查询套接字信息#-l只显示监听套接字#-n显示地址和端口#-p显示进程信息$netstat-nlpActiveInternetconnections(onlyservers)P
查询套接字信息
# -l 只显示监听套接字# -n 显示地址和端口# -p 显示进程信息$ netstat -nlpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:8028 0.0.0.0:* LISTEN 343570/java tcp 0 0 0.0.0.0:8030 0.0.0.0:* LISTEN 443862/java tcp 0 0 0.0.0.0:8031 0.0.0.0:* LISTEN 443864/java tcp 0 0 0.0.0.0:8032 0.0.0.0:* LISTEN 443868/java tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 1440/zabbix_agentd tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 910064/java
# -l 显示监听套接字# -t 显示TCP套接字# -n 显示地址和端口# -p 显示进程信息$ ss -ltnpState Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 100 *:8028 *:* users:((\"java\",pid=343570,fd=97))LISTEN 0 100 *:8030 *:* users:((\"java\",pid=443862,fd=202))LISTEN 0 100 *:8031 *:* users:((\"java\",pid=443864,fd=203))LISTEN 0 100 *:8032 *:* users:((\"java\",pid=443868,fd=35))
这些指标中,主要关注:
- State,套接字的状态;
- Recv-Q,接收队列;
- Send-Q,发送队列;
- Local Addredd:Port,本地地址端口;
- Peer Address:Port,远程地址端口;
- pid,进程pid;
查看网络统计信息
# 每隔5秒输出一组数据$ sar -n DEV 502:35:40 PM IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s02:35:50 PM eth0 635.90 753.80 131.98 272.04 0.00 0.00 0.0002:35:50 PM lo 28.80 28.80 9.09 9.09 0.00 0.00 0.0002:35:50 PM docker0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
这些指标中,主要关注:
- rxpck/s 与 txpck/s 表示接收和发送的数据包数量;
- rxkB/s 与 txkB/s 表示接收和发送的数据大小;
查询远程主机的联通性
# -c5表示发送5次包后停止$ ping -c5 127.0.0.1PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.053 ms64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.037 ms64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.068 ms64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.027 ms64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.022 ms--- 127.0.0.1 ping statistics ---5 packets transmitted, 5 received, 0% packet loss, time 4000msrtt min/avg/max/mdev = 0.022/0.041/0.068/0.017 m
这些指标中,主要关注:
- packets transmitted,发送了多少个网络数据包;
- received,接收到了多少个网络数据包的响应;
- rtt,往返时延统计;
使用tcpdump抓包
# -nn 表示不解析抓包中的域名、协议以及端口# port 表示只显示指定端口(源端口号和目标端口号)的包# host 表示只显示指定ip地址(源地址和目标地址)的包# -w file.pcap 将抓包数据保存到文件中,导入wireshark分析$ tcpdump -nn port 80 or host 127.0.0.1tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes15:22:07.447545 IP 45.195.243.75.49791 > 11.104.162.234.80: Flags [S], seq 2927125310, win 8192, options [mss 1424,nop,nop,sackOK], length 015:22:07.447578 IP 11.104.162.234.80 > 45.195.243.75.49791: Flags [S.], seq 2514974421, ack 2927125311, win 29200, options [mss 1460,nop,nop,sackOK], length 015:22:07.463852 IP 106.53.16.202.58801 > 11.104.162.234.80: Flags [S], seq 3214221967, win 14600, options [mss 1424,nop,nop,sackOK,nop,wscale 7], length 015:22:07.463888 IP 11.104.162.234.80 > 106.53.16.202.58801: Flags [S.], seq 2489797702, ack 3214221968, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 015:22:07.464344 IP 106.53.16.202.58801 > 11.104.162.234.80: Flags [.], ack 1, win 115, length 015:22:07.464384 IP 106.53.16.202.58801 > 11.104.162.234.80: Flags [P.], seq 1:91, ack 1, win 115, length 90: HTTP: GET / HTTP/1.115:22:07.464396 IP 11.104.162.234.80 > 106.53.16.202.58801: Flags [.], ack 91, win 229, length 015:22:07.464507 IP 11.104.162.234.80 > 106.53.16.202.58801: Flags [.], seq 1:5697, ack 91, win 229, length 5696: HTTP: HTTP/1.1 200 OK15:22:07.464556 IP 11.104.162.234.80 > 106.53.16.202.58801: Flags [FP.], seq 5697:5841, ack 91, win 229, length 144: HTTP15:22:07.464967 IP 106.53.16.202.58801 > 11.104.162.234.80: Flags [.], ack 1425, win 137, length 015:22:07.464977 IP 106.53.16.202.58801 > 11.104.162.234.80: Flags [R.], seq 91, ack 1425, win 137, length 015:22:07.465016 IP 169.254.212.207.58801 > 11.104.162.234.80: Flags [R], seq 3214222058, win 0, length 015:22:07.465029 IP 169.254.212.207.58801 > 11.104.162.234.80: Flags [R], seq 3214222058, win 0, length 015:22:07.465032 IP 169.254.212.207.58801 > 11.104.162.234.80: Flags [R], seq 3214222058, win 0, length 015:22:07.465035 IP 169.254.212.207.58801 > 11.104.162.234.80: Flags [R], seq 3214222058, win 0, length 0
这些数据包的格式为:时间戳 协议 源地址.源端口号 > 目标地址.目标端口号 网络包信息
总结
以上便是查询Linux网络使用情况常用的命令,在此记录一下方便以后查看。
本文内容由互联网用户自发贡献,该文观点仅代表作者本人,本站仅供展示。如发现本站有涉嫌抄袭侵权/违法违规的内容,请发送邮件至 97552693@qq.com 举报,一经查实,本站将立刻删除。