root 25 5 0 0 0 S 0.0 0.0 0:00.00 ksmd
28 root 39 19 0 0 0 S 0.0 0.0 0:00.15 khugepaged
29 root 20 0 0 0 0 S 0.0 0.0 0:00.00 fsnotify_mark
30 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 crypto
38 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kthrotld
40 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kmpath_rdacd
41 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kpsmoused
43 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ipv6_addrconf
62 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 deferwq
94 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kauditd
269 root 20 0 0 0 0 S 0.0 0.0 0:04.54 kworker/0:3
275 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ata_sff
276 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 mpt_poll_0
277 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 mpt/0
285 root 20 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_0
286 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 scsi_tmf_0
287 root 20 0 0 0 0 S 0.0 0.0 0:00.01 scsi_eh_1
288 root 20 0 0 0 0 S 0.0 0.0 0:00.15 kworker/u256:2
290 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 scsi_tmf_1
292 root 20 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_2
294 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 scsi_tmf_2
296 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ttm_swap
367 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kdmflush
368 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
378 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kdmflush
379 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
393 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfsalloc
394 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs_mru_cache
395 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-buf/dm-0
396 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-data/dm-0
397 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-conv/dm-0
398 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-cil/dm-0
399 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-reclaim/dm-
400 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-log/dm-0
401 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-eofblocks/d
402 root 20 0 0 0 0 S 0.0 0.0 0:00.55 xfsaild/dm-0
468 root 20 0 34936 2800 2492 S 0.0 0.3 0:00.16 systemd-journal
492 root 20 0 46244 4584 2792 S 0.0 0.5 0:00.13 systemd-udevd
507 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 nfit
520 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-buf/sda1
521 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-data/sda1
522 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-conv/sda1
523 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-cil/sda1
524 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-reclaim/sda
525 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-log/sda1
527 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 xfs-eofblocks/s
528 root 20 0 0 0 0 S 0.0 0.0 0:00.00 xfsaild/sda1
588 root 16 -4 62012 2216 1636 S 0.0 0.2 0:00.01 auditd
608 polkitd 20 0 528324 12700 4780 S 0.0 1.3 0:00.08 polkitd
612 dbus 20 0 98316 1896 1432 S 0.0 0.2 0:00.64 dbus-daemon
614 chrony 20 0 115944 1852 1480 S 0.0 0.2 0:00.11 chronyd
619 root 20 0 229368 6200 4836 S 0.0 0.6 0:05.17 vmtoolsd
620 root 20 0 24252 1700 1404 S 0.0 0.2 0:00.07 systemd-logind
629 root 20 0 126284 1680 1056 S 0.0 0.2 0:00.22 crond
637 root 20 0 110096 856 728 S 0.0 0.1 0:00.08 agetty
643 root 20 0 327904 26968 6624 S 0.0 2.7 0:00.55 firewalld
648 root 20 0 438076 8188 6304 S 0.0 0.8 0:00.43 NetworkManager
992 root 20 0 553620 16516 5868 S 0.0 1.7 0:01.46 tuned
993 root 20 0 222168 4044 3284 S 0.0 0.4 0:00.35 rsyslogd
1080 root 20 0 83016 1300 428 S 0.0 0.1 0:00.00 sshd
1087 root 20 0 115440 1748 1408 S 0.0 0.2 0:00.08 mysqld_safe
1157 root 20 0 230780 6324 1212 S 0.0 0.6 0:00.78 php-fpm
1162 php-fpm 20 0 230772 6328 1212 S 0.0 0.6 0:00.10 php-fpm
1163 php-fpm 20 0 230772 6332 1212 S 0.0 0.6 0:00.00 php-fpm
1164 php-fpm 20 0 230772 6332 1212 S 0.0 0.6 0:00.00 php-fpm
1165 php-fpm 20 0 230772 6332 1212 S 0.0 0.6 0:00.23 php-fpm
1313 mysql 20 0 1254952 90144 10736 S 0.0 9.0 0:02.87 mysqld
1684 root 20 0 89544 2192 1152 S 0.0 0.2 0:00.07 master
1727 postfix 20 0 89648 4044 3036 S 0.0 0.4 0:00.03 pickup
1728 postfix 20 0 89716 4064 3056 S 0.0 0.4 0:00.02 qmgr
2353 root 20 0 143516 5304 4016 S 0.0 0.5 0:00.95 sshd
2356 root 20 0 115780 2276 1780 S 0.0 0.2 0:00.14 bash
2398 root 20 0 46588 1348 164 S 0.0 0.1 0:00.00 nginx
2399 nginx 20 0 47008 2144 532 S 0.0 0.2 0:00.00 nginx
2417 root 20 0 125384 1124 884 S 0.0 0.1 0:00.02 anacron
2719 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
2721 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:1H
2722 root 20 0 0 0 0 S 0.0 0.0 0:00.03 kworker/0:1
2723 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kworker/0:0
2732 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:2H
2733 root 20 0 157632 2064 1520 R 0.0 0.2 0:00.00 top
查看CPU的核數,看processor
[root@test01 mail]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 142
model name : Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
stepping : 10
microcode : 0x96
cpu MHz : 1799.357
cache size : 6144 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 22
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch ida arat epb pln pts dtherm hwp hwp_noitfy hwp_act_window hwp_epp fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid rdseed adx smap xsaveopt
bogomips : 3600.00
clflush size : 64
cache_alignment : 64
address sizes : 42 bits physical, 48 bits virtual
power management:
查看CPU的信息,用這個看也很全面
[root@test01 mail]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
座: 1
NUMA 節點: 1
廠商 ID: GenuineIntel
CPU 系列: 6
型號: 142
型號名稱: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
步進: 10
CPU MHz: 1799.357
BogoMIPS: 3600.00
超管理器廠商: VMware
虛擬化類型: 徹底
L1d 緩存: 32K
L1i 緩存: 32K
L2 緩存: 256K
L3 緩存: 6144K
NUMA 節點0 CPU: 0
free命令
查看內存和swap使用狀況
關注available,真正可以使用的物理內存大小,以kb爲單位。 不用太關注Swap,Swap的解釋,當內存不夠用的時候它會進行交換,着重看used列
[root@test01 mail]# free
total used free shared buff/cache available
Mem: 999936 216812 545616 6844 237508 597808
Swap: 3907580 0 39075
[root@test01 mail]# free -m 以M的單位顯示
total used free shared buff/cache available
Mem: 976 211 532 6 231 583
Swap: 3815 0 3815
[root@test01 mail]# free -h 自行計算顯示
total used free shared buff/cache available
Mem: 976M 211M 532M 6.7M 231M 583M
Swap: 3.7G 0B 3.7G
[root@test01 mail]# free -g 以G爲單位顯示(由於沒有這麼大因此顯示不出來)
total used free shared buff/cache available
Mem: 0 0 0 0 0 0
Swap: 3 0 3
[root@test01 mail]# free -b 以b的單位顯示
total used free shared buff/cache available
Mem: 1023934464 221790208 559091712 6979584 243052544 612491264
Swap: 4001361920 0 4001361920
[root@test01 mail]# free -k (其實-k就等於free)
total used free shared buff/cache available
Mem: 999936 216592 545988 6816 237356 598136
Swap: 3907580 0 3907580
total:總量 used:使用量 free:剩餘量
buffer:這部份內存是從CPU即將寫入到磁盤裏去的那部分數據,緩衝數據內存
cached:這部分數據是先從磁盤裏讀出來,而後臨時存到內存裏的那部分數據
增長swap空間
[root@test01 mail]# dd if=/dev/zero of=/bigfile bs=1M count=1000
記錄了1000+0 的讀入
記錄了1000+0 的寫出
1048576000字節(1.0 GB)已複製,10.0679 秒,104 MB/秒
[root@test01 mail]# pwd
/var/spool/mail
[root@test01 mail]# ls
ftpuser mysql php-fpm root test1 user1
[root@test01 mail]# du -sh /bigfile
1000M /bigfile
[root@test01 mail]# mkswap /bigfile
正在設置交換空間版本 1,大小 = 1023996 KiB
無標籤,UUID=6603a4fd-592e-4e29-b50a-9646f4abdd17
[root@test01 mail]# chmod 600 /bigfile
[root@test01 mail]# swapon /bigfile
[root@test01 mail]# free
total used free shared buff/cache available
Mem: 999936 212132 73684 6816 714120 595168
[root@test01 mail]# free -h
total used free shared buff/cache available
Mem: 976M 207M 71M 6.7M 697M 581M
Swap: 4.7G 0B 4.7G
Swap: 4931576 0 4931576
iostat命令
關注最後一列 百分比%util,若是這一列的數值%99或者%100了,說明磁盤很是的忙
[root@test01 mail]# iostat -dx 1 (1就是1秒鐘顯示一次。後面還能夠加數字)
Linux 3.10.0-514.el7.x86_64 (test01) 2019年03月19日 _x86_64_ (1 CPU)
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.00 0.04 1.29 0.56 40.28 129.80 183.46 0.04 20.42 0.98 65.20 0.97 0.18
scd0 0.00 0.00 0.00 0.00 0.01 0.00 8.00 0.00 0.36 0.36 0.00 0.36 0.00
dm-0 0.00 0.00 1.12 0.48 37.19 129.54 208.94 0.04 23.82 1.01 77.45 1.09 0.17
dm-1 0.00 0.00 0.02 0.00 0.13 0.00 17.11 0.00 0.12 0.12 0.00 0.11 0.00
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
scd0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
dm-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
dm-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
scd0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
dm-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
dm-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
[root@test01 mail]# iostat -dx 1 2
Linux 3.10.0-514.el7.x86_64 (test01) 2019年03月19日 _x86_64_ (1 CPU)
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.00 0.04 1.23 0.54 38.45 123.91 183.11 0.04 20.39 0.98 64.80 0.97 0.17
scd0 0.00 0.00 0.00 0.00 0.01 0.00 8.00 0.00 0.36 0.36 0.00 0.36 0.00
dm-0 0.00 0.00 1.07 0.46 35.50 123.67 208.44 0.04 23.77 1.01 76.84 1.10 0.17
dm-1 0.00 0.00 0.01 0.00 0.12 0.00 17.11 0.00 0.12 0.12 0.00 0.11 0.00
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
scd0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
dm-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
dm-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
[root@test01 mail]# iotop (把全部的進程使用磁盤的百分比以及讀寫速度列出來(就是IO使用率排序))
Total DISK READ : 0.00 B/s | Total DISK WRITE : 0.00 B/s
Actual DISK READ: 0.00 B/s | Actual DISK WRITE: 0.00 B/s
TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND
269 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.33 % [kworker/0:3]
1 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % systemd --switched-ro~ystem --deserialize 21
2 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kthreadd]
3 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksoftirqd/0]
7 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [migration/0]
520 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [xfs-buf/sda1]
9 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [rcu_sched]
10 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [watchdog/0]
523 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [xfs-cil/sda1]
12 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [khelper]
13 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kdevtmpfs]
14 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [netns]
15 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [khungtaskd]
16 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [writeback]
17 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kintegrityd]
18 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [bioset]
19 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kblockd]
20 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [md]
26 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kswapd0]
27 be/5 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksmd]
28 be/7 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [khugepaged]
29 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [fsnotify_mark]
30 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [crypto]
38 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kthrotld]
1063 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % rsyslogd -n [in:imjournal]
40 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kmpath_rdacd]
vmstat 命令
[root@test01 mail]# vmstat 1 10
進程相關 內存相關 swap相關 IO相關 系統相關 CPU相關
procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
r b swpd free buff cache si so bi bo in cs us sy id wa st
2 0 0 141280 76 643728 0 0 37 119 45 92 0 0 99 0 0
0 0 0 141264 76 643728 0 0 0 0 54 116 0 0 100 0 0
0 0 0 141264 76 643728 0 0 0 0 50 112 0 0 100 0 0
0 0 0 141264 76 643728 0 0 0 0 55 118 0 0 100 0 0
0 0 0 141264 76 643728 0 0 0 0 46 102 0 0 100 0 0
0 0 0 141264 76 643728 0 0 0 0 55 116 0 0 100 0 0
0 0 0 141264 76 643728 0 0 0 0 57 115 0 1 99 0 0
0 0 0 141264 76 643728 0 0 0 0 58 120 0 0 100 0 0
0 0 0 141264 76 643728 0 0 0 0 50 108 0 0 100 0 0
0 0 0 141264 76 643728 0 0 0 0 55 114 0 0 100 0 0
進程相關:r表示正在活躍的進程(包含running和waiting的進程,其中的2表示平均值)。b表示block,是被阻塞的進程(如磁盤很是忙,確定會被阻塞)
內存相關:內存不足的話swpd變成非0
swap相關:si表示讀swap,so表示寫swap,從swap進入到內存裏(這一列參照內存來講)
io相關:bi表示磁盤的讀,bo表示磁盤的寫
cpu相關:cpu看id看空閒量,若是空閒不多說明,cpu使用率高,有瓶頸,100-id=等於使用率。wa表示等待cpu的百分比
監控網卡流量
sar命令(Linux系統的瑞士軍刀)
[root@test01 ~]# sar -n DEV 1 10
Linux 3.10.0-514.el7.x86_64 (test01) 2019年03月19日 _x86_64_ (1 CPU)
15時01分24秒 IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
15時01分25秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
15時01分25秒 ens33 1.01 0.00 0.06 0.00 0.00 0.00 0.00
15時01分25秒 IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
15時01分26秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
15時01分26秒 ens33 2.00 1.00 0.12 0.40 0.00 0.00 0.00
15時01分26秒 IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
15時01分27秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
15時01分27秒 ens33 2.02 1.01 0.12 0.40 0.00 0.00 0.00
15時01分27秒 IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
15時01分28秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
15時01分28秒 ens33 2.00 1.00 0.12 0.40 0.00 0.00 0.00
15時01分28秒 IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
15時01分29秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
15時01分29秒 ens33 2.02 1.01 0.12 0.40 0.00 0.00 0.00
^C
15時01分29秒 IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
15時01分30秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
15時01分30秒 ens33 4.65 4.65 0.38 1.21 0.00 0.00 0.00
平均時間: IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
平均時間: lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
平均時間: ens33 2.04 1.11 0.13 0.39 0.00 0.00 0.00
着重關注:rxpck/s表示接收到的包的數量,txpck/s表示傳送出去包的數量,rxkB/s表示網卡的流量也表示傳輸速度
100Mb 帶寬 Mbit比特 MByte字節 8bit=1Byte 2MB/s 2*8=16Mbit 100Mbit帶寬理論上的下載速度12.8MB/s
sar若是不跟數字
[root@test01 ~]# sar -n DEV
Linux 3.10.0-514.el7.x86_64 (test01) 2019年03月19日 _x86_64_ (1 CPU)
14時00分02秒 IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
14時10分01秒 lo 0.01 0.01 0.00 0.00 0.00 0.00 0.00
14時10分01秒 ens33 0.49 0.23 0.03 0.03 0.00 0.00 0.00
14時20分02秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
14時20分02秒 ens33 1.13 0.87 0.16 0.13 0.00 0.00 0.00
14時30分01秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
14時30分01秒 ens33 0.42 0.18 0.03 0.02 0.00 0.00 0.00
14時40分01秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
14時40分01秒 ens33 0.29 0.05 0.02 0.00 0.00 0.00 0.00
14時50分01秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
14時50分01秒 ens33 0.37 0.04 0.02 0.00 0.00 0.00 0.00
15時00分01秒 lo 0.03 0.03 0.00 0.00 0.00 0.00 0.00
15時00分01秒 ens33 0.32 0.13 0.02 0.01 0.00 0.00 0.00
15時10分01秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
15時10分01秒 ens33 0.46 0.17 0.03 0.02 0.00 0.00 0.00
平均時間: IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
平均時間: lo 0.01 0.01 0.00 0.00 0.00 0.00 0.00
平均時間: ens33 0.50 0.24 0.05 0.03 0.00 0.00 0.00
若是不跟數字實際它看的就是這個文件,不能直接cat,只能用sar去查
[root@test01 ~]# ls /var/log/sa/sa19 今天是19號。
/var/log/sa/sa19
[root@test01 ~]# sar -n DEV -f /var/log/sa/sa19 只查看19號的網卡流量,若是不加-n DEV就是看19號的cpu
Linux 3.10.0-514.el7.x86_64 (test01) 2019年03月19日 _x86_64_ (1 CPU)
14時00分02秒 IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
14時10分01秒 lo 0.01 0.01 0.00 0.00 0.00 0.00 0.00
14時10分01秒 ens33 0.49 0.23 0.03 0.03 0.00 0.00 0.00
14時20分02秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
14時20分02秒 ens33 1.13 0.87 0.16 0.13 0.00 0.00 0.00
14時30分01秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
14時30分01秒 ens33 0.42 0.18 0.03 0.02 0.00 0.00 0.00
14時40分01秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
14時40分01秒 ens33 0.29 0.05 0.02 0.00 0.00 0.00 0.00
14時50分01秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
14時50分01秒 ens33 0.37 0.04 0.02 0.00 0.00 0.00 0.00
15時00分01秒 lo 0.03 0.03 0.00 0.00 0.00 0.00 0.00
15時00分01秒 ens33 0.32 0.13 0.02 0.01 0.00 0.00 0.00
15時10分01秒 lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
15時10分01秒 ens33 0.46 0.17 0.03 0.02 0.00 0.00 0.00
平均時間: IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
平均時間: lo 0.01 0.01 0.00 0.00 0.00 0.00 0.00
平均時間: ens33 0.50 0.24 0.05 0.03 0.00 0.00 0.00
這個文件的記錄的多少或者多長是根據系統在線的時間來定的,每隔十分鐘記錄一次
[root@test01 ~]# sar 直接看sar看的是cpu
Linux 3.10.0-514.el7.x86_64 (test01) 2019年03月19日 _x86_64_ (1 CPU)
14時00分02秒 CPU %user %nice %system %iowait %steal %idle
14時10分01秒 all 0.07 0.00 0.20 0.01 0.00 99.72
14時20分02秒 all 2.18 0.00 0.69 0.01 0.00 97.12
14時30分01秒 all 0.23 0.00 0.17 0.01 0.00 99.59
14時40分01秒 all 0.04 0.00 0.12 0.01 0.00 99.83
14時50分01秒 all 0.04 0.00 0.12 0.00 0.00 99.83
15時00分01秒 all 0.12 0.00 0.23 0.01 0.00 99.65
15時10分01秒 all 0.05 0.00 0.16 0.01 0.00 99.78
15時20分01秒 all 0.05 0.00 0.15 0.01 0.00 99.79
平均時間: all 0.35 0.00 0.23 0.01 0.00 99.42
[root@test01 ~]# sar -b 看的是磁盤的io,
Linux 3.10.0-514.el7.x86_64 (test01) 2019年03月19日 _x86_64_ (1 CPU)
14時00分02秒 tps rtps wtps bread/s bwrtn/s
14時10分01秒 0.36 0.17 0.19 11.84 3.00
14時20分02秒 0.54 0.11 0.43 23.09 10.56
14時30分01秒 0.03 0.00 0.02 0.11 0.29
14時40分01秒 0.06 0.00 0.06 0.00 0.75
14時50分01秒 0.04 0.00 0.04 0.00 0.53
15時00分01秒 0.15 0.00 0.15 0.00 2.02
15時10分01秒 0.10 0.00 0.10 0.00 1.34
15時20分01秒 0.12 0.06 0.07 9.24 0.81
平均時間: 0.17 0.04 0.13 5.53 2.41
[root@test01 ~]# sar -q 看的是系統負載,歷史系統負載
Linux 3.10.0-514.el7.x86_64 (test01) 2019年03月19日 _x86_64_ (1 CPU)
14時00分02秒 runq-sz plist-sz ldavg-1 ldavg-5 ldavg-15 blocked
14時10分01秒 1 144 0.06 0.03 0.05 0
14時20分02秒 1 145 0.06 0.09 0.07 0
14時30分01秒 1 143 0.00 0.01 0.05 0
14時40分01秒 1 144 0.00 0.01 0.05 0
14時50分01秒 1 143 0.00 0.01 0.05 0
15時00分01秒 1 143 0.00 0.01 0.05 0
15時10分01秒 1 143 0.00 0.01 0.05 0
15時20分01秒 1 144 0.00 0.01 0.05 0
平均時間: 1 144 0.01 0.02 0.05 0
nload命令(動態顯示網卡流量)
[root@test01 ~]# nload 按方向鍵切換網卡
Device ens33 [192.168.28.107] (1/2):
=========================================================================================================
Incoming:
Curr: 944.00 Bit/s
Avg: 1.30 kBit/s
Min: 936.00 Bit/s
Max: 2.73 kBit/s
Ttl: 933.24 kByte
Outgoing:
Curr: 8.27 kBit/s
Avg: 8.28 kBit/s
Min: 6.04 kBit/s
Max: 8.74 kBit/s
Ttl: 2.82 MByte
ethtool命令(查看網卡詳細信息)少關注最後一行,查看是否鏈接狀態
[root@test01 ~]# ethtool ens33
Settings for ens33:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
MDI-X: off (auto)
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)
drv probe link
Link detected: yes
mii-tool 也能夠查看網卡是否鏈接狀態
[root@test01 ~]# mii-tool ens33
ens33: negotiated 1000baseT-FD flow-control, link ok
ps命令
若是什麼都不加,只查詢當前終端已運行的一些進程(沒什麼意義)
[root@test01 ~]# ps
PID TTY TIME CMD
2356 pts/0 00:00:00 bash
3296 pts/0 00:00:00 ps
[root@test01 ~]# ps aux 能夠查看全部用戶,包括前臺,後臺,系統級別,用戶級別,全部的進程
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.6 128152 6740 ? Ss 11:52 0:01 /usr/lib/systemd/systemd --switched-roo
root 2 0.0 0.0 0 0 ? S 11:52 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 11:52 0:00 [ksoftirqd/0]
root 7 0.0 0.0 0 0 ? S 11:52 0:00 [migration/0]
root 8 0.0 0.0 0 0 ? S 11:52 0:00 [rcu_bh]
root 9 0.0 0.0 0 0 ? R 11:52 0:00 [rcu_sched]
root 10 0.0 0.0 0 0 ? S 11:52 0:00 [watchdog/0]
root 12 0.0 0.0 0 0 ? S< 11:52 0:00 [khelper]
root 13 0.0 0.0 0 0 ? S 11:52 0:00 [kdevtmpfs]
root 14 0.0 0.0 0 0 ? S< 11:52 0:00 [netns]
root 15 0.0 0.0 0 0 ? S 11:52 0:00 [khungtaskd]
root 16 0.0 0.0 0 0 ? S< 11:52 0:00 [writeback]
root 17 0.0 0.0 0 0 ? S< 11:52 0:00 [kintegrityd]
root 18 0.0 0.0 0 0 ? S< 11:52 0:00 [bioset]
root 19 0.0 0.0 0 0 ? S< 11:52 0:00 [kblockd]
root 20 0.0 0.0 0 0 ? S< 11:52 0:00 [md]
root 26 0.0 0.0 0 0 ? S 11:52 0:00 [kswapd0]
root 27 0.0 0.0 0 0 ? SN 11:52 0:00 [ksmd]
root 28 0.0 0.0 0 0 ? SN 11:52 0:00 [khugepaged]
root 29 0.0 0.0 0 0 ? S 11:52 0:00 [fsnotify_mark]
root 30 0.0 0.0 0 0 ? S< 11:52 0:00 [crypto]
root 38 0.0 0.0 0 0 ? S< 11:52 0:00 [kthrotld]
root 40 0.0 0.0 0 0 ? S< 11:52 0:00 [kmpath_rdacd]
root 41 0.0 0.0 0 0 ? S< 11:52 0:00 [kpsmoused]
root 43 0.0 0.0 0 0 ? S< 11:52 0:00 [ipv6_addrconf]
root 62 0.0 0.0 0 0 ? S< 11:52 0:00 [deferwq]
root 94 0.0 0.0 0 0 ? S 11:52 0:00 [kauditd]
root 275 0.0 0.0 0 0 ? S< 11:52 0:00 [ata_sff]
root 276 0.0 0.0 0 0 ? S< 11:52 0:00 [mpt_poll_0]
root 277 0.0 0.0 0 0 ? S< 11:52 0:00 [mpt/0]
root 285 0.0 0.0 0 0 ? S 11:52 0:00 [scsi_eh_0]
root 286 0.0 0.0 0 0 ? S< 11:52 0:00 [scsi_tmf_0]
root 287 0.0 0.0 0 0 ? S 11:52 0:00 [scsi_eh_1]
root 288 0.0 0.0 0 0 ? S 11:52 0:03 [kworker/u256:2]
root 290 0.0 0.0 0 0 ? S< 11:52 0:00 [scsi_tmf_1]
root 292 0.0 0.0 0 0 ? S 11:52 0:00 [scsi_eh_2]
root 294 0.0 0.0 0 0 ? S< 11:52 0:00 [scsi_tmf_2]
root 296 0.0 0.0 0 0 ? S< 11:52 0:00 [ttm_swap]
root 367 0.0 0.0 0 0 ? S< 11:52 0:00 [kdmflush]
root 368 0.0 0.0 0 0 ? S< 11:52 0:00 [bioset]
root 378 0.0 0.0 0 0 ? S< 11:52 0:00 [kdmflush]
root 379 0.0 0.0 0 0 ? S< 11:52 0:00 [bioset]
root 393 0.0 0.0 0 0 ? S< 11:52 0:00 [xfsalloc]
root 394 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs_mru_cache]
root 395 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-buf/dm-0]
root 396 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-data/dm-0]
root 397 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-conv/dm-0]
root 398 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-cil/dm-0]
root 399 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-reclaim/dm-]
root 400 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-log/dm-0]
root 401 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-eofblocks/d]
root 402 0.0 0.0 0 0 ? S 11:52 0:01 [xfsaild/dm-0]
root 468 0.0 0.3 34936 3108 ? Ss 11:52 0:00 /usr/lib/systemd/systemd-journald
root 492 0.0 0.4 46244 4584 ? Ss 11:52 0:00 /usr/lib/systemd/systemd-udevd
root 507 0.0 0.0 0 0 ? S< 11:52 0:00 [nfit]
root 520 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-buf/sda1]
root 521 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-data/sda1]
root 522 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-conv/sda1]
root 523 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-cil/sda1]
root 524 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-reclaim/sda]
root 525 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-log/sda1]
root 527 0.0 0.0 0 0 ? S< 11:52 0:00 [xfs-eofblocks/s]
root 528 0.0 0.0 0 0 ? S 11:52 0:00 [xfsaild/sda1]
root 588 0.0 0.2 62012 2216 ? S<sl 11:52 0:00 /sbin/auditd -n
polkitd 608 0.0 1.2 528324 12700 ? Ssl 11:52 0:00 /usr/lib/polkit-1/polkitd --no-debug
dbus 612 0.0 0.1 98316 1896 ? Ssl 11:52 0:00 /bin/dbus-daemon --system --address=sys
chrony 614 0.0 0.1 115944 1896 ? S 11:52 0:00 /usr/sbin/chronyd
root 619 0.1 0.6 229368 6236 ? Ss 11:52 0:23 /usr/bin/vmtoolsd
root 620 0.0 0.1 24252 1700 ? Ss 11:52 0:00 /usr/lib/systemd/systemd-logind
root 629 0.0 0.1 126316 1720 ? Ss 11:52 0:00 /usr/sbin/crond -n
root 637 0.0 0.0 110096 852 tty1 Ss+ 11:52 0:00 /sbin/agetty --noclear tty1 linux
root 643 0.0 2.6 327904 26672 ? Ssl 11:52 0:01 /usr/bin/python -Es /usr/sbin/firewalld
root 648 0.0 0.8 438076 8224 ? Ssl 11:52 0:00 /usr/sbin/NetworkManager --no-daemon
root 992 0.0 1.6 553620 16516 ? Ssl 11:52 0:03 /usr/bin/python -Es /usr/sbin/tuned -l
root 993 0.0 0.4 222168 4244 ? Ssl 11:52 0:00 /usr/sbin/rsyslogd -n
root 1080 0.0 0.1 83016 1300 ? Ss 11:52 0:00 /usr/sbin/sshd
root 1087 0.0 0.1 115440 1748 ? S 11:52 0:00 /bin/sh /usr/local/mysql/bin/mysqld_saf
root 1157 0.0 0.6 230780 6000 ? Ss 11:52 0:03 php-fpm: master process (/usr/local/php
php-fpm 1162 0.0 0.6 230772 6004 ? S 11:52 0:00 php-fpm: pool bbs
php-fpm 1163 0.0 0.6 230772 6008 ? S 11:52 0:00 php-fpm: pool bbs
php-fpm 1164 0.0 0.6 230772 6008 ? S 11:52 0:00 php-fpm: pool blog
php-fpm 1165 0.0 0.6 230772 6008 ? S 11:52 0:00 php-fpm: pool blog
mysql 1313 0.0 9.0 1254952 90124 ? Sl 11:52 0:08 /usr/local/mysql/bin/mysqld --basedir=/
root 1684 0.0 0.2 89544 2192 ? Ss 11:52 0:00 /usr/libexec/postfix/master -w
postfix 1728 0.0 0.4 89716 4064 ? S 11:52 0:00 qmgr -l -t unix -u
root 2353 0.0 0.5 143648 5304 ? Ss 11:52 0:01 sshd: root@pts/0
root 2356 0.0 0.2 115780 2284 pts/0 Ss 11:52 0:00 -bash
root 2398 0.0 0.1 46588 1348 ? Ss 11:54 0:00 nginx: master process /usr/sbin/nginx -
nginx 2399 0.0 0.2 47008 2144 ? S 11:54 0:00 nginx: worker process
root 2842 0.0 0.0 0 0 ? S 13:35 0:00 [kworker/u256:1]
root 3134 0.1 0.0 0 0 ? R 14:57 0:03 [kworker/0:1]
postfix 3229 0.0 0.4 89648 4044 ? S 15:11 0:00 pickup -l -t unix -u
root 3247 0.0 0.0 0 0 ? S< 15:21 0:00 [kworker/0:2H]
root 3283 0.0 0.0 0 0 ? S< 15:31 0:00 [kworker/0:0H]
root 3284 0.0 0.0 0 0 ? S 15:32 0:00 [kworker/0:0]
root 3287 0.0 0.0 0 0 ? S< 15:37 0:00 [kworker/0:1H]
root 3289 0.0 0.0 0 0 ? S 15:37 0:00 [kworker/0:2]
root 3297 0.0 0.1 151116 1852 pts/0 R+ 15:41 0:00 ps aux
USER第一列 表示使用進程的用戶
PID 第二列 表示進程ID,pid。每一個進程都有本身的一個id
%CPU第三列 cpu百分比
%MEM第四列 內存百分比
VSZ 第五列 虛擬內存大小
RSS 第六列 物理內存大小
TTY 第七列 所在的TTY,TTY若是是?號,通常是指在後臺,不屬於任何一個tty,登陸的終端shell就是一個tty
STAT第八列 (這一列重要)進程的狀態,
S Sleep(休眠狀態,最廣泛的狀態)
R Running(在運行的狀態)
s 父進程
N 低優先級
< 高優先級
+ 前臺進程
l 多線程進程(用ps -eLf 能夠看到多線程的進程,好比查找一下MySQL)
Z 殭屍進程
START第九列 啓動時間
TIME第十列 空閒時間
COMMAND第十一類 對應的指令、命令
ps aux須要關注進程的使用%cpu的百分比,%MEM的百分比,RSS使用物理內存的大小,STAT進程的狀態,COMMAND進程的指令及命令
[root@test01 ~]# ls -l /proc/2399(此命令加id號能夠查看到該進程相關的文件,用ps aux查看一個進程的時候顯示的很簡單,用/proc/id就能夠查看詳細的指令)
查看網絡鏈接情況(查看監聽端口)
netstat命令
[root@test01 ~]# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2420/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1096/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1738/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2420/nginx: master
tcp6 0 0 :::3306 :::* LISTEN 1209/mysqld
tcp6 0 0 :::22 :::* LISTEN 1096/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1738/master
udp 0 0 127.0.0.1:323 0.0.0.0:* 623/chronyd
udp6 0 0 ::1:323 :::* 623/chronyd
raw6 0 0 :::58 :::* 7 664/NetworkManager
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 18749 1314/php-fpm: maste /tmp/bbs.socket
unix 2 [ ACC ] STREAM LISTENING 18751 1314/php-fpm: maste /tmp/blog.socket
unix 2 [ ACC ] STREAM LISTENING 19300 1738/master public/flush
unix 2 [ ACC ] STREAM LISTENING 19318 1738/master public/showq
unix 2 [ ACC ] STREAM LISTENING 19285 1738/master private/rewrite
unix 2 [ ACC ] STREAM LISTENING 19288 1738/master private/bounce
unix 2 [ ACC ] STREAM LISTENING 19291 1738/master private/defer
unix 2 [ ACC ] STREAM LISTENING 19294 1738/master private/trace
unix 2 [ ACC ] STREAM LISTENING 19308 1738/master private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 19312 1738/master private/smtp
unix 2 [ ACC ] STREAM LISTENING 19315 1738/master private/relay
unix 2 [ ACC ] STREAM LISTENING 19469 1209/mysqld /tmp/mysql.sock
unix 2 [ ACC ] SEQPACKET LISTENING 12870 1/systemd /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 19282 1738/master private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 14679 1/systemd /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 19328 1738/master private/discard
unix 2 [ ACC ] STREAM LISTENING 19331 1738/master private/local
unix 2 [ ACC ] STREAM LISTENING 19334 1738/master private/virtual
unix 2 [ ACC ] STREAM LISTENING 19337 1738/master private/lmtp
unix 2 [ ACC ] STREAM LISTENING 19340 1738/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 19343 1738/master private/scache
unix 2 [ ACC ] STREAM LISTENING 19278 1738/master public/qmgr
unix 2 [ ACC ] STREAM LISTENING 19321 1738/master private/error
unix 2 [ ACC ] STREAM LISTENING 19325 1738/master private/retry
unix 2 [ ACC ] STREAM LISTENING 19297 1738/master private/verify
unix 2 [ ACC ] STREAM LISTENING 19271 1738/master public/pickup
unix 2 [ ACC ] STREAM LISTENING 19275 1738/master public/cleanup
unix 2 [ ACC ] STREAM LISTENING 8398 1/systemd /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 19303 1738/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 12788 1/systemd /run/systemd/private
只查看tcp的監聽端口
[root@test01 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2420/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1096/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1738/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2420/nginx: master
tcp6 0 0 :::3306 :::* LISTEN 1209/mysqld
tcp6 0 0 :::22 :::* LISTEN 1096/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1738/master
只查看udp的監聽端口
[root@test01 ~]# netstat -lnup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 127.0.0.1:323 0.0.0.0:* 623/chronyd
udp6 0 0 ::1:323 :::* 623/chronyd
只查看tcp和udp的監聽端口
[root@test01 ~]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2420/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1096/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1738/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2420/nginx: master
tcp6 0 0 :::3306 :::* LISTEN 1209/mysqld
tcp6 0 0 :::22 :::* LISTEN 1096/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1738/master
udp 0 0 127.0.0.1:323 0.0.0.0:* 623/chronyd
udp6 0 0 ::1:323 :::* 623/chronyd
查看全部的網絡鏈接,包括監聽的包括已經鏈接的
[root@test01 ~]# ss -an 結果也相似netstat -an (但顯示比較快)
[root@test01 ~]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 52 192.168.28.107:22 192.168.28.1:53969 ESTABLISHED
tcp6 0 0 :::3306 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 ::1:323 :::*
raw6 0 0 :::58 :::* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 18749 /tmp/bbs.socket
unix 2 [ ACC ] STREAM LISTENING 18751 /tmp/blog.socket
unix 2 [ ACC ] STREAM LISTENING 19300 public/flush
unix 2 [ ACC ] STREAM LISTENING 19318 public/showq
unix 2 [ ACC ] STREAM LISTENING 19285 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 19288 private/bounce
unix 2 [ ACC ] STREAM LISTENING 19291 private/defer
unix 2 [ ACC ] STREAM LISTENING 19294 private/trace
unix 2 [ ACC ] STREAM LISTENING 19308 private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 19312 private/smtp
unix 2 [ ACC ] STREAM LISTENING 19315 private/relay
unix 2 [ ACC ] STREAM LISTENING 19469 /tmp/mysql.sock
unix 2 [ ] DGRAM 12838 /run/systemd/shutdownd
unix 2 [ ACC ] SEQPACKET LISTENING 12870 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 19282 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 14679 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 19328 private/discard
unix 2 [ ACC ] STREAM LISTENING 19331 private/local
unix 2 [ ACC ] STREAM LISTENING 19334 private/virtual
unix 2 [ ACC ] STREAM LISTENING 19337 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 19340 private/anvil
unix 2 [ ACC ] STREAM LISTENING 19343 private/scache
unix 2 [ ACC ] STREAM LISTENING 19278 public/qmgr
unix 2 [ ACC ] STREAM LISTENING 19321 private/error
unix 2 [ ACC ] STREAM LISTENING 19325 private/retry
unix 2 [ ] DGRAM 8385 /run/systemd/notify
unix 2 [ ACC ] STREAM LISTENING 19297 private/verify
unix 2 [ ] DGRAM 8387 /run/systemd/cgroups-agent
unix 2 [ ACC ] STREAM LISTENING 19271 public/pickup
unix 2 [ ACC ] STREAM LISTENING 19275 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 8398 /run/systemd/journal/stdout
unix 5 [ ] DGRAM 8401 /run/systemd/journal/socket
unix 13 [ ] DGRAM 8403 /dev/log
unix 2 [ ACC ] STREAM LISTENING 19303 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 12788 /run/systemd/private
unix 2 [ ] DGRAM 14581
unix 3 [ ] STREAM CONNECTED 19320
unix 3 [ ] STREAM CONNECTED 19324
unix 3 [ ] STREAM CONNECTED 19270
unix 3 [ ] STREAM CONNECTED 19317
unix 3 [ ] STREAM CONNECTED 19323
unix 2 [ ] DGRAM 19363
unix 3 [ ] STREAM CONNECTED 14589
unix 2 [ ] DGRAM 19381
unix 3 [ ] STREAM CONNECTED 19280
unix 3 [ ] STREAM CONNECTED 19327
unix 3 [ ] STREAM CONNECTED 19326
unix 3 [ ] STREAM CONNECTED 14588
unix 3 [ ] STREAM CONNECTED 19332
unix 3 [ ] STREAM CONNECTED 15966
unix 3 [ ] STREAM CONNECTED 14914
unix 3 [ ] STREAM CONNECTED 19330
unix 3 [ ] STREAM CONNECTED 19284
unix 3 [ ] STREAM CONNECTED 19329
unix 3 [ ] STREAM CONNECTED 15743
unix 3 [ ] STREAM CONNECTED 19336
unix 3 [ ] STREAM CONNECTED 19335
unix 3 [ ] STREAM CONNECTED 15827 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 19279
unix 3 [ ] STREAM CONNECTED 15967 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 19333
unix 3 [ ] STREAM CONNECTED 14915
unix 3 [ ] STREAM CONNECTED 19339
unix 3 [ ] STREAM CONNECTED 15826
unix 3 [ ] STREAM CONNECTED 19338
unix 2 [ ] DGRAM 15818
unix 2 [ ] DGRAM 20632
unix 3 [ ] STREAM CONNECTED 19344
unix 3 [ ] STREAM CONNECTED 15097 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19316
unix 3 [ ] STREAM CONNECTED 15096
unix 3 [ ] STREAM CONNECTED 19342
unix 3 [ ] STREAM CONNECTED 19269
unix 3 [ ] STREAM CONNECTED 15744 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 19341
unix 3 [ ] STREAM CONNECTED 19345
unix 3 [ ] STREAM CONNECTED 19287
unix 3 [ ] STREAM CONNECTED 18747
unix 2 [ ] DGRAM 15627
unix 3 [ ] STREAM CONNECTED 19286
unix 3 [ ] STREAM CONNECTED 14718
unix 3 [ ] DGRAM 13634
unix 3 [ ] STREAM CONNECTED 15206 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 15418
unix 3 [ ] STREAM CONNECTED 19290
unix 3 [ ] STREAM CONNECTED 18176 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 13555 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19276
unix 3 [ ] STREAM CONNECTED 15801 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19289
unix 3 [ ] STREAM CONNECTED 15800
unix 3 [ ] STREAM CONNECTED 17947
unix 2 [ ] DGRAM 13606
unix 3 [ ] STREAM CONNECTED 19295
unix 3 [ ] STREAM CONNECTED 15357 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 14916 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 15205
unix 2 [ ] DGRAM 23092
unix 3 [ ] STREAM CONNECTED 19293
unix 3 [ ] STREAM CONNECTED 19277
unix 3 [ ] STREAM CONNECTED 15419 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 19292
unix 3 [ ] STREAM CONNECTED 19298
unix 2 [ ] DGRAM 15466
unix 3 [ ] STREAM CONNECTED 21990
unix 3 [ ] STREAM CONNECTED 19273
unix 3 [ ] STREAM CONNECTED 14890 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19296
unix 3 [ ] STREAM CONNECTED 19301
unix 3 [ ] STREAM CONNECTED 15199
unix 3 [ ] STREAM CONNECTED 19299
unix 3 [ ] STREAM CONNECTED 15200 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 19307
unix 3 [ ] STREAM CONNECTED 18830 /var/run/dbus/system_bus_socket
unix 2 [ ] DGRAM 13175
unix 3 [ ] STREAM CONNECTED 21989
unix 3 [ ] STREAM CONNECTED 19306
unix 3 [ ] STREAM CONNECTED 14889
unix 3 [ ] STREAM CONNECTED 18829
unix 3 [ ] STREAM CONNECTED 15356
unix 3 [ ] STREAM CONNECTED 19302
unix 3 [ ] STREAM CONNECTED 13554
unix 3 [ ] STREAM CONNECTED 19319
unix 3 [ ] STREAM CONNECTED 19310
unix 2 [ ] DGRAM 15207
unix 2 [ ] DGRAM 15894
unix 3 [ ] STREAM CONNECTED 19283
unix 3 [ ] STREAM CONNECTED 19314
unix 2 [ ] DGRAM 19241
unix 3 [ ] STREAM CONNECTED 18748
unix 3 [ ] STREAM CONNECTED 19313
unix 2 [ ] DGRAM 15242
unix 3 [ ] STREAM CONNECTED 19272
unix 3 [ ] STREAM CONNECTED 19311
unix 3 [ ] DGRAM 13635
[root@test01 ~]#
抓包工具
-nn以數字的形式顯示,-i指定網卡,端口80
[root@test01 ~]# tcpdump -nn -i ens33 port 80
[root@test01 ~]# tcpdump -nn -i ens33 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
13:46:00.303769 IP 192.168.28.1.55389 > 192.168.28.107.80: Flags [S], seq 3172524667, win 65518, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
13:46:00.303913 IP 192.168.28.107.80 > 192.168.28.1.55389: Flags [S.], seq 1911447629, ack 3172524668, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
13:46:00.304232 IP 192.168.28.1.55390 > 192.168.28.107.80: Flags [S], seq 327370390, win 65518, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
13:46:00.304268 IP 192.168.28.107.80 > 192.168.28.1.55390: Flags [S.], seq 3180073244, ack 327370391, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
13:46:00.304793 IP 192.168.28.1.55389 > 192.168.28.107.80: Flags [.], ack 1, win 261, length 0
13:46:00.304840 IP 192.168.28.1.55390 > 192.168.28.107.80: Flags [.], ack 1, win 2091, length 0
13:46:00.305621 IP 192.168.28.1.55390 > 192.168.28.107.80: Flags [P.], seq 1:455, ack 1, win 2091, length 454: HTTP: GET / HTTP/1.1
13:46:00.305652 IP 192.168.28.107.80 > 192.168.28.1.55390: Flags [.], ack 455, win 237, length 0
13:46:01.106174 IP 192.168.28.107.80 > 192.168.28.1.55390: Flags [P.], seq 1:8321, ack 455, win 237, length 8320: HTTP: HTTP/1.1 200 OK
13:46:01.108296 IP 192.168.28.1.55390 > 192.168.28.107.80: Flags [.], ack 8321, win 2091, length 0
13:46:01.112753 IP 192.168.28.107.80 > 192.168.28.1.55390: Flags [P.], seq 8321:10991, ack 455, win 237, length 2670: HTTP
13:46:01.112891 IP 192.168.28.107.80 > 192.168.28.1.55390: Flags [P.], seq 10991:10996, ack 455, win 237, length 5: HTTP
13:46:01.114010 IP 192.168.28.1.55390 > 192.168.28.107.80: Flags [.], ack 10996, win 2091, length 0
13:46:03.090434 IP 192.168.28.1.55390 > 192.168.28.107.80: Flags [P.], seq 455:909, ack 10996, win 2091, length 454: HTTP: GET / HTTP/1.1
13:46:03.090482 IP 192.168.28.107.80 > 192.168.28.1.55390: Flags [.], ack 909, win 245, length 0
13:46:03.366217 IP 192.168.28.107.80 > 192.168.28.1.55390: Flags [P.], seq 10996:19316, ack 909, win 245, length 8320: HTTP: HTTP/1.1 200 OK
13:46:03.368354 IP 192.168.28.1.55390 > 192.168.28.107.80: Flags [.], ack 19316, win 2091, length 0
13:46:03.372894 IP 192.168.28.107.80 > 192.168.28.1.55390: Flags [P.], seq 19316:21986, ack 909, win 245, length 2670: HTTP
13:46:03.373064 IP 192.168.28.107.80 > 192.168.28.1.55390: Flags [P.], seq 21986:21991, ack 909, win 245, length 5: HTTP
只抓80端口的10個包
[root@test01 ~]# tcpdump -nn -i ens33 port 80 -c 10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
13:50:46.804758 IP 192.168.28.1.55537 > 192.168.28.107.80: Flags [S], seq 2594676514, win 65518, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
13:50:46.805399 IP 192.168.28.107.80 > 192.168.28.1.55537: Flags [S.], seq 2539877308, ack 2594676515, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
13:50:46.806617 IP 192.168.28.1.55538 > 192.168.28.107.80: Flags [S], seq 200053957, win 65518, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
13:50:46.806765 IP 192.168.28.107.80 > 192.168.28.1.55538: Flags [S.], seq 1478352046, ack 200053958, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
13:50:46.807685 IP 192.168.28.1.55537 > 192.168.28.107.80: Flags [.], ack 1, win 261, length 0
13:50:46.807801 IP 192.168.28.1.55538 > 192.168.28.107.80: Flags [.], ack 1, win 261, length 0
13:50:46.809629 IP 192.168.28.1.55537 > 192.168.28.107.80: Flags [P.], seq 1:455, ack 1, win 261, length 454: HTTP: GET / HTTP/1.1
13:50:46.809726 IP 192.168.28.107.80 > 192.168.28.1.55537: Flags [.], ack 455, win 237, length 0
13:50:47.799242 IP 192.168.28.107.80 > 192.168.28.1.55537: Flags [P.], seq 1:8321, ack 455, win 237, length 8320: HTTP: HTTP/1.1 200 OK
13:50:47.800146 IP 192.168.28.1.55537 > 192.168.28.107.80: Flags [.], ack 2921, win 261, length 0
10 packets captured
12 packets received by filter
0 packets dropped by kernel
抓包指定存放路徑或者叫寫入到指定文件(若是不指定路徑,僅僅是在屏幕上顯示,顯示的只是包的流向)
[root@test01 ~]# tcpdump -nn -i ens33 -c 10 -w /tmp/1.cap
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10 packets captured
10 packets received by filter
0 packets dropped by kernel
[root@test01 ~]# ls -l /tmp/1.cap
-rw-r--r--. 1 tcpdump tcpdump 1392 3月 20 13:53 /tmp/1.cap
[root@test01 ~]# ls -lh /tmp/1.cap
-rw-r--r--. 1 tcpdump tcpdump 1.4K 3月 20 13:53 /tmp/1.cap
讀取抓取到的包
[root@test01 ~]# tcpdump -r /tmp/1.cap (也能夠加上 -nn)
reading from file /tmp/1.cap, link-type EN10MB (Ethernet)
13:53:24.200925 IP www.aaa.com.ssh > 192.168.28.1.53969: Flags [P.], seq 1882283593:1882283741, ack 2106030109, win 317, length 148
13:53:24.201429 IP 192.168.28.1.53969 > www.aaa.com.ssh: Flags [.], ack 148, win 2086, length 0
13:53:29.996538 IP 192.168.28.1.55610 > www.aaa.com.http: Flags [S], seq 3112038806, win 65518, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
13:53:29.996651 IP www.aaa.com.http > 192.168.28.1.55610: Flags [S.], seq 704245333, ack 3112038807, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
13:53:29.997411 IP 192.168.28.1.55611 > www.aaa.com.http: Flags [S], seq 2246959224, win 65518, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
13:53:29.997677 IP www.aaa.com.http > 192.168.28.1.55611: Flags [S.], seq 2637615863, ack 2246959225, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
13:53:29.997767 IP 192.168.28.1.55610 > www.aaa.com.http: Flags [.], ack 1, win 261, length 0
13:53:29.998017 IP 192.168.28.1.55610 > www.aaa.com.http: Flags [P.], seq 1:455, ack 1, win 261, length 454: HTTP: GET / HTTP/1.1
13:53:29.998092 IP www.aaa.com.http > 192.168.28.1.55610: Flags [.], ack 455, win 237, length 0
13:53:30.013054 IP 192.168.28.1.55611 > www.aaa.com.http: Flags [.], ack 1, win 261, length 0
反向指定,不要22端口
[root@test01 ~]# tcpdump -nn -i ens33 not port 22 -c 10 -w /tmp/1.cap
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10 packets captured
10 packets received by filter
0 packets dropped by kernel
還能夠這樣寫
[root@test01 ~]# tcpdump -nn -i ens33 not port 22 and not port 80 -c 10 -w /tmp/2.cap
還能夠寫成限定IP
[root@test01 ~]# tcpdump -nn -i ens33 not port 22 and not port 80 and not host 192.168.28.1 -c 10 -w /tmp/2.cap
抓到的包能夠放到windows下用wireshark工具分析,在Linux下也有這樣的用具,叫tshark,要先安裝wireshark包
[root@test01 ~]#yum install -y wireshark
用法和tcpdump特別像
[root@test01 ~]# tshark -nn -i ens33
Running as user "root" and group "root". This could be dangerous.
Capturing on 'ens33'
1 0.000000000 192.168.28.1 -> 192.168.28.107 TCP 60 53969 > 22 [ACK] Seq=1 Ack=1 Win=2089 Len=0
2 0.069678344 00:50:56:c0:00:08 -> ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.28.2? Tell 192.168.28.1
3 0.576803815 192.168.28.107 -> 192.168.28.1 SSH 314 Encrypted response packet len=260
4 0.618519032 192.168.28.1 -> 192.168.28.107 TCP 60 53969 > 22 [ACK] Seq=1 Ack=261 Win=2088 Len=0
5 1.067259122 00:50:56:c0:00:08 -> ff:ff:ff:ff:ff:ff ARP 60 Who has 192.168.28.2? Tell 192.168.28.1
6 1.318880114 192.168.28.107 -> 192.168.28.1 SSH 410 Encrypted response packet len=356
7 1.360251169 192.168.28.1 -> 192.168.28.107 TCP 60 53969 > 22 [ACK] Seq=1 Ack=617 Win=2086 Len=0
8 1.863810229 192.168.28.107 -> 192.168.28.1 SSH 298 Encrypted response packet len=244
9 1.906595125 192.168.28.1 -> 192.168.28.107 TCP 60 53969 > 22 [ACK] Seq=1 Ack=861 Win=2085 Len=0
10 2.411396943 192.168.28.107 -> 192.168.28.1 SSH 298 Encrypted response packet len=244
tshark的正確用法,出來的結果跟訪問日誌相似(命令很長)有來源ip,有域名,有對應的方法,有url
[root@test01 ~]# tshark -i ens33 -n -t a -R http.request -T fields -e "frame.time" -e "http.host" -e "http.request.method" -e "http.request.uri"
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
Running as user "root" and group "root". This could be dangerous.
Capturing on 'ens33'
"Mar 20, 2019 14:16:54.122553219 CST" blog.champin.top GET /
"Mar 20, 2019 14:16:58.915388171 CST" blog.champin.top GET /
"Mar 20, 2019 14:17:01.573371949 CST" www.champin.top GET /?p=1
"Mar 20, 2019 14:17:01.576945362 CST" blog.champin.top GET /?p=1
"Mar 20, 2019 14:17:01.819057126 CST" www.champin.top GET /wp-includes/js/comment-reply.min.js?ver=5.0.3
"Mar 20, 2019 14:17:01.828312956 CST" blog.champin.top GET /wp-includes/js/comment-reply.min.js?ver=5.0.3
"Mar 20, 2019 14:17:08.260327793 CST" blog.champin.top GET /?p=1
"Mar 20, 2019 14:17:09.978334198 CST" www.champin.top GET /?author=1
"Mar 20, 2019 14:17:09.981046716 CST" blog.champin.top GET /?author=1
"Mar 20, 2019 14:17:20.217063100 CST" blog.champin.top GET /?p=1
相關文章
- 1. 5.1 監控Linux系統狀態 至 監控Linux系統狀態5.9
- 2. 5.1-4監控Linux系統狀態
- 3. 監控Linux系統狀態
- 4. 監控linux系統狀態
- 5. linux23-監控Linux系統狀態
- 6. 監控Linux系統狀態的命令
- 7. Linux atop 監控系統狀態
- 8. Linux watch 監控系統狀態
- 9. 監控系統狀態(二)
- 10. Day29 監控系統狀態
- 更多相關文章...
- • HTTP狀態碼 - HTTP 教程
- • 持久化對象的狀態及狀態轉換 - Hibernate教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 5.1 監控Linux系統狀態 至 監控Linux系統狀態5.9
- 2. 5.1-4監控Linux系統狀態
- 3. 監控Linux系統狀態
- 4. 監控linux系統狀態
- 5. linux23-監控Linux系統狀態
- 6. 監控Linux系統狀態的命令
- 7. Linux atop 監控系統狀態
- 8. Linux watch 監控系統狀態
- 9. 監控系統狀態(二)
- 10. Day29 監控系統狀態