基础概念
MTU:最大传输单元
性能优化
⑴netstat
查看协议栈信息
[work(caibin)@tjtx145-93-90 /]$ netstat -s
Ip:
12832996037 total packets received
0 forwarded
0 incoming packets discarded
12832996037 incoming packets delivered
12929080745 requests sent out
54971 fragments received ok
117666 fragments created
Icmp:
25 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 17
echo requests: 6
echo replies: 2
157 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 148
echo request: 3
echo replies: 6
IcmpMsg:
InType0: 2
InType3: 17
InType8: 6
OutType0: 6
OutType3: 148
OutType8: 3
Tcp:
11848725 active connections openings
56357037 passive connection openings
240047 failed connection attempts
13122 connection resets received
705 connections established
12832633941 segments received
12916779456 segments send out
1186477 segments retransmited
38 bad segments received.
132307 resets sent
Udp:
361868 packets received
148 packets to unknown port received.
0 packet receive errors
19970978 packets sent
UdpLite:
TcpExt:
240047 resets received for embryonic SYN_RECV sockets
26597914 TCP sockets finished time wait in fast timer
1070989 time wait sockets recycled by time stamp
11419 packets rejects in established connections because of timestamp
36976927 delayed acks sent
553100 delayed acks further delayed because of locked socket
Quick ack mode was activated 219380 times
566496236 packets header predicted
119513154 acknowledgments not containing data received
568548034 predicted acknowledgments
203 times recovered from packet loss due to SACK data
Detected reordering 723 times using SACK
Detected reordering 7 times using reno fast retransmit
Detected reordering 1 times using time stamp
4 congestion windows fully recovered
1 congestion windows partially recovered using Hoe heuristic
TCPDSACKUndo: 6
47837 congestion windows recovered after partial ack
TCPLostRetransmit: 95741
14 timeouts after SACK recovery
212 fast retransmits
5 retransmits in slow start
745411 other TCP timeouts
TCPLossProbes: 280569
TCPLossProbeRecovery: 194
65909 DSACKs sent for old packets
10844 DSACKs received
12819 connections reset due to unexpected data
212 connections reset due to early user close
35 connections aborted due to timeout
TCPDSACKIgnoredNoUndo: 9249
TCPSackShifted: 11
TCPSackMerged: 2
TCPSackShiftFallback: 1163
TCPRcvCoalesce: 626193
TCPOFOQueue: 156
TCPChallengeACK: 220
TCPSYNChallenge: 225
TCPWantZeroWindowAdv: 9
TCPSynRetrans: 464368
TCPOrigDataSent: 12645608852
TCPHystartTrainDetect: 250
TCPHystartTrainCwnd: 6169
TCPACKSkippedSynRecv: 41
TCPACKSkippedPAWS: 41
TCPACKSkippedSeq: 15
TCPACKSkippedTimeWait: 12
TCPACKSkippedChallenge: 5
TCPKeepAlive: 889526
TCPDelivered: 12657365842
TCPAckCompressed: 25
IpExt:
InOctets: 610501136224
OutOctets: 1568329318460
InNoECTPkts: 12841498885
⑵ss
查看网络连接信息,比netstat性能好
[work(caibin)@tjtx145-93-90 /]$ ss -ltnp | head -n 3
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 1 ::ffff:127.0.0.1:9001 :::* users:(("java",1450,51))
LISTEN 0 128 :::22 :::*
不同的State对应的Recv-Q Send-Q也不同,当处于Listen状态时,
Recv-Q syn backlog的当前值
Send-Q 最大的syn backlog值
sar
查看网络统计信息
[work(caibin)@tjtx145-93-90 /]$ sar -n DEV 1 1
Linux 4.18.7-1.el7.elrepo.x86_64 (tjtx145-93-90.58os.org) 02/06/2020 _x86_64_(48 CPU)
03:12:26 PM IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
03:12:27 PM tunnat 0.00 0.00 0.00 0.00 0.00 0.00 0.00
03:12:27 PM tunl0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
03:12:27 PM eth0 6306.00 6283.00 365.61 823.71 0.00 0.00 0.00
03:12:27 PM lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
Average: tunnat 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: tunl0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth0 6306.00 6283.00 365.61 823.71 0.00 0.00 0.00
Average: lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
这个也是非常重要的
rxpck/s 接受 包/s
txpck/s 发送 包/s
rxkB/s 接受 kb/s
txkB/s 发送 kb/s
rxcmp/s 接受压缩数据包数 包/s
rxmcst/s 发送压缩数据包数 包/s
我们用rxkB * 1024 / rxpck 就可以计算出每个包大小,如果只有几十B,那可能就是SYN攻击。
ifconfig
来源/proc/net/dev接口
[work(caibin)@tjtx145-93-90 ~]$ ifconfig
eth0 Link encap(连接类型):Ethernet(以太网) HWaddr(MAC地址) 92:7A:C7:E3:41:CC
inet addr(IP地址):10.145.93.90 Bcast(广播地址):10.145.255.255 Mask(掩码地址):255.255.0.0
inet6 addr: fe80::907a:c7ff:fee3:41cc/64 Scope:Link
UP(网卡开启状态) BROADCAST RUNNING(网线接上) MULTICAST(支持组播) MTU(最大传输单元字节):1500 Metric:1
RX packets:11218253104 errors:0 dropped:0 overruns:0 frame:0
TX packets:11211413345 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:690640876104 (643.2 GiB) TX bytes:1517555739337 (1.3 TiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:30 errors:0 dropped:0 overruns:0 frame:0
TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2277 (2.2 KiB) TX bytes:2277 (2.2 KiB)
tunnat Link encap:IPIP Tunnel HWaddr
inet addr:127.0.0.53 P-t-P:127.0.0.53 Mask:255.255.255.255
inet6 addr: fe80::5efe:a91:5d5a/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:28487 errors:473 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:1733667 (1.6 MiB)
以下指标不为0,通常网络IO出现了问题
errors:发生错误的数据包数,比如校验错误
dropped:丢弃的网络包数,数据包收到了Ring Buffer,但内存不足
overruns:超限的网络包数,Ring Buffer的数据包来不及处理,队列满丢包
carrier:一般是双工模式不匹配,物理电缆问题等
collisions:碰撞数据包数
⑷tcpdump
最重要的,一般都会写入文件然后用wireshark进行分析