学习笔记0413----监控系统的状态

预习内容

10.1 使用w查看系统负载
10.2 vmstat命令
10.3 top命令
10.4 sar命令
10.5 nload命令
10.6 监控io性能
10.7 free命令
10.8 ps命令
10.9 查看网络状态
10.10 linux下抓包
10.11 Linux网络相关
扩展
tcp三次握手四次挥手(重点) http://www.doc88.com/p-9913773324388.html
tshark几个用法:http://www.aminglinux.com/bbs/thread-995-1-1.html

1 查看系统负载

1.1 w命令

[root@linux-01 ceshi]# w
 22:32:05 up 10 days, ,  2 users,  load average: 0.08, 0.03, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    192.168.141.1    06:33    5.00s  0.41s  0.00s w
root     pts/2    192.168.141.1    一17   15:56m  4.20s  4.20s -bash

状态 含义
22:32:05 时间
up 10 days,21:03 系统运行时间
2 users 系统登录的用户数量
load average: 0.08, 0.03, 0.05 平均负载:单位时间段内cpu的活动进程数,0.08代表是1分钟内的平均负载值,0.03是5分钟内的平均负载值,0.05是15分钟内的平均负载值;值越大,代表服务器的压力越大,一般情况下,这个值只要不超过服务器的cpu数量就没关系。
USER 登录的用户
TTY 登录终端
FROM 远程主机名
LOGIN@ 登录时间
IDLE 空闲了多长时间
JCPU 和该终端连接所有进程所占用的时间
PCPU 当前进程所占用时间
WHAT 当前正在执行的命令

扩展:上面的表格中提交到了一个cpu数量,那cpu数量是什么呢?linux系统中如何查看cpu的数量呢?
方法一:使用cat命令查看/proc/cpuinfo;再列出的信息当中我可以需要查看两个关键词,processor、physical id 。processor代表本机的cpu核数,如果是2,代表是4核cpu。physical id 是查看本机有几颗物理cpu。
方法二:使用lscpu查看cpu信息。

## 查看服务器有几个cpu的方法;cat /proc/cpuinfo ##
[root@linux-01 ceshi]# cat /proc/cpuinfo
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 61
model name	: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
stepping	: 4
microcode	: 0x1f
cpu MHz		: 2294.709
cache size	: 3072 KB
physical id	: 0
siblings	: 1
core id		: 0
cpu cores	: 1
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 20
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 invpcid rtm rdseed adx smap xsaveopt arat
bogomips	: 4589.41
clflush size	: 64
cache_alignment	: 64
address sizes	: 43 bits physical, 48 bits virtual
power management:

[root@linux-01 ceshi]# 
## lscpu 也可以查看cpu信息 ##
[root@linux-01 ceshi]# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                1
On-line CPU(s) list:   0
Thread(s) per core:    1
Core(s) per socket:    1
座:                 1
NUMA 节点:         1
厂商 ID:           GenuineIntel
CPU 系列:          6
型号:              61
型号名称:        Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
步进:              4
CPU MHz:             2294.709
BogoMIPS:            4589.41
超管理器厂商:  VMware
虚拟化类型:     完全
L1d 缓存:          32K
L1i 缓存:          32K
L2 缓存:           256K
L3 缓存:           3072K
NUMA 节点0 CPU:    0
Flags:                 fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 invpcid rtm rdseed adx smap xsaveopt arat
[root@linux-01 ceshi]# 

1.2 uptime命令

## uptime显示的信息是 w信息的第一行 ##
[root@linux-01 ceshi]# uptime
 22:32:09 up 10 days, 21:03,  2 users,  load average: 0.08, 0.03, 0.05
[root@linux-01 ceshi]# 

2. vmstat 命令

命令w可以查看系统的负载信息,但是无法判断系统具体是哪儿有压力,所以就用到了vmstat命令,vmstat命令显示的结果主要有6部分:procs、memory、swap、io、system、cpu。具体显示结果如下:

[root@linux-01 ceshi]# vmstat 
procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 2  0      0 1514544   2200 192848    0    0     0     0   23   36  0  0 100  0  0
[root@linux-01 ceshi]# 
类别 项目 含义
procs显示进程的相关信息 r run:表示运行或等待cpu时间片的进程数。
b block:表示等待资源的进程数,这个资源指的是I/O、内存等
memory显示内存的相关信息 swpd 表示切换到交换分区中的内存数量,单位是KB。
free 表示单前空闲的内存数量,单位是KB。
buff 表示(即将写入磁盘的)缓存大小,单位是KB。
cache 表示(从磁盘中读取的)缓存大小,单位是KB。
swap显示内存的交换情况 si 表示由交换分区写入内存的数据量,单位是KB。
so 表示由内存写入交换分区的数据量,单位是KB。
io显示硬盘的使用情况 bi 表示从块设备读取数据的量(读磁盘),单位是KB。
bo 表示从块设备写入数据的量(写磁盘),单位是KB。
system显示采集间隔内发生的中断次数 in 表示在某一时间间隔内观测到的每秒设备的中断次数
cs 表示每秒产生的上下文切换次数
cpu显示cpu的使用状态 us 显示用户下所花费cpu的时间百分比
sy 显示系统花费cpu的时间百分比
id 表示cpu处理空闲状态的百分比
wa 表示I/O等待所占用cpu的时间百分比
st 表示被偷走的cpu所占百分比(一般为0,不用关注)
注:常关注r、b和wa这三列。如果磁盘io压力很大,bi和bo这两列的数值会很高,另外,当bi和bo两列的数值比较高并且不断变化,说明内存不够了,内存中的数据频繁交换到交换分区中,这往往对系统性能有很大的影响。
## 通常使用如下形式查看系统状态 ##
[root@linux-01 ceshi]# vmstat 1 5
procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 1  0      0 1514132   2200 192952    0    0     0     0   23   36  0  0 100  0  0
 0  0      0 1514132   2200 192952    0    0     0     0   23   35  0  0 100  0  0
 1  0      0 1514132   2200 192952    0    0     0     0   24   34  0  0 100  0  0
 0  0      0 1514132   2200 192952    0    0     0     0   23   37  0  0 100  0  0
 1  0      0 1514132   2200 192952    0    0     0     0   28   37  0  0 100  0  0

vmstat 1 5 表示vmstat 每隔1秒显示一次,共输出5次。

3. top命令显示系统进程所占用系统资源

命令w可以查看系统的负载信息,vmstat可以查看系统的信息,如果查看系统某个进程占用cpu率很高,这就涉及到top命令,top命令可以显示出当前系统的进程使用cpu的情况,具体如下。

[root@linux-01 ceshi]# top
top - 02:26:23 up 11 days, 57 min,  2 users,  load average: 0.02, 0.03, 0.05
Tasks: 100 total,   1 running,  99 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.3 sy,  0.0 ni, 99.7 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem :  1864248 total,  1513388 free,   155220 used,   195640 buff/cache
KiB Swap:  4194300 total,  4194300 free,        0 used.  1512100 avail Mem 

   PID USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+ COMMAND                                                             
  6321 root      20   0  227204   6464   5104 S  0.7  0.3  63:01.43 vmtoolsd                                                            
 17415 root      20   0       0      0      0 S  0.7  0.0   0:38.05 kworker/0:3                                                         
     1 root      20   0  128004   6548   4136 S  0.0  0.4   0:09.28 systemd                                                             
     2 root      20   0       0      0      0 S  0.0  0.0   0:00.11 kthreadd                                                            
     3 root      20   0       0      0      0 S  0.0  0.0   0:45.82 ksoftirqd/0                                                         
     5 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kworker/0:0H                                                        
     7 root      rt   0       0      0      0 S  0.0  0.0   0:00.00 migration/0                                                         
     8 root      20   0       0      0      0 S  0.0  0.0   0:00.00 rcu_bh                                                              
     9 root      20   0       0      0      0 S  0.0  0.0   0:35.09 rcu_sched                                                           
    10 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 lru-add-drain                                                       
    11 root      rt   0       0      0      0 S  0.0  0.0   0:20.79 watchdog/0                                                          
    13 root      20   0       0      0      0 S  0.0  0.0   0:00.00 kdevtmpfs                                                           
    14 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 netns                                                               
    15 root      20   0       0      0      0 S  0.0  0.0   0:00.58 khungtaskd                                                          
    16 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 writeback                                                           
    17 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kintegrityd                                                         
    18 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 bioset                                                              
    19 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 bioset                                                              
    20 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 bioset                                                              
    21 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kblockd                                                             
    22 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 md          

top命令的第一行和w命令的第一行所显示的内容一样,top命令用于动态监控进程所占用的系统资源,每隔3秒刷新一次。上面top打印出了很多信息,我们需要重点关注的是%CPU 、%MEM 和COMMAND这几项,RES这一项是进程占用系统内存的大小,%MEM为使用内存的百分比。在top状态下,按“M”可以按照内存使用大小排序,按“1”可以列出所有核cpu的使用情况,按“q”可以退出top。

## top -c 可以吧进程的路径显示出来 ##
[readonly@wxbManager ~]$ top -c
top - 20:07:48 up 526 days, 23:35,  1 user,  load average: 0.02, 0.01, 0.00
Tasks: 112 total,   1 running, 111 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.5%us,  0.5%sy,  0.0%ni, 99.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:   8189864k total,  6244516k used,  1945348k free,   384744k buffers
Swap:        0k total,        0k used,        0k free,  2419092k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 9273 root      20   0 79108 2128 1220 S  0.3  0.0 132:26.23 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]
28986 10beiMan  20   0 6888m 2.8g  15m S  0.3 36.2 411:52.18 /usr/java/jdk1.8.0_181/bin/java -Djava.util.logging.config.file=/home/10beiManager/tomcat/conf/logging.properties -Djava.util.l
    1 root      20   0 19340 1116  816 S  0.0  0.0   0:47.48 /sbin/init
    2 root      20   0     0    0    0 S  0.0  0.0   0:00.01 [kthreadd]
    3 root      RT   0     0    0    0 S  0.0  0.0   2:06.37 [migration/0]
    4 root      20   0     0    0    0 S  0.0  0.0   4:04.32 [ksoftirqd/0]
    5 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 [stopper/0]
    6 root      RT   0     0    0    0 S  0.0  0.0   0:58.78 [watchdog/0]
    7 root      RT   0     0    0    0 S  0.0  0.0   2:58.54 [migration/1]
    8 root      RT   0     0    0    0 S  0.0  0.0   0:00.00 [stopper/1]
    9 root      20   0     0    0    0 S  0.0  0.0   5:45.23 [ksoftirqd/1]
   10 root      RT   0     0    0    0 S  0.0  0.0   0:52.23 [watchdog/1]
   11 root      20   0     0    0    0 S  0.0  0.0  30:35.79 [events/0]
   12 root      20   0     0    0    0 S  0.0  0.0 139:35.07 [events/1]
   13 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [events/0]
   14 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [events/1]
   15 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [events_long/0]
   16 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [events_long/1]
   17 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [events_power_ef]
   18 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [events_power_ef]
   19 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [cgroup]
   20 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [khelper]
   21 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [netns]
   22 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [async/mgr]
   23 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [pm]
   24 root      20   0     0    0    0 S  0.0  0.0   0:00.00 [xenwatch]
## top -bn1 可以吧进程信息一次性输出来,并非动态信息,多用于脚本 ##
[root@linux-01 ceshi]# top -bn1
top - 02:37:01 up 11 days,  1:08,  2 users,  load average: 0.00, 0.01, 0.05
Tasks: 100 total,   1 running,  99 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem :  1864248 total,  1513364 free,   155252 used,   195632 buff/cache
KiB Swap:  4194300 total,  4194300 free,        0 used.  1512080 avail Mem 

   PID USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+ COMMAND
     1 root      20   0  128004   6548   4136 S  0.0  0.4   0:09.28 systemd
     2 root      20   0       0      0      0 S  0.0  0.0   0:00.11 kthreadd
     3 root      20   0       0      0      0 S  0.0  0.0   0:45.86 ksoftirqd/0
     5 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kworker/0:0H
     7 root      rt   0       0      0      0 S  0.0  0.0   0:00.00 migration/0
     8 root      20   0       0      0      0 S  0.0  0.0   0:00.00 rcu_bh
     9 root      20   0       0      0      0 S  0.0  0.0   0:35.12 rcu_sched
    10 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 lru-add-drain
    11 root      rt   0       0      0      0 S  0.0  0.0   0:20.80 watchdog/0
    13 root      20   0       0      0      0 S  0.0  0.0   0:00.00 kdevtmpfs
    14 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 netns
    15 root      20   0       0      0      0 S  0.0  0.0   0:00.58 khungtaskd
    16 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 writeback
    17 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kintegrityd
    18 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 bioset
    19 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 bioset
    20 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 bioset
    21 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kblockd
    22 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 md
    23 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 edac-poller
    24 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 watchdogd
    30 root      20   0       0      0      0 S  0.0  0.0   0:00.00 kswapd0
    31 root      25   5       0      0      0 S  0.0  0.0   0:00.00 ksmd
    32 root      39  19       0      0      0 S  0.0  0.0   0:07.99 khugepaged
    33 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 crypto
    41 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kthrotld
    43 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kmpath_rdacd
    44 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kaluad
    45 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kpsmoused
    47 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 ipv6_addrconf
    60 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 deferwq
    91 root      20   0       0      0      0 S  0.0  0.0   0:00.01 kauditd
  1644 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 nfit
  1666 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 mpt_poll_0
  1670 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 mpt/0
  1671 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 ata_sff
  1716 root      20   0       0      0      0 S  0.0  0.0   0:00.00 scsi_eh_0
  1722 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 scsi_tmf_0
  1747 root      20   0       0      0      0 S  0.0  0.0   0:00.01 scsi_eh_1
  1748 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 scsi_tmf_1
  1750 root      20   0       0      0      0 S  0.0  0.0   0:00.00 scsi_eh_2
  1757 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 scsi_tmf_2
  1899 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 ttm_swap
  1901 root     -51   0       0      0      0 S  0.0  0.0   0:00.00 irq/16-vmwgfx
  2900 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 bioset
  2905 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfsalloc
  2910 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs_mru_cache
  2913 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-buf/sda3
  2916 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-data/sda3
  2919 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-conv/sda3
  2920 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-cil/sda3
  2921 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-reclaim/sda
  2922 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-log/sda3
  2923 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-eofblocks/s
  2924 root      20   0       0      0      0 S  0.0  0.0   0:14.38 xfsaild/sda3
  2925 root       0 -20       0      0      0 S  0.0  0.0   0:08.96 kworker/0:1H
  2992 root      20   0   39076   4472   4144 S  0.0  0.2   0:02.26 systemd-journal
  3009 root      20   0  340348   8048   2620 S  0.0  0.4   0:00.01 lvmetad
  3027 root      20   0   48208   5700   2864 S  0.0  0.3   0:00.73 systemd-udevd
  4848 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kdmflush
  4854 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 bioset
  4861 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-buf/sda1
  4863 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-data/sda1
  4867 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-conv/sda1
  4868 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-cil/sda1
  4873 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-reclaim/sda
  4878 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-log/sda1
  4879 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs-eofblocks/s
  4882 root      20   0       0      0      0 S  0.0  0.0   0:00.00 xfsaild/sda1
  4966 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kworker/u257:0
  4973 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 hci0
  4975 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 hci0
  4980 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kworker/u257:2
  6161 root      16  -4   62044   1080    496 S  0.0  0.1   0:02.77 auditd
  6309 root      20   0   26376   1752   1440 S  0.0  0.1   0:02.92 systemd-logind
  6312 polkitd   20   0  613000  11908   4920 S  0.0  0.6   0:00.48 polkitd
  6319 root      20   0   99572   6112   4504 S  0.0  0.3   0:00.07 VGAuthService
  6321 root      20   0  227204   6464   5104 S  0.0  0.3  63:03.15 vmtoolsd
  6325 dbus      20   0   66460   2584   1896 S  0.0  0.1   0:02.08 dbus-daemon
  6417 root      20   0  126280   1692   1068 S  0.0  0.1   0:03.74 crond
  6456 root      20   0  110092    860    728 S  0.0  0.0   0:00.01 agetty
  6465 root      20   0  358512  29324   7184 S  0.0  1.6   0:01.21 firewalld
  6519 root      20   0  473892   8616   6648 S  0.0  0.5   0:30.74 NetworkManager
  6965 root      20   0  573820  17112   6036 S  0.0  0.9   3:29.09 tuned
  6967 root      20   0  112756   4352   3328 S  0.0  0.2   0:00.07 sshd
  6968 root      20   0  220612   7824   4444 S  0.0  0.4   2:05.77 rsyslogd
  7260 root      20   0   89544   2180   1148 S  0.0  0.1   0:07.78 master
  7266 postfix   20   0   89716   4092   3088 S  0.0  0.2   0:01.19 qmgr
 12649 root      20   0  158760   5588   4240 S  0.0  0.3   0:11.17 sshd
 12653 root      20   0  116212   3088   1844 S  0.0  0.2   0:04.20 bash
 14479 root      20   0       0      0      0 S  0.0  0.0   0:02.59 kworker/u256:2
 16324 root      20   0       0      0      0 S  0.0  0.0   0:02.04 kworker/u256:0
 16555 root      20   0  158760   5608   4256 S  0.0  0.3   0:01.57 sshd
 16559 root      20   0  116228   2996   1792 S  0.0  0.2   0:00.48 bash
 17415 root      20   0       0      0      0 S  0.0  0.0   0:40.42 kworker/0:3
 17426 postfix   20   0   89648   4068   3068 S  0.0  0.2   0:00.02 pickup
 17474 root      20   0  123260    780    552 S  0.0  0.0   0:00.00 anacron
 17491 root      20   0       0      0      0 S  0.0  0.0   0:00.02 kworker/0:1
 17492 root      20   0       0      0      0 S  0.0  0.0   0:00.01 kworker/0:0
 17500 root      20   0  161880   2108   1548 R  0.0  0.1   0:00.04 top
[root@linux-01 ceshi]# 

4.sar命令监控系统状态

4.1 安装sar命令

## 安装sar 命令 ## 
[root@linux-01 ceshi]# yum install  -y sysstat
已加载插件:fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Determining fastest mirrors
epel/x86_64/metalink                                                                                              | 4.7 kB  00:00:00     
 * base: mirrors.163.com
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.cn99.com
 * updates: mirrors.nju.edu.cn
base                                                                                                              | 3.6 kB  00:00:00     
epel                                                                                                              | 4.7 kB  00:00:00     
extras                                                                                                            | 3.4 kB  00:00:00     
updates                                                                                                           | 3.4 kB  00:00:00     
(1/4): epel/x86_64/updateinfo                                                                                     | 986 kB  00:00:00     
(2/4): extras/7/x86_64/primary_db                                                                                 | 187 kB  00:00:00     
(3/4): epel/x86_64/primary_db                                                                                     | 6.7 MB  00:00:02     
(4/4): updates/7/x86_64/primary_db                                                                                | 3.4 MB  00:00:02     
正在解决依赖关系
--> 正在检查事务
---> 软件包 sysstat.x86_64.0.10.1.5-17.el7 将被 安装
--> 正在处理依赖关系 libsensors.so.4()(64bit),它被软件包 sysstat-10.1.5-17.el7.x86_64 需要
--> 正在检查事务
---> 软件包 lm_sensors-libs.x86_64.0.3.4.0-6.20160601gitf9185e5.el7 将被 安装
--> 解决依赖关系完成

依赖关系解决

=========================================================================================================================================
 Package                          架构                    版本                                               源                     大小
=========================================================================================================================================
正在安装:
 sysstat                          x86_64                  10.1.5-17.el7                                      base                  315 k
为依赖而安装:
 lm_sensors-libs                  x86_64                  3.4.0-6.20160601gitf9185e5.el7                     base                   42 k

事务概要
=========================================================================================================================================
安装  1 软件包 (+1 依赖软件包)

总下载量:356 k
安装大小:1.2 M
Downloading packages:
(1/2): lm_sensors-libs-3.4.0-6.20160601gitf9185e5.el7.x86_64.rpm                                                  |  42 kB  00:00:00     
(2/2): sysstat-10.1.5-17.el7.x86_64.rpm                                                                           | 315 kB  00:00:01     
-----------------------------------------------------------------------------------------------------------------------------------------
总计                                                                                                     265 kB/s | 356 kB  00:00:01     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安装    : lm_sensors-libs-3.4.0-6.20160601gitf9185e5.el7.x86_64                                                                1/2 
  正在安装    : sysstat-10.1.5-17.el7.x86_64                                                                                         2/2 
  验证中      : lm_sensors-libs-3.4.0-6.20160601gitf9185e5.el7.x86_64                                                                1/2 
  验证中      : sysstat-10.1.5-17.el7.x86_64                                                                                         2/2 

已安装:
  sysstat.x86_64 0:10.1.5-17.el7                                                                                                         

作为依赖被安装:
  lm_sensors-libs.x86_64 0:3.4.0-6.20160601gitf9185e5.el7                                                                                

完毕!
[root@linux-01 ceshi]# 

## sar命令安装好后,发现会报错,其实是因为sar没有历史记录导致的报错,不影响,可以加参数既可使用。 ##
[root@linux-01 ceshi]# sar
无法打开 /var/log/sa/sa13: 没有那个文件或目录

4.2 sar -n DEV 查看网卡历史流量

在这里插入图片描述

每列信息 含义
08:40:30 PM 时间
IFACE 网卡设备名称
rxpck/s 每秒钟接受的数据包
txpck/s 每秒钟发送的数据库
rxkB/s 每秒钟接受的数据包大小,单位为KB
txkB/s 每秒钟发送的数据包大小,单位为KB
rxcmp/s 每秒钟接受的压缩数据包
txcmp/s 每秒钟发送的压缩包
rxmcst/s 每秒钟接收的多播数据包

4.3 sar -n DEV 5 3 查看网卡实时流量

在这里插入图片描述

4.4 sar -n DEV -f 查看某一天的网卡历史流量

在这里插入图片描述

4.5 sar -q 查看历史负载

在这里插入图片描述

4.6查看磁盘的读和写

在这里插入图片描述

4.7 /var/log/sa/ 下的文件sa17于sar17区别

sa17是二进制文件,我们无法使用cat查看;
sar17文件可以使用cat查看。
在这里插入图片描述

5. nload 命令查看网卡流量

5.1 安装nload命令包,安装之前先安装epel-release

[root@linux-01 ceshi]# yum install -y nload
已加载插件:fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
 * base: mirrors.163.com
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.cn99.com
 * updates: mirrors.nju.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 nload.x86_64.0.0.7.4-4.el7 将被 安装
--> 解决依赖关系完成

依赖关系解决

=========================================================================================================================================
 Package                        架构                            版本                                 源                             大小
=========================================================================================================================================
正在安装:
 nload                          x86_64                          0.7.4-4.el7                          epel                           70 k

事务概要
=========================================================================================================================================
安装  1 软件包

总下载量:70 k
安装大小:176 k
Downloading packages:
警告:/var/cache/yum/x86_64/7/epel/packages/nload-0.7.4-4.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 352c64e5: NOKEY00:00:00 ETA 
nload-0.7.4-4.el7.x86_64.rpm 的公钥尚未安装
nload-0.7.4-4.el7.x86_64.rpm                                                                                      |  70 kB  00:00:01     
从 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 检索密钥
导入 GPG key 0x352C64E5:
 用户ID     : "Fedora EPEL (7) <epel@fedoraproject.org>"
 指纹       : 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
 软件包     : epel-release-7-11.noarch (@extras)
 来自       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安装    : nload-0.7.4-4.el7.x86_64                                                                                             1/1 
  验证中      : nload-0.7.4-4.el7.x86_64                                                                                             1/1 

已安装:
  nload.x86_64 0:0.7.4-4.el7                                                                                                             

完毕!
[root@linux-01 ceshi]# 

5.2 nload 实时显示网卡信息

在使用nload命令时,我们需要注意的是curr哪行的数据,incoming为进入网卡的流量,outgoing为网卡出去的流量。

[root@linux-01 ceshi]# nload
Device ens33 [192.168.141.128] (1/2):
=========================================================================================================================================
Incoming:







                                                                                             Curr: 872.00 Bit/s
                                                                                             Avg: 960.00 Bit/s
                                                                                             Min: 872.00 Bit/s
                                                                                             Max: 1.73 kBit/s
                                                                                             Ttl: 32.87 MByte
Outgoing:







                                                                                             Curr: 8.15 kBit/s
                                                                                             Avg: 7.73 kBit/s
                                                                                             Min: 3.98 kBit/s
                                                                                             Max: 8.16 kBit/s
                                                                                             Ttl: 6.61 MByte
## 点击向右光标 ##
Device lo [127.0.0.1] (2/2):
=========================================================================================================================================
Incoming:







                                                                                             Curr: 0.00 Bit/s
                                                                                             Avg: 0.00 Bit/s
                                                                                             Min: 0.00 Bit/s
                                                                                             Max: 0.00 Bit/s
                                                                                             Ttl: 0.00 Byte
Outgoing:







                                                                                             Curr: 0.00 Bit/s
                                                                                             Avg: 0.00 Bit/s
                                                                                             Min: 0.00 Bit/s
                                                                                             Max: 0.00 Bit/s
                                                                                             Ttl: 0.00 Byte
## 按q退出 ##

6.监控io性能

在这里插入图片描述

6.1 iostat -x 磁盘使用

iostat 依赖的软件包是sysstat 和sar命令一样,在安装好sysstat之后,iostat也一样安装上咯。%util是一个很重要的指标,如果io读写不打,%util很大,说明磁盘io严重不足。
在这里插入图片描述

6.2 iotop 查看那个进程占用io比较高

iotop命令是系统本身所没有,所以我们需要去安装iotop软件包,iotop命令和top命令相识,也是动态显示。如果磁盘io很高,我们想查看那个进程使用io比较大就需要用到iotop。

[root@linux-01 ceshi]# yum install -y iotop
已加载插件:fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
 * base: mirrors.163.com
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.cn99.com
 * updates: mirrors.nju.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 iotop.noarch.0.0.6-4.el7 将被 安装
--> 解决依赖关系完成

依赖关系解决

=========================================================================================================================================
 Package                        架构                            版本                                 源                             大小
=========================================================================================================================================
正在安装:
 iotop                          noarch                          0.6-4.el7                            base                           52 k

事务概要
=========================================================================================================================================
安装  1 软件包

总下载量:52 k
安装大小:156 k
Downloading packages:
iotop-0.6-4.el7.noarch.rpm                                                                                        |  52 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安装    : iotop-0.6-4.el7.noarch                                                                                               1/1 
  验证中      : iotop-0.6-4.el7.noarch                                                                                               1/1 

已安装:
  iotop.noarch 0:0.6-4.el7                                                                                                               

完毕!
[root@linux-01 ceshi]# 

[root@linux-01 ceshi]#  iotop
Total DISK READ :	0.00 B/s | Total DISK WRITE :       0.00 B/s
Actual DISK READ:	0.00 B/s | Actual DISK WRITE:       0.00 B/s
   TID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND                                                                  
     1 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % systemd --switched-root --system --deserialize 22
     2 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kthreadd]
     3 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [ksoftirqd/0]
     5 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kworker/0:0H]
     7 rt/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [migration/0]
     8 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [rcu_bh]
     9 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [rcu_sched]
    10 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [lru-add-drain]
    11 rt/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [watchdog/0]
    13 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kdevtmpfs]
    14 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [netns]
    15 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [khungtaskd]
    16 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [writeback]
    17 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kintegrityd]
    18 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [bioset]
    19 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [bioset]
    20 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [bioset]
    21 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kblockd]
    22 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [md]
    23 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [edac-poller]
    24 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [watchdogd]
  6319 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % VGAuthService -s
    30 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kswapd0]
    31 be/5 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [ksmd]
    32 be/7 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [khugepaged]

7. free查看内存

centos7系统的free命令显示结果比centos6 更加简洁,大体内容上是一致的。

在这里插入图片描述

[root@linux-01 ceshi]# free 
              total        used        free      shared  buff/cache   available
Mem:        1864248      154264     1347132        9752      362852     1509080
Swap:       4194300           0     4194300
[root@linux-01 ceshi]# 

含义
total 内存总大小
used 真正使用的实际内存大小
free 剩余物理内存大小
shared 共享物理内存大小
buff/cache 数据经过cpu写入磁盘,用的内存是buffer,数据经过磁盘交给cpu做运算处理,用的内存是cache
available 系统可使用内存有多大,它包含了free,还有没有被占用的buff+cache

8. ps 查看系统进程

在这里插入图片描述

[readonly@wxbManager ~]$ ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  19340  1116 ?        Ss    2017   0:47 /sbin/init
root         2  0.0  0.0      0     0 ?        S     2017   0:00 [kthreadd]
root         3  0.0  0.0      0     0 ?        S     2017   2:06 [migration/0]
root         4  0.0  0.0      0     0 ?        S     2017   4:04 [ksoftirqd/0]
root         5  0.0  0.0      0     0 ?        S     2017   0:00 [stopper/0]
root         6  0.0  0.0      0     0 ?        S     2017   0:58 [watchdog/0]
root         7  0.0  0.0      0     0 ?        S     2017   2:58 [migration/1]
root         8  0.0  0.0      0     0 ?        S     2017   0:00 [stopper/1]
root         9  0.0  0.0      0     0 ?        S     2017   5:45 [ksoftirqd/1]
root        10  0.0  0.0      0     0 ?        S     2017   0:52 [watchdog/1]
root        11  0.0  0.0      0     0 ?        S     2017  30:36 [events/0]
root        12  0.0  0.0      0     0 ?        S     2017 139:36 [events/1]
root        13  0.0  0.0      0     0 ?        S     2017   0:00 [events/0]
root        14  0.0  0.0      0     0 ?        S     2017   0:00 [events/1]
root        15  0.0  0.0      0     0 ?        S     2017   0:00 [events_long/0]
root        16  0.0  0.0      0     0 ?        S     2017   0:00 [events_long/1]
root        17  0.0  0.0      0     0 ?        S     2017   0:00 [events_power_ef]
root        18  0.0  0.0      0     0 ?        S     2017   0:00 [events_power_ef]
root        19  0.0  0.0      0     0 ?        S     2017   0:00 [cgroup]
root        20  0.0  0.0      0     0 ?        S     2017   0:00 [khelper]
root        21  0.0  0.0      0     0 ?        S     2017   0:00 [netns]
root        22  0.0  0.0      0     0 ?        S     2017   0:00 [async/mgr]
root        23  0.0  0.0      0     0 ?        S     2017   0:00 [pm]
root        24  0.0  0.0      0     0 ?        S     2017   0:00 [xenwatch]
root        25  0.0  0.0      0     0 ?        S     2017   0:00 [xenbus]
root        26  0.0  0.0      0     0 ?        S     2017   2:29 [sync_supers]
root        27  0.0  0.0      0     0 ?        S     2017   0:02 [bdi-default]
root        28  0.0  0.0      0     0 ?        S     2017   0:00 [kintegrityd/0]
root        29  0.0  0.0      0     0 ?        S     2017   0:00 [kintegrityd/1]
root        30  0.0  0.0      0     0 ?        S     2017   4:36 [kblockd/0]
root        31  0.0  0.0      0     0 ?        S     2017   0:02 [kblockd/1]
root        32  0.0  0.0      0     0 ?        S     2017   0:00 [kacpid]
root        33  0.0  0.0      0     0 ?        S     2017   0:00 [kacpi_notify]
root        34  0.0  0.0      0     0 ?        S     2017   0:00 [kacpi_hotplug]
root        35  0.0  0.0      0     0 ?        S     2017   0:00 [ata_aux]
root        36  0.0  0.0      0     0 ?        S     2017   0:00 [ata_sff/0]
root        37  0.0  0.0      0     0 ?        S     2017   0:00 [ata_sff/1]
root        38  0.0  0.0      0     0 ?        S     2017   0:00 [ksuspend_usbd]
root        39  0.0  0.0      0     0 ?        S     2017   0:00 [khubd]
root        40  0.0  0.0      0     0 ?        S     2017   0:00 [kseriod]
root        41  0.0  0.0      0     0 ?        S     2017   0:00 [md/0]
root        42  0.0  0.0      0     0 ?        S     2017   0:00 [md/1]
root        43  0.0  0.0      0     0 ?        S     2017   0:00 [md_misc/0]
root        44  0.0  0.0      0     0 ?        S     2017   0:00 [md_misc/1]
root        45  0.0  0.0      0     0 ?        S     2017   0:00 [linkwatch]
root        47  0.0  0.0      0     0 ?        S     2017   0:15 [khungtaskd]
root        48  0.0  0.0      0     0 ?        S     2017   6:07 [kswapd0]
root        49  0.0  0.0      0     0 ?        SN    2017   0:00 [ksmd]
root        50  0.0  0.0      0     0 ?        SN    2017   2:13 [khugepaged]
root        51  0.0  0.0      0     0 ?        S     2017   0:00 [aio/0]
root        52  0.0  0.0      0     0 ?        S     2017   0:00 [aio/1]
root        53  0.0  0.0      0     0 ?        S     2017   0:00 [crypto/0]
root        54  0.0  0.0      0     0 ?        S     2017   0:00 [crypto/1]
root        61  0.0  0.0      0     0 ?        S     2017   0:00 [kthrotld/0]
root        62  0.0  0.0      0     0 ?        S     2017   0:00 [kthrotld/1]
root        64  0.0  0.0      0     0 ?        S     2017   0:00 [kpsmoused]
root        65  0.0  0.0      0     0 ?        S     2017   0:00 [usbhid_resumer]
root        66  0.0  0.0      0     0 ?        S     2017   0:00 [deferwq]
root        98  0.0  0.0      0     0 ?        S     2017   0:00 [kdmremove]
root        99  0.0  0.0      0     0 ?        S     2017   0:00 [kstriped]
root       229  0.0  0.0      0     0 ?        S     2017   0:00 [scsi_eh_0]
root       230  0.0  0.0      0     0 ?        S     2017   0:00 [scsi_eh_1]
root       343  0.0  0.0      0     0 ?        S     2017  15:33 [jbd2/xvda1-8]
root       344  0.0  0.0      0     0 ?        S     2017   0:00 [ext4-dio-unwrit]
root       440  0.0  0.0  10760   876 ?        S<s   2017   0:00 /sbin/udevd -d
root       688  0.0  0.0      0     0 ?        S     2017  18:29 [flush-202:0]
root       772  0.0  0.0      0     0 ?        S     2017   0:00 [kauditd]
root       822  0.0  0.0      0     0 ?        S     2017   0:04 [ib_addr]
root       827  0.0  0.0      0     0 ?        S     2017   0:00 [infiniband/0]
root       828  0.0  0.0      0     0 ?        S     2017   0:00 [infiniband/1]
root       837  0.0  0.0      0     0 ?        S     2017   0:00 [ib_mcast]
root       842  0.0  0.0      0     0 ?        S     2017   0:00 [iw_cm_wq]
root       848  0.0  0.0      0     0 ?        S     2017   0:00 [ib_cm/0]
root       849  0.0  0.0      0     0 ?        S     2017   0:00 [ib_cm/1]
root       854  0.0  0.0      0     0 ?        S     2017   0:00 [rdma_cm]
root       875  0.0  0.0      0     0 ?        S     2017   0:00 [ipoib_flush]
root      1141  0.0  0.0 251960  5876 ?        Sl    2017   0:25 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
nscd      1164  0.0  0.0 630248  1480 ?        Ssl   2017  91:35 /usr/sbin/nscd
root      1276  0.0  0.0  66256  1196 ?        Ss    2017   0:02 /usr/sbin/sshd
ntp       1287  0.0  0.0  26600  1556 ?        Ss    2017   4:10 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
root      1352  0.0  0.0      0     0 ?        S     2017   0:00 [cqueue]
root      1393  0.0  0.0 116908  1324 ?        Ss    2017   1:18 crond
root      1832  0.0  0.4 591388 38044 ?        Sl    2017 479:37 /usr/bin/python2.7 /usr/bin/salt-minion -c /etc/salt -d
root      1833  0.0  0.3 493532 25796 ?        S     2017   0:00 /usr/bin/python2.7 /usr/bin/salt-minion -c /etc/salt -d
root      1994  0.0  0.0  31616    68 ?        Ssl   2017   0:00 /usr/sbin/gshelld
root      2011  0.0  0.0   4060   532 tty1     Ss+   2017   0:00 /sbin/mingetty /dev/tty1
root      2013  0.0  0.0   4060   536 tty2     Ss+   2017   0:00 /sbin/mingetty /dev/tty2
root      2015  0.0  0.0   4060   532 tty3     Ss+   2017   0:00 /sbin/mingetty /dev/tty3
root      2017  0.0  0.0   4060   532 tty4     Ss+   2017   0:00 /sbin/mingetty /dev/tty4
root      2019  0.0  0.0   4060   536 tty5     Ss+   2017   0:00 /sbin/mingetty /dev/tty5
root      2021  0.0  0.0   4060   532 tty6     Ss+   2017   0:00 /sbin/mingetty /dev/tty6
root      2022  0.0  0.0  10760   908 ?        S<    2017   0:00 /sbin/udevd -d
root      2023  0.0  0.0  10824   840 ?        S<    2017   0:00 /sbin/udevd -d
root      2362  0.0  0.0      0     0 ?        S     2017  10:49 [kjournald]
root      7331  0.0  0.0  45984  2520 ?        Ss    2017   0:00 nginx: master process /usr/local/nginx/sbin/nginx
root      9263  0.0  0.0  79104  1212 ?        S     2017   0:00 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
root      9269  0.0  0.0  79104  1312 ?        S     2017 206:07 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
root      9270  0.0  0.0  79104  2168 ?        S     2017  36:43 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
root      9271  0.0  0.0  79104  2168 ?        S     2017  36:43 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
root      9272  0.0  0.0  79104  2168 ?        S     2017  36:48 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
root      9273  0.0  0.0  79108  2128 ?        S     2017 132:27 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]
nobody    9595  0.0  0.3  73268 30672 ?        S    Feb14  13:00 nginx: worker process
nobody    9596  0.0  0.3  73668 30996 ?        S    Feb14  12:18 nginx: worker process
readonly 20493  0.0  0.0 110244  1140 pts/0    R+   22:55   0:00 ps aux
root     21063  0.0  0.0  25836  4360 ?        S<sl Jan21  33:10 /usr/local/aegis/aegis_update/AliYunDunUpdate
root     21111  0.2  0.2 129544 20356 ?        S<sl Jan21 331:01 /usr/local/aegis/aegis_client/aegis_10_59/AliYunDun
508      28984  0.0  0.0 106240   680 ?        S    Mar14   0:00 /bin/sh /home/10beiManager/tomcat/bin/catalina.sh start
508      28985  0.0  0.0   4112   624 ?        S    Mar14   2:29 /usr/sbin/cronolog /home/10beiManager/tomcat/logs/catalina.%Y-%m-%d.out
508      28986  0.9 35.7 7053776 2925128 ?     Sl   Mar14 413:02 /usr/java/jdk1.8.0_181/bin/java -Djava.util.logging.config.file=/home/10beiManage
root     30323  0.0  0.0 102556  4400 ?        Ss   17:48   0:00 sshd: readonly [priv]
readonly 30325  0.0  0.0 102556  1888 ?        S    17:48   0:00 sshd: readonly@pts/0
readonly 30326  0.0  0.0 108352  1836 pts/0    Ss   17:48   0:00 -bash
[readonly@wxbManager ~]$
stat进程状态 含义
D 不能中断的进行(通常为io进程)
R 正在运行中的进行,包含瞪大icpu时间片的进程
S 已经中断的进程。通常情况下,系统的大部分进程都是这个状态
T 已经停止或者暂停的进程。
W (内核2.6xx以后不可用)没有足够的内存也分配
X 已经死掉的进程
Z 僵尸进程,既不杀掉,打不死的垃圾进程,占用系统一点资源,不过没有关系,如果占用太多,就需要重视了
< 高优先级进程
N 低优先级进程
L 在内存中被锁了内存分页
s 主进程,后面讲到的nginx服务的时候,很容易理解
l 多线程进程
+ 在前台运行的进程
[readonly@wxbManager ~]$ ps aux | grep  nginx
root      7331  0.0  0.0  45984  2520 ?        Ss    2017   0:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody    9595  0.0  0.3  73268 30672 ?        S    Feb14  13:01 nginx: worker process
nobody    9596  0.0  0.3  73668 30996 ?        S    Feb14  12:18 nginx: worker process
readonly 21461  0.0  0.0 103324   848 pts/0    S+   23:07   0:00 grep nginx
[readonly@wxbManager ~]$

9. netstat查看网络状况

在这里插入图片描述

## netstat -lnp 查看监听端口 ##
[root@linux-01 ceshi]# netstat   -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      6967/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      7260/master         
tcp6       0      0 :::22                   :::*                    LISTEN      6967/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      7260/master         
raw6       0      0 :::58                   :::*                    7           6519/NetworkManager 
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     39265    7260/master          private/trace
unix  2      [ ACC ]     STREAM     LISTENING     39268    7260/master          private/verify
unix  2      [ ACC ]     STREAM     LISTENING     39277    7260/master          private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     39292    7260/master          private/retry
unix  2      [ ACC ]     STREAM     LISTENING     39295    7260/master          private/discard
unix  2      [ ACC ]     STREAM     LISTENING     39298    7260/master          private/local
unix  2      [ ACC ]     STREAM     LISTENING     39301    7260/master          private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     39304    7260/master          private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     39307    7260/master          private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     39310    7260/master          private/scache
unix  2      [ ACC ]     SEQPACKET  LISTENING     21315    1/systemd            /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     39262    7260/master          private/defer
unix  2      [ ACC ]     STREAM     LISTENING     35410    6319/VGAuthService   /var/run/vmware/guestServicePipe
unix  2      [ ACC ]     STREAM     LISTENING     21140    1/systemd            /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     39280    7260/master          private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     39283    7260/master          private/relay
unix  2      [ ACC ]     STREAM     LISTENING     39289    7260/master          private/error
unix  2      [ ACC ]     STREAM     LISTENING     39241    7260/master          public/pickup
unix  2      [ ACC ]     STREAM     LISTENING     39245    7260/master          public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     39249    7260/master          public/qmgr
unix  2      [ ACC ]     STREAM     LISTENING     39271    7260/master          public/flush
unix  2      [ ACC ]     STREAM     LISTENING     39286    7260/master          public/showq
unix  2      [ ACC ]     STREAM     LISTENING     39274    7260/master          private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     39253    7260/master          private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     39256    7260/master          private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     39259    7260/master          private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     21223    1/systemd            /run/lvm/lvmetad.socket
unix  2      [ ACC ]     STREAM     LISTENING     21226    1/systemd            /run/lvm/lvmpolld.socket
unix  2      [ ACC ]     STREAM     LISTENING     34025    1/systemd            /run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     8946     1/systemd            /run/systemd/journal/stdout
[root@linux-01 ceshi]# 


## netstat -an 查看系统的网络连接状态 ##
[root@linux-01 ceshi]# netstat  -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     
tcp        0      0 192.168.141.128:22      192.168.141.1:65423     ESTABLISHED
tcp        0     52 192.168.141.128:22      192.168.141.1:60176     ESTABLISHED
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:25                  :::*                    LISTEN     
raw6       0      0 :::58                   :::*                    7          
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     39265    private/trace
unix  2      [ ACC ]     STREAM     LISTENING     39268    private/verify
unix  2      [ ACC ]     STREAM     LISTENING     39277    private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     39292    private/retry
unix  2      [ ACC ]     STREAM     LISTENING     39295    private/discard
unix  2      [ ACC ]     STREAM     LISTENING     39298    private/local
unix  2      [ ACC ]     STREAM     LISTENING     39301    private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     39304    private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     39307    private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     39310    private/scache
unix  2      [ ACC ]     SEQPACKET  LISTENING     21315    /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     39262    private/defer
unix  2      [ ACC ]     STREAM     LISTENING     35410    /var/run/vmware/guestServicePipe
unix  2      [ ACC ]     STREAM     LISTENING     21140    /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     39280    private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     39283    private/relay
unix  2      [ ACC ]     STREAM     LISTENING     39289    private/error
unix  2      [ ACC ]     STREAM     LISTENING     39241    public/pickup
unix  2      [ ACC ]     STREAM     LISTENING     39245    public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     39249    public/qmgr
unix  2      [ ACC ]     STREAM     LISTENING     39271    public/flush
unix  2      [ ACC ]     STREAM     LISTENING     39286    public/showq
unix  2      [ ]         DGRAM                    21427    /run/systemd/shutdownd
unix  2      [ ACC ]     STREAM     LISTENING     39274    private/proxymap
unix  3      [ ]         DGRAM                    8926     /run/systemd/notify
unix  2      [ ]         DGRAM                    8928     /run/systemd/cgroups-agent
unix  2      [ ACC ]     STREAM     LISTENING     39253    private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     39256    private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     39259    private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     21223    /run/lvm/lvmetad.socket
unix  2      [ ACC ]     STREAM     LISTENING     21226    /run/lvm/lvmpolld.socket
unix  2      [ ACC ]     STREAM     LISTENING     34025    /run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     8946     /run/systemd/journal/stdout
unix  5      [ ]         DGRAM                    8949     /run/systemd/journal/socket
unix  13     [ ]         DGRAM                    8951     /dev/log
unix  3      [ ]         STREAM     CONNECTED     39312    
unix  3      [ ]         STREAM     CONNECTED     34453    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     39311    
unix  3      [ ]         STREAM     CONNECTED     39246    
unix  3      [ ]         STREAM     CONNECTED     39309    
unix  3      [ ]         STREAM     CONNECTED     38165    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     39250    
unix  3      [ ]         STREAM     CONNECTED     39251    
unix  3      [ ]         STREAM     CONNECTED     38164    
unix  3      [ ]         STREAM     CONNECTED     34452    
unix  3      [ ]         STREAM     CONNECTED     39248    
unix  3      [ ]         STREAM     CONNECTED     34711    
unix  2      [ ]         DGRAM                    35686    
unix  3      [ ]         STREAM     CONNECTED     39242    
unix  3      [ ]         STREAM     CONNECTED     36842    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     39303    
unix  3      [ ]         STREAM     CONNECTED     39239    
unix  3      [ ]         STREAM     CONNECTED     36841    
unix  3      [ ]         STREAM     CONNECTED     39302    
unix  3      [ ]         STREAM     CONNECTED     39243    
unix  2      [ ]         DGRAM                    1027790  
unix  3      [ ]         STREAM     CONNECTED     39308    
unix  3      [ ]         STREAM     CONNECTED     34516    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     34941    
unix  3      [ ]         STREAM     CONNECTED     39306    
unix  3      [ ]         STREAM     CONNECTED     39240    
unix  3      [ ]         STREAM     CONNECTED     39267    
unix  3      [ ]         STREAM     CONNECTED     39305    
unix  3      [ ]         STREAM     CONNECTED     34467    
unix  3      [ ]         STREAM     CONNECTED     39257    
unix  3      [ ]         STREAM     CONNECTED     21706    
unix  3      [ ]         STREAM     CONNECTED     34713    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     39258    
unix  3      [ ]         STREAM     CONNECTED     34554    
unix  3      [ ]         STREAM     CONNECTED     21707    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     39255    
unix  2      [ ]         DGRAM                    34788    
unix  3      [ ]         STREAM     CONNECTED     39261    
unix  3      [ ]         STREAM     CONNECTED     34712    
unix  3      [ ]         STREAM     CONNECTED     38295    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     35633    
unix  2      [ ]         DGRAM                    34536    
unix  3      [ ]         STREAM     CONNECTED     39260    
unix  3      [ ]         STREAM     CONNECTED     34718    /run/dbus/system_bus_socket
unix  2      [ ]         DGRAM                    21422    
unix  3      [ ]         STREAM     CONNECTED     39266    
unix  3      [ ]         STREAM     CONNECTED     34515    
unix  3      [ ]         STREAM     CONNECTED     38294    
unix  3      [ ]         STREAM     CONNECTED     39439    
unix  2      [ ]         DGRAM                    1109850  
unix  2      [ ]         DGRAM                    39330    
unix  3      [ ]         STREAM     CONNECTED     39254    
unix  3      [ ]         STREAM     CONNECTED     35634    /run/systemd/journal/stdout
unix  2      [ ]         DGRAM                    39608    
unix  3      [ ]         STREAM     CONNECTED     39300    
unix  3      [ ]         STREAM     CONNECTED     39440    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     39299    
unix  3      [ ]         STREAM     CONNECTED     34942    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     39279    
unix  3      [ ]         STREAM     CONNECTED     35709    
unix  3      [ ]         STREAM     CONNECTED     39278    
unix  3      [ ]         STREAM     CONNECTED     39276    
unix  3      [ ]         STREAM     CONNECTED     35569    
unix  3      [ ]         STREAM     CONNECTED     39264    
unix  3      [ ]         STREAM     CONNECTED     39282    
unix  3      [ ]         STREAM     CONNECTED     39281    
unix  3      [ ]         STREAM     CONNECTED     34391    /run/systemd/journal/stdout
unix  3      [ ]         DGRAM                    22225    
unix  3      [ ]         STREAM     CONNECTED     34158    /run/systemd/journal/stdout
unix  2      [ ]         DGRAM                    22207    
unix  3      [ ]         STREAM     CONNECTED     39270    
unix  2      [ ]         DGRAM                    35775    
unix  3      [ ]         DGRAM                    22226    
unix  3      [ ]         STREAM     CONNECTED     39269    
unix  2      [ ]         DGRAM                    681719   
unix  3      [ ]         STREAM     CONNECTED     34157    
unix  3      [ ]         STREAM     CONNECTED     34885    
unix  3      [ ]         STREAM     CONNECTED     39275    
unix  2      [ ]         DGRAM                    33504    
unix  3      [ ]         STREAM     CONNECTED     39263    
unix  3      [ ]         STREAM     CONNECTED     39273    
unix  3      [ ]         STREAM     CONNECTED     35570    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     39272    
unix  3      [ ]         STREAM     CONNECTED     33516    
unix  3      [ ]         STREAM     CONNECTED     39294    
unix  3      [ ]         STREAM     CONNECTED     39293    
unix  3      [ ]         STREAM     CONNECTED     34390    
unix  3      [ ]         STREAM     CONNECTED     34886    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     39291    
unix  2      [ ]         DGRAM                    1205914  
unix  2      [ ]         DGRAM                    35332    
unix  3      [ ]         STREAM     CONNECTED     39297    
unix  2      [ ]         DGRAM                    35296    
unix  3      [ ]         STREAM     CONNECTED     22196    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     39296    
unix  3      [ ]         STREAM     CONNECTED     22195    
unix  3      [ ]         STREAM     CONNECTED     39287    
unix  3      [ ]         STREAM     CONNECTED     35710    /run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     39285    
unix  3      [ ]         STREAM     CONNECTED     33515    
unix  3      [ ]         STREAM     CONNECTED     39284    
unix  3      [ ]         STREAM     CONNECTED     39290    
unix  2      [ ]         DGRAM                    39213    
unix  3      [ ]         STREAM     CONNECTED     39288    
[root@linux-01 ceshi]# 

##  netstat -ltnp 查看tcp的网络接口状态 ##
[root@linux-01 ceshi]# netstat   -ltnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      6967/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      7260/master         
tcp6       0      0 :::22                   :::*                    LISTEN      6967/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      7260/master  

##  netstat -ltunp 查看tcp和udp的网络接口状态 ##       
[root@linux-01 ceshi]# netstat   -ltunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      6967/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      7260/master         
tcp6       0      0 :::22                   :::*                    LISTEN      6967/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      7260/master         
[root@linux-01 ceshi]# 

## ss -an 和netstat 类似,可以查看网络接口  ##
[root@linux-01 ceshi]# ss -an
Netid State      Recv-Q Send-Q                     Local Address:Port                                    Peer Address:Port              
nl    UNCONN     0      0                                      0:6519                                                *                   
nl    UNCONN     0      0                                      0:0                                                   *                   
nl    UNCONN     0      0                                      0:6519                                                *                   
nl    UNCONN     4352   0                                      4:19380                                               *                   
nl    UNCONN     768    0                                      4:0                                                   *                   
nl    UNCONN     0      0                                      6:0                                                   *                   
nl    UNCONN     0      0                                      7:0                                                   *                   
nl    UNCONN     0      0                                      7:6325                                                *                   
nl    UNCONN     0      0                                      7:1                                                   *                   
nl    UNCONN     0      0                                      7:6325                                                *                   
nl    UNCONN     0      0                                      7:1                                                   *                   
nl    UNCONN     0      0                                      9:6161                                                *                   
nl    UNCONN     0      0                                      9:1                                                   *                   
nl    UNCONN     0      0                                      9:0                                                   *                   
nl    UNCONN     0      0                                     10:0                                                   *                   
nl    UNCONN     0      0                                     11:0                                                   *                   
nl    UNCONN     0      0                                     12:0                                                   *                   
nl    UNCONN     0      0                                     15:6965                                                *                   
nl    UNCONN     0      0                                     15:-4119                                               *                   
nl    UNCONN     0      0                                     15:6519                                                *                   
nl    UNCONN     0      0                                     15:-4120                                               *                   
nl    UNCONN     0      0                                     15:-4118                                               *                   
nl    UNCONN     0      0                                     15:-4117                                               *                   
nl    UNCONN     0      0                                     15:3027                                                *                   
nl    UNCONN     0      0                                     15:1                                                   *                   
nl    UNCONN     0      0                                     15:0                                                   *                   
nl    UNCONN     0      0                                     15:6309                                                *                   
nl    UNCONN     0      0                                     15:-4107                                               *                   
nl    UNCONN     0      0                                     15:6965                                                *                   
nl    UNCONN     0      0                                     15:-4120                                               *                   
nl    UNCONN     0      0                                     15:6519                                                *                   
nl    UNCONN     0      0                                     15:-4119                                               *                   
nl    UNCONN     0      0                                     15:-4118                                               *                   
nl    UNCONN     0      0                                     15:-4117                                               *                   
nl    UNCONN     0      0                                     15:6309                                                *                   
nl    UNCONN     0      0                                     15:-4107                                               *                   
nl    UNCONN     0      0                                     15:1                                                   *                   
nl    UNCONN     0      0                                     16:0                                                   *                   
nl    UNCONN     0      0                                     18:0                                                   *                   
p_dgr UNCONN     0      0                                    arp:ens33                                               *                   
u_str LISTEN     0      100                        private/trace 39265                                              * 0                  
u_str LISTEN     0      100                       private/verify 39268                                              * 0                  
u_str LISTEN     0      100                   private/proxywrite 39277                                              * 0                  
u_str LISTEN     0      100                        private/retry 39292                                              * 0                  
u_str LISTEN     0      100                      private/discard 39295                                              * 0                  
u_str LISTEN     0      100                        private/local 39298                                              * 0                  
u_str LISTEN     0      100                      private/virtual 39301                                              * 0                  
u_str LISTEN     0      100                         private/lmtp 39304                                              * 0                  
u_str LISTEN     0      100                        private/anvil 39307                                              * 0                  
u_str LISTEN     0      100                       private/scache 39310                                              * 0                  
u_seq LISTEN     0      128                    /run/udev/control 21315                                              * 0                  
u_str LISTEN     0      100                        private/defer 39262                                              * 0                  
u_str LISTEN     0      32      /var/run/vmware/guestServicePipe 35410                                              * 0                  
u_str LISTEN     0      128                 /run/systemd/private 21140                                              * 0                  
u_str LISTEN     0      100                         private/smtp 39280                                              * 0                  
u_str LISTEN     0      100                        private/relay 39283                                              * 0                  
u_str LISTEN     0      100                        private/error 39289                                              * 0                  
u_str LISTEN     0      100                        public/pickup 39241                                              * 0                  
u_str LISTEN     0      100                       public/cleanup 39245                                              * 0                  
u_str LISTEN     0      100                          public/qmgr 39249                                              * 0                  
u_str LISTEN     0      100                         public/flush 39271                                              * 0                  
u_str LISTEN     0      100                         public/showq 39286                                              * 0                  
u_dgr UNCONN     0      0                 /run/systemd/shutdownd 21427                                              * 0                  
u_str LISTEN     0      100                     private/proxymap 39274                                              * 0                  
u_dgr UNCONN     0      0                    /run/systemd/notify 8926                                               * 0                  
u_dgr UNCONN     0      0             /run/systemd/cgroups-agent 8928                                               * 0                  
u_str LISTEN     0      100                       private/tlsmgr 39253                                              * 0                  
u_str LISTEN     0      100                      private/rewrite 39256                                              * 0                  
u_str LISTEN     0      100                       private/bounce 39259                                              * 0                  
u_str LISTEN     0      128              /run/lvm/lvmetad.socket 21223                                              * 0                  
u_str LISTEN     0      128             /run/lvm/lvmpolld.socket 21226                                              * 0                  
u_str LISTEN     0      128          /run/dbus/system_bus_socket 34025                                              * 0                  
u_str LISTEN     0      128          /run/systemd/journal/stdout 8946                                               * 0                  
u_dgr UNCONN     0      0            /run/systemd/journal/socket 8949                                               * 0                  
u_dgr UNCONN     0      0                               /dev/log 8951                                               * 0                  
u_str ESTAB      0      0                                      * 39312                                              * 39311              
u_str ESTAB      0      0            /run/systemd/journal/stdout 34453                                              * 34452              
u_str ESTAB      0      0                                      * 39311                                              * 39312              
u_str ESTAB      0      0                                      * 39246                                              * 39248              
u_str ESTAB      0      0                                      * 39309                                              * 39308              
u_str ESTAB      0      0            /run/systemd/journal/stdout 38165                                              * 38164              
u_str ESTAB      0      0                                      * 39250                                              * 39251              
u_str ESTAB      0      0                                      * 39251                                              * 39250              
u_str ESTAB      0      0                                      * 38164                                              * 38165              
u_str ESTAB      0      0                                      * 34452                                              * 34453              
u_str ESTAB      0      0                                      * 39248                                              * 39246              
u_str ESTAB      0      0                                      * 34711                                              * 34712              
u_dgr UNCONN     0      0                                      * 35686                                              * 8951               
u_str ESTAB      0      0                                      * 39242                                              * 39243              
u_str ESTAB      0      0            /run/dbus/system_bus_socket 36842                                              * 36841              
u_str ESTAB      0      0                                      * 39303                                              * 39302              
u_str ESTAB      0      0                                      * 39239                                              * 39240              
u_str ESTAB      0      0                                      * 36841                                              * 36842              
u_str ESTAB      0      0                                      * 39302                                              * 39303              
u_str ESTAB      0      0                                      * 39243                                              * 39242              
u_dgr UNCONN     0      0                                      * 1027790                                            * 8951               
u_str ESTAB      0      0                                      * 39308                                              * 39309              
u_str ESTAB      0      0            /run/systemd/journal/stdout 34516                                              * 34515              
u_str ESTAB      0      0                                      * 34941                                              * 34942              
u_str ESTAB      0      0                                      * 39306                                              * 39305              
u_str ESTAB      0      0                                      * 39240                                              * 39239              
u_str ESTAB      0      0                                      * 39267                                              * 39266              
u_str ESTAB      0      0                                      * 39305                                              * 39306              
u_str ESTAB      0      0                                      * 34467                                              * 34713              
u_str ESTAB      0      0                                      * 39257                                              * 39258              
u_str ESTAB      0      0                                      * 21706                                              * 21707              
u_str ESTAB      0      0            /run/dbus/system_bus_socket 34713                                              * 34467              
u_str ESTAB      0      0                                      * 39258                                              * 39257              
u_str ESTAB      0      0                                      * 34554                                              * 34718              
u_str ESTAB      0      0            /run/systemd/journal/stdout 21707                                              * 21706              
u_str ESTAB      0      0                                      * 39255                                              * 39254              
u_dgr UNCONN     0      0                                      * 34788                                              * 0                  
u_str ESTAB      0      0                                      * 39261                                              * 39260              
u_str ESTAB      0      0                                      * 34712                                              * 34711              
u_str ESTAB      0      0            /run/systemd/journal/stdout 38295                                              * 38294              
u_str ESTAB      0      0                                      * 35633                                              * 35634              
u_dgr UNCONN     0      0                                      * 34536                                              * 8949               
u_str ESTAB      0      0                                      * 39260                                              * 39261              
u_str ESTAB      0      0            /run/dbus/system_bus_socket 34718                                              * 34554              
u_dgr UNCONN     0      0                                      * 21422                                              * 8926               
u_str ESTAB      0      0                                      * 39266                                              * 39267              
u_str ESTAB      0      0                                      * 34515                                              * 34516              
u_str ESTAB      0      0                                      * 38294                                              * 38295              
u_str ESTAB      0      0                                      * 39439                                              * 39440              
u_dgr UNCONN     0      0                                      * 1109850                                            * 8949               
u_dgr UNCONN     0      0                                      * 39330                                              * 8951               
u_str ESTAB      0      0                                      * 39254                                              * 39255              
u_str ESTAB      0      0            /run/systemd/journal/stdout 35634                                              * 35633              
u_dgr UNCONN     0      0                                      * 39608                                              * 8951               
u_str ESTAB      0      0                                      * 39300                                              * 39299              
u_str ESTAB      0      0            /run/dbus/system_bus_socket 39440                                              * 39439              
u_str ESTAB      0      0                                      * 39299                                              * 39300              
u_str ESTAB      0      0            /run/systemd/journal/stdout 34942                                              * 34941              
u_str ESTAB      0      0                                      * 39279                                              * 39278              
u_str ESTAB      0      0                                      * 35709                                              * 35710              
u_str ESTAB      0      0                                      * 39278                                              * 39279              
u_str ESTAB      0      0                                      * 39276                                              * 39275              
u_str ESTAB      0      0                                      * 35569                                              * 35570              
u_str ESTAB      0      0                                      * 39264                                              * 39263              
u_str ESTAB      0      0                                      * 39282                                              * 39281              
u_str ESTAB      0      0                                      * 39281                                              * 39282              
u_str ESTAB      0      0            /run/systemd/journal/stdout 34391                                              * 34390              
u_dgr UNCONN     0      0                                      * 22225                                              * 22226              
u_str ESTAB      0      0            /run/systemd/journal/stdout 34158                                              * 34157              
u_dgr UNCONN     0      0                                      * 22207                                              * 8949               
u_str ESTAB      0      0                                      * 39270                                              * 39269              
u_dgr UNCONN     0      0                                      * 35775                                              * 8951               
u_dgr UNCONN     0      0                                      * 22226                                              * 22225              
u_str ESTAB      0      0                                      * 39269                                              * 39270              
u_dgr UNCONN     0      0                                      * 681719                                             * 8951               
u_str ESTAB      0      0                                      * 34157                                              * 34158              
u_str ESTAB      0      0                                      * 34885                                              * 34886              
u_str ESTAB      0      0                                      * 39275                                              * 39276              
u_dgr UNCONN     0      0                                      * 33504                                              * 8951               
u_str ESTAB      0      0                                      * 39263                                              * 39264              
u_str ESTAB      0      0                                      * 39273                                              * 39272              
u_str ESTAB      0      0            /run/dbus/system_bus_socket 35570                                              * 35569              
u_str ESTAB      0      0                                      * 39272                                              * 39273              
u_str ESTAB      0      0                                      * 33516                                              * 33515              
u_str ESTAB      0      0                                      * 39294                                              * 39293              
u_str ESTAB      0      0                                      * 39293                                              * 39294              
u_str ESTAB      0      0                                      * 34390                                              * 34391              
u_str ESTAB      0      0            /run/dbus/system_bus_socket 34886                                              * 34885              
u_str ESTAB      0      0                                      * 39291                                              * 39290              
u_dgr UNCONN     0      0                                      * 1205914                                            * 8951               
u_dgr UNCONN     0      0                                      * 35332                                              * 8951               
u_str ESTAB      0      0                                      * 39297                                              * 39296              
u_dgr UNCONN     0      0                                      * 35296                                              * 8951               
u_str ESTAB      0      0            /run/systemd/journal/stdout 22196                                              * 22195              
u_str ESTAB      0      0                                      * 39296                                              * 39297              
u_str ESTAB      0      0                                      * 22195                                              * 22196              
u_str ESTAB      0      0                                      * 39287                                              * 39288              
u_str ESTAB      0      0            /run/dbus/system_bus_socket 35710                                              * 35709              
u_str ESTAB      0      0                                      * 39285                                              * 39284              
u_str ESTAB      0      0                                      * 33515                                              * 33516              
u_str ESTAB      0      0                                      * 39284                                              * 39285              
u_str ESTAB      0      0                                      * 39290                                              * 39291              
u_dgr UNCONN     0      0                                      * 39213                                              * 8951               
u_str ESTAB      0      0                                      * 39288                                              * 39287              
raw   UNCONN     0      0                                     :::58                                                :::*                  
tcp   LISTEN     0      128                                    *:22                                                 *:*                  
tcp   LISTEN     0      100                            127.0.0.1:25                                                 *:*                  
tcp   ESTAB      0      0                        192.168.141.128:22                                     192.168.141.1:65423              
tcp   ESTAB      0      0                        192.168.141.128:22                                     192.168.141.1:60176              
tcp   LISTEN     0      128                                   :::22                                                :::*                  
tcp   LISTEN     0      100                                  ::1:25                                                :::*                  
v_str ESTAB      0      0                             2993521101:1023                                               0:976                
[root@linux-01 ceshi]# 

## ss -an | grep -i listen 只查看网络接口背监听的状态 ##
[root@linux-01 ceshi]# ss -an | grep -i listen
u_str  LISTEN     0      100    private/trace 39265                 * 0                  
u_str  LISTEN     0      100    private/verify 39268                 * 0                  
u_str  LISTEN     0      100    private/proxywrite 39277                 * 0                  
u_str  LISTEN     0      100    private/retry 39292                 * 0                  
u_str  LISTEN     0      100    private/discard 39295                 * 0                  
u_str  LISTEN     0      100    private/local 39298                 * 0                  
u_str  LISTEN     0      100    private/virtual 39301                 * 0                  
u_str  LISTEN     0      100    private/lmtp 39304                 * 0                  
u_str  LISTEN     0      100    private/anvil 39307                 * 0                  
u_str  LISTEN     0      100    private/scache 39310                 * 0                  
u_seq  LISTEN     0      128    /run/udev/control 21315                 * 0                  
u_str  LISTEN     0      100    private/defer 39262                 * 0                  
u_str  LISTEN     0      32     /var/run/vmware/guestServicePipe 35410                 * 0                  
u_str  LISTEN     0      128    /run/systemd/private 21140                 * 0                  
u_str  LISTEN     0      100    private/smtp 39280                 * 0                  
u_str  LISTEN     0      100    private/relay 39283                 * 0                  
u_str  LISTEN     0      100    private/error 39289                 * 0                  
u_str  LISTEN     0      100    public/pickup 39241                 * 0                  
u_str  LISTEN     0      100    public/cleanup 39245                 * 0                  
u_str  LISTEN     0      100    public/qmgr 39249                 * 0                  
u_str  LISTEN     0      100    public/flush 39271                 * 0                  
u_str  LISTEN     0      100    public/showq 39286                 * 0                  
u_str  LISTEN     0      100    private/proxymap 39274                 * 0                  
u_str  LISTEN     0      100    private/tlsmgr 39253                 * 0                  
u_str  LISTEN     0      100    private/rewrite 39256                 * 0                  
u_str  LISTEN     0      100    private/bounce 39259                 * 0                  
u_str  LISTEN     0      128    /run/lvm/lvmetad.socket 21223                 * 0                  
u_str  LISTEN     0      128    /run/lvm/lvmpolld.socket 21226                 * 0                  
u_str  LISTEN     0      128    /run/dbus/system_bus_socket 34025                 * 0                  
u_str  LISTEN     0      128    /run/systemd/journal/stdout 8946                  * 0                  
tcp    LISTEN     0      128       *:22                    *:*                  
tcp    LISTEN     0      100    127.0.0.1:25                    *:*                  
tcp    LISTEN     0      128      :::22                   :::*                  
tcp    LISTEN     0      100     ::1:25                   :::*                  
[root@linux-01 ceshi]# 

## 下面的命令可以查看网络接口中的状态有几个 ##
[root@linux-01 ceshi]# netstat -an | awk '/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}'
LISTEN 	 4
ESTABLISHED 	 2
[root@linux-01 ceshi]# 

10. linux下抓包

## 系统默认没有tcpdump命令,需要yum安装一下  ##
[root@linux-01 ceshi]# tcpdump
-bash: tcpdump: 未找到命令
[root@linux-01 ceshi]#   yum install -y tcpdump
已加载插件:fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                                                                              | 5.8 kB  00:00:00     
 * base: mirrors.163.com
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.cn99.com
 * updates: mirrors.nju.edu.cn
base                                                                                                              | 3.6 kB  00:00:00     
epel                                                                                                              | 4.7 kB  00:00:00     
extras                                                                                                            | 3.4 kB  00:00:00     
updates                                                                                                           | 3.4 kB  00:00:00     
(1/2): epel/x86_64/updateinfo                                                                                     | 986 kB  00:00:01     
(2/2): epel/x86_64/primary_db                                                                                     | 6.7 MB  00:01:34     
正在解决依赖关系
--> 正在检查事务
---> 软件包 tcpdump.x86_64.14.4.9.2-3.el7 将被 安装
--> 正在处理依赖关系 libpcap >= 14:1.5.3-10,它被软件包 14:tcpdump-4.9.2-3.el7.x86_64 需要
--> 正在处理依赖关系 libpcap.so.1()(64bit),它被软件包 14:tcpdump-4.9.2-3.el7.x86_64 需要
--> 正在检查事务
---> 软件包 libpcap.x86_64.14.1.5.3-11.el7 将被 安装
--> 解决依赖关系完成

依赖关系解决

=========================================================================================================================================
 Package                        架构                          版本                                     源                           大小
=========================================================================================================================================
正在安装:
 tcpdump                        x86_64                        14:4.9.2-3.el7                           base                        421 k
为依赖而安装:
 libpcap                        x86_64                        14:1.5.3-11.el7                          base                        138 k

事务概要
=========================================================================================================================================
安装  1 软件包 (+1 依赖软件包)

总下载量:559 k
安装大小:1.3 M
Downloading packages:
(1/2): libpcap-1.5.3-11.el7.x86_64.rpm                                                                            | 138 kB  00:00:00     
(2/2): tcpdump-4.9.2-3.el7.x86_64.rpm                                                                             | 421 kB  00:00:00     
-----------------------------------------------------------------------------------------------------------------------------------------
总计                                                                                                     2.5 MB/s | 559 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安装    : 14:libpcap-1.5.3-11.el7.x86_64                                                                                       1/2 
  正在安装    : 14:tcpdump-4.9.2-3.el7.x86_64                                                                                        2/2 
  验证中      : 14:tcpdump-4.9.2-3.el7.x86_64                                                                                        1/2 
  验证中      : 14:libpcap-1.5.3-11.el7.x86_64                                                                                       2/2 

已安装:
  tcpdump.x86_64 14:4.9.2-3.el7                                                                                                          

作为依赖被安装:
  libpcap.x86_64 14:1.5.3-11.el7                                                                                                         

完毕!
[root@linux-01 ceshi]# 

## tcpdump   -nn (显示ip地址)-i (指定网卡名字)## 
[root@linux-01 ceshi]# tcpdump  -nn -i ens33
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
23:38:58.029804 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 143933360:143933572, ack 2117960428, win 318, length 212
23:38:58.030089 IP 192.168.141.1.60176 > 192.168.141.128.22: Flags [.], ack 212, win 250, length 0
23:38:58.030728 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 212:504, ack 1, win 318, length 292
23:38:58.031099 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 504:668, ack 1, win 318, length 164
23:38:58.031299 IP 192.168.141.1.60176 > 192.168.141.128.22: Flags [.], ack 668, win 255, length 0
23:38:58.031689 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 668:944, ack 1, win 318, length 276
23:38:58.032000 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 944:1108, ack 1, win 318, length 164
23:38:58.032164 IP 192.168.141.1.60176 > 192.168.141.128.22: Flags [.], ack 1108, win 254, length 0
23:38:58.032476 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 1108:1384, ack 1, win 318, length 276
23:38:58.032773 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 1384:1564, ack 1, win 318, length 180
23:38:58.032916 IP 192.168.141.1.60176 > 192.168.141.128.22: Flags [.], ack 1564, win 252, length 0
23:38:58.033153 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 1564:1840, ack 1, win 318, length 276
23:38:58.033565 IP 192.168.141.128.22 > 192.168.141.1.60176: Flags [P.], seq 1840:2020, ack 1, win 318, length 180
23:38:58.033715 IP 192.168.141.1.60176 > 192.168.141.128.22: Flags [.], ack 2020, win 250, length 0

##  可以设置不用那个端口和那个ip的包 ## 
[root@linux-01 ceshi]# tcpdump -nn -i ens33 not port 22  and host 192.168.141.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
[root@linux-01 ceshi]# 

## 抓取一个包存到一个文件 ##
[root@linux-01 ceshi]# tcpdump -nn -i ens33 -c 100 -w 1.cap
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C4 packets captured
5 packets received by filter
0 packets dropped by kernel
[root@linux-01 ceshi]# ls
#  1.cap  1.txt  2.sh  exec.sh  passwd  passwd1  source.sh

[root@linux-01 ceshi]# tcpdump -nn -i ens33 -c 10 -w 1.cap
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10 packets captured
10 packets received by filter
0 packets dropped by kernel
[root@linux-01 ceshi]# file 1.cap 
1.cap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 262144)
[root@linux-01 ceshi]# tcpdump  -r 1.cap 
reading from file 1.cap, link-type EN10MB (Ethernet)
00:57:33.051784 IP linux-01.ssh > 192.168.141.1.60176: Flags [P.], seq 144863656:144863804, ack 2117974276, win 362, length 148
00:57:33.052190 IP 192.168.141.1.60176 > linux-01.ssh: Flags [.], ack 148, win 251, length 0
00:57:34.528624 IP 192.168.141.1 > igmp.mcast.net: igmp v3 report, 1 group record(s)
00:57:34.528666 IP6 fe80::41c8:1472:340f:c8db > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
00:57:34.587128 IP 192.168.141.1 > igmp.mcast.net: igmp v3 report, 1 group record(s)
00:57:34.587165 IP6 fe80::41c8:1472:340f:c8db > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
00:57:34.587190 IP6 fe80::41c8:1472:340f:c8db.53559 > ff02::1:3.hostmon: UDP, length 33
00:57:34.587204 IP 192.168.141.1.52209 > 224.0.0.252.hostmon: UDP, length 33
00:57:34.681633 IP6 fe80::41c8:1472:340f:c8db.53559 > ff02::1:3.hostmon: UDP, length 33
00:57:34.681701 IP 192.168.141.1.52209 > 224.0.0.252.hostmon: UDP, length 33
[root@linux-01 ceshi]# 

## 安装tshark命令 ##
yum install -y wireshark
## 查看一个网站用户在访问服务器的地址 ##
shark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri" 

11.linux网络相关

在这里插入图片描述

11.1设置一个虚拟网卡

  • 设置一个虚拟网卡的步骤:
  • 系统有的网卡 ifcfg-ens33复制一份,更名为ifcfg-ens33:0
  • 更改ifcfg-ens33:0 信息,更改网卡名称,ip地址
  • 重启网卡ens33
[root@linux-01 ceshi]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.141.128  netmask 255.255.255.0  broadcast 192.168.141.255
        inet6 fe80::8db4:d867:92de:d2d1  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:6d:81:cc  txqueuelen 1000  (Ethernet)
        RX packets 352365  bytes 47836917 (45.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 151822  bytes 33225129 (31.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        
[root@linux-01 ~]# cd /etc/sysconfig/network-scripts/
[root@linux-01 network-scripts]# cp ifcfg-ens33   ifcfg-ens33\:0    //这儿的反斜杠是为了注释冒号
[root@linux-01 network-scripts]# ls
ifcfg-ens33    ifdown-bnep  ifdown-isdn    ifdown-sit       ifup          ifup-ippp  ifup-plusb   ifup-sit       ifup-wireless
ifcfg-ens33:0  ifdown-eth   ifdown-post    ifdown-Team      ifup-aliases  ifup-ipv6  ifup-post    ifup-Team      init.ipv6-global
ifcfg-lo       ifdown-ippp  ifdown-ppp     ifdown-TeamPort  ifup-bnep     ifup-isdn  ifup-ppp     ifup-TeamPort  network-functions
ifdown         ifdown-ipv6  ifdown-routes  ifdown-tunnel    ifup-eth      ifup-plip  ifup-routes  ifup-tunnel    network-functions-ipv6

[root@linux-01 network-scripts]# vim ifcfg-ens33:0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33:0
UUID=a6258a23-8add-4e49-b1f8-799e60a3bdbe
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.141.122
NETMASK=255.255.255.0
GATEWAY=192.168.141.2

## 如果在使用远程连接的服务器,尽量不适用ifdown ens33,这样关闭掉网卡需要从本机启动网卡 ##
[root@linux-01 network-scripts]# ifdown ens33 && ifup ens33
成功断开设备 'ens33'。
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/4)
[root@linux-01 network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.141.128  netmask 255.255.255.0  broadcast 192.168.141.255
        inet6 fe80::8db4:d867:92de:d2d1  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:6d:81:cc  txqueuelen 1000  (Ethernet)
        RX packets 353689  bytes 47962251 (45.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 152668  bytes 33335091 (31.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.141.122  netmask 255.255.255.0  broadcast 192.168.141.255
        ether 00:0c:29:6d:81:cc  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

11.2 查看网卡是否有连接

[root@linux-01 network-scripts]# mii-tool ens33
ens33: negotiated 1000baseT-FD flow-control, link ok
[root@linux-01 network-scripts]# 

[root@linux-01 network-scripts]# ethtool  ens33
Settings for ens33:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full å
	                        1000baseT/Full 
	Supported pause frame use: No
	Supports auto-negotiation: Yes
	Supported FEC modes: Not reported
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: Yes
	Advertised FEC modes: Not reported
	Speed: 1000Mb/s
	Duplex: Full
	Port: Twisted Pair
	PHYAD: 0
	Transceiver: internal
	Auto-negotiation: on
	MDI-X: off (auto)
	Supports Wake-on: d
	Wake-on: d
	Current message level: 0x00000007 (7)
			       drv probe link
	Link detected: yes      //查看此处的的状态是yes或者no
[root@linux-01 network-scripts]# 

11.3 更改主机名

使用hostnamectl,命令只有centos7有,centos6是没有的

[root@linux-01 ~]# hostnamectl set-hostname  linux-001
[root@linux-01 ~]# hostname
linux-001
[root@linux-01 ~]# bash
[root@linux-001 ~]# exit
exit
[root@linux-01 ~]# 

11.4 dns配置文件/etc/resolv.conf

/etc/resolv.conf 此配置文件是dns的配置文件,如果修改此配置文件,再次登录系统后,会去读取网卡的配置里面的dns配置信息。

[root@linux-01 ~]# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
nameserver 192.168.141.2
[root@linux-01 ~]# 

11.5 hosts文件

[root@linux-01 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@linux-01 ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.141.128 www.baidu.com www.qq.com

[root@linux-01 ~]# ping www.baidu.com
PING www.baidu.com (192.168.141.128) 56(84) bytes of data.
64 bytes from www.baidu.com (192.168.141.128): icmp_seq=1 ttl=64 time=0.159 ms
64 bytes from www.baidu.com (192.168.141.128): icmp_seq=2 ttl=64 time=0.120 ms
64 bytes from www.baidu.com (192.168.141.128): icmp_seq=3 ttl=64 time=0.096 ms
^C
--- www.baidu.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.096/0.125/0.159/0.025 ms
[root@linux-01 ~]# ping www.qq.com
PING www.baidu.com (192.168.141.128) 56(84) bytes of data.
64 bytes from www.baidu.com (192.168.141.128): icmp_seq=1 ttl=64 time=0.116 ms
64 bytes from www.baidu.com (192.168.141.128): icmp_seq=2 ttl=64 time=0.095 ms
^C
--- www.baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.095/0.105/0.116/0.014 ms
[root@linux-01 ~]# 

课后总结

1. tcp三次握手和四次挥手

1.1 建立连接:三次握手

三次握手小例子:
在红军时代,A连和B连分在左右翼,约定在几时几分一同发起打击。这个几时几分的信息就需要人工通过通讯员来走路传递。所以A连指挥官派出通讯员。
这是第一次。
假设通讯员到达了B连,并且告知了B连指挥官几时几分,B连指挥官一定会让通讯员再回去通知A连指挥官,可怜的通讯员只能冒着危险返回A连,因为A连指挥官看不到通讯员返回的话,不知道几时几分这个信息到底传达到了B连没有。
这是第二次。
现在B连指挥官开始担心通讯员是否回到了A连,如果没回到,B连指挥官会设身处地的想一想A连指挥官见不到返回的通讯员,肯定是不敢打的,所以B连指挥官最盼望的是再次看到通讯员出现在B连,所以A连指挥官会让通讯员再回B连一次。
这是第三次。 这就是三次握手

由于TCP连接时全双工的,因此,每个方向都必须要单独进行关闭,这一原则是当一方完成数据发送任务后,发送一个FIN来终止这一方向的连接,收到一个FIN只是意味着这一方向上没有数据流动了,即不会再收到数据了,但是在这个TCP连接上仍然能够发送数据,直到这一方向也发送了FIN。首先进行关闭的一方将执行主动关闭,而另一方则执行被动关闭,下图描述的即是如此。

在这里插入图片描述

tcp连接过程: 在TCP/IP协议中,TCP协议提供可靠的连接服务,采用三次握手建立一个连接。
第一次握手:建立连接时,客户端A发送SYN包(SYN=j)到服务器B,并进入SYN_SEND状态,等待服务器B确认。

第二次握手:服务器B收到SYN包,必须确认客户A的SYN(ACK=j+1),同时自己也发送一个SYN包(SYN=k),即SYN+ACK包,此时服务器B进入SYN_RECV状态。

第三次握手:客户端A收到服务器B的SYN+ACK包,向服务器B发送确认包ACK(ACK=k+1),此包发送完毕,客户端A和服务器B进入ESTABLISHED状态,完成三次握手。
完成三次握手,客户端与服务器开始传送数据。

SYN攻击:在三次握手过程中,服务器发送SYN-ACK之后,收到客户端的ACK之前的TCP连接称为半连接(half-open
connect).此时服务器处于Syn_RECV状态.当收到ACK后,服务器转入ESTABLISHED状态. Syn攻击就是 攻击客户端
在短时间内伪造大量不存在的IP地址,向服务器不断地发送syn包,服务器回复确认包,并等待客户的确认,由于源地址是不存在的,服务器需要不断的重发直
至超时,这些伪造的SYN包将长时间占用未连接队列,正常的SYN请求被丢弃,目标系统运行缓慢,严重者引起网络堵塞甚至系统瘫痪。
Syn攻击是一个典型的DDOS攻击。检测SYN攻击非常的方便,当你在服务器上看到大量的半连接状态时,特别是源IP地址是随机的,基本上可以断定这是一次SYN攻击.在Linux下可以如下命令检测是否被Syn攻击
netstat -n -p TCP | grep SYN_RECV
一般较新的TCP/IP协议栈都对这一过程进行修正来防范Syn攻击,修改tcp协议实现。主要方法有SynAttackProtect保护机制、SYN
cookies技术、增加最大半连接和缩短超时时间等. 但是不能完全防范syn攻击。

1.2 关闭连接:四次挥手

TCP的连接的拆除需要发送四个包,因此称为四次挥手(four-way handshake)。客户端或服务器均可主动发起挥手动作,在socket编程中,任何一方执行close()操作即可产生挥手操作。

​​在这里插入图片描述
在这里插入图片描述
第一次挥手:
Client发送一个FIN,用来关闭Client到Server的数据传送,Client进入FIN_WAIT_1状态。
第二次挥手:
Server收到FIN后,发送一个ACK给Client,确认序号为收到序号+1(与SYN相同,一个FIN占用一个序号),Server进入CLOSE_WAIT状态。
第三次挥手:
Server发送一个FIN,用来关闭Server到Client的数据传送,Server进入LAST_ACK状态。
第四次挥手:
client发回ACK报文确认,并将确认序号设置为收到序号加1

1.3 三次握手和四次挥手的状态

在这里插入图片描述
三次握手状态:​​

CLOSED:初始状态,表示TCP连接是“关闭着的”或“未打开的”。
LISTEN :表示服务器端的某个SOCKET处于监听状态,可以接受客户端的连接。
SYN_RCVD :表示接收到了SYN报文。在正常情况下,这个状态是服务器端的SOCKET在建立TCP连接时的三次握手会话过程中的一个中间状态,很短暂,基本上用netstat很难看到这种状态,除非故意写一个监测程序,将三次TCP握手过程中最后一个ACK报文不予发送。当TCP连接处于此状态时,再收到客户端的ACK报文,它就会进入到ESTABLISHED 状态。
SYN_SENT :这个状态与SYN_RCVD 状态相呼应,当客户端SOCKET执行connect()进行连接时,它首先发送SYN报文,然后随即进入到SYN_SENT 状态,并等待服务端的发送三次握手中的第2个报文。SYN_SENT 状态表示客户端已发送SYN报文。
ESTABLISHED :表示TCP连接已经成功建立。

四次挥手状态:

FIN_WAIT_1 :这个状态得好好解释一下,其实FIN_WAIT_1 和FIN_WAIT_2 两种状态的真正含义都是表示等待对方的FIN报文。而这两种状态的区别是:FIN_WAIT_1状态实际上是当SOCKET在ESTABLISHED状态时,它想主动关闭连接,向对方发送了FIN报文,此时该SOCKET进入到FIN_WAIT_1 状态。而当对方回应ACK报文后,则进入到FIN_WAIT_2 状态。当然在实际的正常情况下,无论对方处于任何种情况下,都应该马上回应ACK报文,所以FIN_WAIT_1 状态一般是比较难见到的,而FIN_WAIT_2 状态有时仍可以用netstat看到。
FIN_WAIT_2 :上面已经解释了这种状态的由来,实际上FIN_WAIT_2状态下的SOCKET表示半连接,即有一方调用close()主动要求关闭连接。注意:FIN_WAIT_2 是没有超时的(不像TIME_WAIT 状态),这种状态下如果对方不关闭(不配合完成4次挥手过程),那这个 FIN_WAIT_2 状态将一直保持到系统重启,越来越多的FIN_WAIT_2 状态会导致内核crash。
TIME_WAIT :表示收到了对方的FIN报文,并发送出了ACK报文。 TIME_WAIT状态下的TCP连接会等待2*MSL(Max Segment Lifetime,最大分段生存期,指一个TCP报文在Internet上的最长生存时间。每个具体的TCP协议实现都必须选择一个确定的MSL值,RFC 1122建议是2分钟,但BSD传统实现采用了30秒,Linux可以cat /proc/sys/net/ipv4/tcp_fin_timeout看到本机的这个值),然后即可回到CLOSED 可用状态了。如果FIN_WAIT_1状态下,收到了对方同时带FIN标志和ACK标志的报文时,可以直接进入到TIME_WAIT状态,而无须经过FIN_WAIT_2状态。
CLOSING :这种状态在实际情况中应该很少见,属于一种比较罕见的例外状态。正常情况下,当一方发送FIN报文后,按理来说是应该先收到(或同时收到)对方的ACK报文,再收到对方的FIN报文。但是CLOSING 状态表示一方发送FIN报文后,并没有收到对方的ACK报文,反而却也收到了对方的FIN报文。什么情况下会出现此种情况呢?那就是当双方几乎在同时close()一个SOCKET的话,就出现了双方同时发送FIN报文的情况,这是就会出现CLOSING 状态,表示双方都正在关闭SOCKET连接。
CLOSE_WAIT :表示正在等待关闭。怎么理解呢?当对方close()一个SOCKET后发送FIN报文给自己,你的系统毫无疑问地将会回应一个ACK报文给对方,此时TCP连接则进入到CLOSE_WAIT状态。接下来呢,你需要检查自己是否还有数据要发送给对方,如果没有的话,那你也就可以close()这个SOCKET并发送FIN报文给对方,即关闭自己到对方这个方向的连接。有数据的话则看程序的策略,继续发送或丢弃。简单地说,当你处于CLOSE_WAIT 状态下,需要完成的事情是等待你去关闭连接。
LAST_ACK :当被动关闭的一方在发送FIN报文后,等待对方的ACK报文的时候,就处于LAST_ACK 状态。当收到对方的ACK报文后,也就可以进入到CLOSED 可用状态了。

2.ip命令的使用

  1. 设置和删除IP
    ip addr add 192.168.10.10/24 dev eth0
    ip addr show eth0
    ip addr del 192.168.10.10/24 dev eth0

  2. 路由相关设置
    ip route show
    ip route add default via 192.168.10.1
    ip route add 192.168.5.0/24 dev eth0
    ip route del 192.168.10.1

  3. 另外用route命令来管理路由:
    (a)、网络路由
    route add -net 192.168.1.0/24 gw 172.16.1.106
    (b)、主机路由
    route add -host 192.168.1.110 gw 172.16.1.106
    (c)、默认路由
    route add default gw 172.16.1.106

    route add -net 0.0.0.0 gw 172.16.1.106
    (d)、删除路由
    route del -host 192.168.1.110
    route del -net 192.168.1.0/24

  4. 显示网络统计数据
    ip -s link
    ip -s -s link ls eth0

  5. 停止开启网卡
    ip link set eth0 down
    ip linke set eth0 up

3. 更改网卡名字

ip link set ens37 name eth1
永久保存:https://blog.csdn.net/jyusun/article/details/71513086

展开阅读全文

没有更多推荐了,返回首页