查看具体进程的pid
pidof [process name]
eg:
$pidof rpcbind
54965
查看Core文件的pattern
cat /proc/sys/kernel/core_pattern
查看具体进程的Linux资源限制
$cat /proc/`pidof rpcbind`/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size unlimited unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 3092855 3092855 processes
Max open files 1024 4096 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 3092855 3092855 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
查看当前进程的文件句柄信息
$sudo ls -l /proc/`pidof rpcbind`/fd | head -n 10
total 0
lrwx------ 1 rpc rpc 64 Sep 9 16:15 0 -> /dev/null
lrwx------ 1 rpc rpc 64 Sep 9 16:15 1 -> /dev/null
lrwx------ 1 rpc rpc 64 Sep 9 16:16 10 -> socket:[426537397]
lrwx------ 1 rpc rpc 64 Sep 9 16:52 100 -> socket:[427476899]
lrwx------ 1 rpc rpc 64 Sep 9 16:53 101 -> socket:[427505652]
lrwx------ 1 rpc rpc 64 Sep 9 16:53 102 -> socket:[427688034]
lrwx------ 1 rpc rpc 64 Sep 9 16:53 103 -> socket:[427688098]
lrwx------ 1 rpc rpc 64 Sep 9 16:53 104 -> socket:[427439670]
lrwx------ 1 rpc rpc 64 Sep 9 16:54 105 -> socket:[427688336]
查看Socket链接信息
$sudo cat /proc/net/tcp | grep 427688034
253: 0702160A:006F 0022160A:6A9D 01 00000000:00000000 00:00000000 00000000 32 0 427688034 1 ffff88bb1cbd3e00 20 0 0 10 -1
说明:
0702160A:006F //从右到左10.22.2.7:111(本地)
0022160A:6A9D 10.22.34.0:6A9D
查看源端的连接
$sudo netstat -alnp | grep ":111" | grep "34"
tcp 0 0 10.22.2.7:111 10.22.34.0:27328 ESTABLISHED 54965/rpcbind
tcp 0 0 10.22.2.7:111 10.22.34.0:37169 ESTABLISHED 54965/rpcbind
tcp 0 0 10.22.2.7:111 10.22.34.0:45986 ESTABLISHED 54965/rpcbind
tcp 0 0 10.22.2.7:111 10.22.34.0:39454 ESTABLISHED 54965/rpcbind
官方文档解释
proc_net_tcp.txt介绍了/proc/net/tcp和/proc/net/tcp6接口。这些接口展示了tcp的连接信息。
展示的信息中,首先是listening TCP sockets,接着是established TCP sockets。
文档中对其中每个字段的解释如下(由于长度原因,分为3个部分):
part1:
46: 010310AC:9C4C 030310AC:1770 01
| | | | | |--> connection state(套接字状态)
| | | | |------> remote TCP port number(远端端口,主机字节序)
| | | |-------------> remote IPv4 address(远端IP,网络字节序)
| | |--------------------> local TCP port number(本地端口,主机字节序)
| |---------------------------> local IPv4 address(本地IP,网络字节序)
|----------------------------------> number of entry
connection state
(套接字状态),不同的数值代表不同的状态,参照如下:
TCP_ESTABLISHED:1 TCP_SYN_SENT:2
TCP_SYN_RECV:3 TCP_FIN_WAIT1:4
TCP_FIN_WAIT2:5 TCP_TIME_WAIT:6
TCP_CLOSE:7 TCP_CLOSE_WAIT:8
TCP_LAST_ACL:9 TCP_LISTEN:10
TCP_CLOSING:11
part2:
00000150:00000000 01:00000019 00000000
| | | | |--> number of unrecovered RTO timeouts(超时重传次数)
| | | |----------> number of jiffies until timer expires(超时时间,单位是jiffies)
| | |----------------> timer_active (定时器类型,see below)
| |----------------------> receive-queue(根据状态不同有不同表示,see below)
|-------------------------------> transmit-queue(发送队列中数据长度)
receive-queue
,当状态是ESTABLISHED,表示接收队列中数据长度;状态是LISTEN,表示已经完成连接队列的长度。
timer_active
:
0 no timer is pending //没有启动定时器
1 retransmit-timer is pending //重传定时器
2 another timer (e.g. delayed ack or keepalive) is pending //连接定时器、FIN_WAIT_2定时器或TCP保活定时器
3 this is a socket in TIME_WAIT state. Not all fields will contain data (or even exist) //TIME_WAIT定时器
4 zero window probe timer is pending //持续定时器
part3:
1000 0 54165785 4 cd1e6040 25 4 27 3 -1
| | | | | | | | | |--> slow start size threshold,
or -1 if the threshold is >=0xFFFF
| | | | | | | | | (如果慢启动阈值大于等于0xFFFF则显示-1,否则表示慢启动阈值)
| | | | | | | | |
| | | | | | | | |----> sending congestion window(当前拥塞窗口大小)
| | | | | | | |-------> (ack.quick<<1)|ack.pingpong
(快速确认数和是否启用的标志位的或运算结果)
| | | | | | |---------> Predicted tick of soft clock (delayed ACK control data)
(用来计算延时确认的估值)
| | | | | |
| | | | | |------------> retransmit timeout()(RTO,单位是clock_t)
| | | | |------------------> location of socket in memory(socket实例的地址)
| | | |-----------------------> socket reference count(socket结构体的引用数)
| | |-----------------------------> inode(套接字对应的inode)
| |----------------------------------> unanswered 0-window probes(see below)
|---------------------------------------------> uid(用户id)
unanswered 0-window probes
:持续定时器或保活定时器周期性发送出去但未被确认的TCP段数目,在收到ACK之后清零