1. 程式人生 > >查看磁盤io、內存free、系統進程ps、網絡狀態netstat、Linux抓包tcpdump

查看磁盤io、內存free、系統進程ps、網絡狀態netstat、Linux抓包tcpdump

ipv mon 1.3 sda verify available x86 4.0 length

查看磁盤io性能狀態

iostat -x

查看磁盤使用(安裝包與sar的安裝包一起)
主要查看%util

[root@shu-test ~]# iostat -x
Linux 3.10.0-693.el7.x86_64 (shu-test)     2018年01月23日     _x86_64_    (1 CPU)
avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           0.13    0.00    0.44    0.15    0.00   99.28
Device:         rrqm/s   wrqm/s     r/s     w/s    rkB/s    wkB/s avgrq-sz avgqu-sz   await r_await w_await  svctm  %util
sda               0.00     0.12    7.63    2.61   110.65    11.27    23.83     0.01    0.97    0.89    1.18   0.37   0.38
sdb               0.00     0.00    0.10    0.00     2.28     0.00    45.16     0.00    0.35    0.35    0.00   0.35   0.00
scd0              0.00     0.00    0.02    0.00     1.11     0.00   114.22     0.00    2.39    2.39    0.00   2.17   0.00
[root@shu-test ~]#

iotop

當發現io很忙,可以使用iotop查詢是哪個進程使用io大;

安裝包


yum install -y iotop

查看磁盤io使用進程;

[root@shu-test ~]# iotop
Total DISK READ :    0.00 B/s | Total DISK WRITE :       0.00 B/s
Actual DISK READ:    0.00 B/s | Actual DISK WRITE:       0.00 B/s
  TID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND                                             
    1 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % systemd --switched-root --system --deserialize 21
    2 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kthreadd]
    3 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [ksoftirqd/0]
    5 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kworker/0:0H]
    7 rt/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [migration/0]
    8 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [rcu_bh]
    9 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [rcu_sched]
   10 rt/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [watchdog/0]
   12 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kdevtmpfs]
   13 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [netns]
   14 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [khungtaskd]
   15 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [writeback]
   16 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kintegrityd]
   17 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [bioset]
   18 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kblockd]
   19 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [md]
  533 be/4 dbus        0.00 B/s    0.00 B/s  0.00 %  0.00 % dbus-daemon --system --addr~idfile --systemd-activation
   25 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [kswapd0]
   26 be/5 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [ksmd]
   27 be/7 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [khugepaged]
   28 be/0 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % [crypto]

free命令

查看內存使用情況

[root@shu-test ~]# free
              total        used        free      shared  buff/cache   available
Mem:        1008152      122192      636236        6864      249724      711676
Swap:       2097148           0     2097148
[root@shu-test ~]#

Mem:內存使用情況
Swap:交換分區使用情況
total:總大小;
used:使用中;

free:剩余數量;
shared:共享中的;
buff/cache:緩存;
available:可獲得的;

公式:
total=used+free+cache
avaliable包含free和buffer/cache剩余部分

用單位表示數據顯示;
free -h

[root@shu-test ~]# free -h
              total        used        free      shared  buff/cache   available
Mem:           984M        119M        621M        6.7M        243M        695M
Swap:          2.0G          0B        2.0G
[root@shu-test ~]#

ps命令

查看系統進程(特重要)

ps aux

將系統是由進程靜態的列出(top為動態)

[root@shu-test ~]# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.6 128164  6820 ?        Ss   16:10   0:01 /usr/lib/systemd/systemd --switched-root --system
root         2  0.0  0.0      0     0 ?        S    16:10   0:00 [kthreadd]
root         3  0.0  0.0      0     0 ?        S    16:10   0:00 [ksoftirqd/0]
root         5  0.0  0.0      0     0 ?        S<   16:10   0:00 [kworker/0:0H]
root         7  0.0  0.0      0     0 ?        S    16:10   0:00 [migration/0]
root         8  0.0  0.0      0     0 ?        S    16:10   0:00 [rcu_bh]
root         9  0.0  0.0      0     0 ?        R    16:10   0:00 [rcu_sched]
root        10  0.0  0.0      0     0 ?        S    16:10   0:00 [watchdog/0]
root        12  0.0  0.0      0     0 ?        S    16:10   0:00 [kdevtmpfs]
root        13  0.0  0.0      0     0 ?        S<   16:10   0:00 [netns]
root        14  0.0  0.0      0     0 ?        S    16:10   0:00 [khungtaskd]
root        15  0.0  0.0      0     0 ?        S<   16:10   0:00 [writeback]
root        16  0.0  0.0      0     0 ?        S<   16:10   0:00 [kintegrityd]
root        17  0.0  0.0      0     0 ?        S<   16:10   0:00 [bioset]
root        18  0.0  0.0      0     0 ?        S<   16:10   0:00 [kblockd]
root        19  0.0  0.0      0     0 ?        S<   16:10   0:00 [md]
root        25  0.0  0.0      0     0 ?        S    16:10   0:00 [kswapd0]
root        26  0.0  0.0      0     0 ?        SN   16:10   0:00 [ksmd]
root        27  0.0  0.0      0     0 ?        SN   16:10   0:00 [khugepaged]
root        28  0.0  0.0      0     0 ?        S<   16:10   0:00 [crypto]
root        36  0.0  0.0      0     0 ?        S<   16:10   0:00 [kthrotld]
root        37  0.0  0.0      0     0 ?        S    16:10   0:00 [kworker/u128:1]
root        38  0.0  0.0      0     0 ?        S<   16:10   0:00 [kmpath_rdacd]
root        39  0.0  0.0      0     0 ?        S<   16:10   0:00 [kpsmoused]
root        41  0.0  0.0      0     0 ?        S<   16:10   0:00 [ipv6_addrconf]
root        60  0.0  0.0      0     0 ?        S<   16:10   0:00 [deferwq]
root        92  0.0  0.0      0     0 ?        S    16:10   0:00 [kauditd]
root       229  0.0  0.0      0     0 ?        S<   16:10   0:00 [mpt_poll_0]
root       231  0.0  0.0      0     0 ?        S<   16:10   0:00 [mpt/0]
root       233  0.0  0.0      0     0 ?        S<   16:10   0:00 [ata_sff]
root       241  0.0  0.0      0     0 ?        S    16:10   0:00 [scsi_eh_0]
root       242  0.0  0.0      0     0 ?        S<   16:10   0:00 [scsi_tmf_0]
root       243  0.0  0.0      0     0 ?        S    16:10   0:00 [scsi_eh_1]
root       246  0.0  0.0      0     0 ?        S<   16:10   0:00 [scsi_tmf_1]
root       249  0.0  0.0      0     0 ?        S    16:10   0:00 [scsi_eh_2]
root       251  0.0  0.0      0     0 ?        S<   16:10   0:00 [scsi_tmf_2]
root       252  0.0  0.0      0     0 ?        S    16:10   0:00 [kworker/u128:2]
root       255  0.0  0.0      0     0 ?        S<   16:10   0:00 [ttm_swap]
root       276  0.0  0.0      0     0 ?        S<   16:10   0:00 [bioset]
root       277  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfsalloc]
root       278  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs_mru_cache]
root       279  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-buf/sda3]
root       280  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-data/sda3]
root       281  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-conv/sda3]
root       282  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-cil/sda3]
root       283  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-reclaim/sda]
root       284  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-log/sda3]
root       285  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-eofblocks/s]
root       286  0.0  0.0      0     0 ?        S    16:10   0:00 [xfsaild/sda3]
root       353  0.0  0.2  34940  2788 ?        Ss   16:10   0:00 /usr/lib/systemd/systemd-journald
root       372  0.0  0.4 121356  4084 ?        Ss   16:10   0:00 /usr/sbin/lvmetad -f
root       374  0.0  0.5  47696  5736 ?        Ss   16:10   0:00 /usr/lib/systemd/systemd-udevd
root       417  0.0  0.0      0     0 ?        S<   16:10   0:00 [kworker/0:1H]
root       439  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-buf/sda1]
root       441  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-data/sda1]
root       442  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-conv/sda1]
root       444  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-cil/sda1]
root       446  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-reclaim/sda]
root       448  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-log/sda1]
root       450  0.0  0.0      0     0 ?        S<   16:10   0:00 [xfs-eofblocks/s]
root       452  0.0  0.0      0     0 ?        S    16:10   0:00 [xfsaild/sda1]
root       500  0.0  0.0  55452   900 ?        S<sl 16:10   0:00 /sbin/auditd
root       524  0.0  0.1  24204  1668 ?        Ss   16:10   0:00 /usr/lib/systemd/systemd-logind
polkitd    527  0.0  1.3 534888 13884 ?        Ssl  16:10   0:00 /usr/lib/polkit-1/polkitd --no-debug
root       529  0.0  0.6  99608  6100 ?        Ss   16:10   0:00 /usr/bin/VGAuthService -s
root       531  0.0  0.4 214500  4720 ?        Ssl  16:10   0:00 /usr/sbin/rsyslogd -n
dbus       533  0.0  0.1  32776  1860 ?        Ssl  16:10   0:00 /bin/dbus-daemon --system --address=systemd: --nof
root       549  0.1  0.6 305368  6324 ?        Ssl  16:10   0:04 /usr/bin/vmtoolsd
root       554  0.0  0.1 126236  1676 ?        Ss   16:10   0:00 /usr/sbin/crond -n
root       556  0.0  0.0 110044   828 tty1     Ss+  16:10   0:00 /sbin/agetty --noclear tty1 linux
chrony     559  0.0  0.1 115640  1780 ?        S    16:10   0:00 /usr/sbin/chronyd
root       569  0.0  2.8 334236 28996 ?        Ssl  16:10   0:00 /usr/bin/python -Es /usr/sbin/firewalld --nofork -
root       584  0.0  0.8 472132  9016 ?        Ssl  16:10   0:00 /usr/sbin/NetworkManager --no-daemon
root       886  0.0  1.8 562392 18644 ?        Ssl  16:10   0:00 /usr/bin/python -Es /usr/sbin/tuned -l -P
root       887  0.0  0.4 105996  4072 ?        Ss   16:10   0:00 /usr/sbin/sshd -D
root       988  0.0  0.2  89544  2092 ?        Ss   16:10   0:00 /usr/libexec/postfix/master -w
postfix    989  0.0  0.3  89648  4004 ?        S    16:10   0:00 pickup -l -t unix -u
postfix    990  0.0  0.3  89716  4024 ?        S    16:10   0:00 qmgr -l -t unix -u
root       998  0.0  0.5 145700  5212 ?        Ss   16:10   0:00 sshd: root@pts/0
root      1001  0.0  0.2 116156  2984 pts/0    Ss   16:10   0:00 -bash
root      1071  0.0  0.0      0     0 ?        R    16:41   0:01 [kworker/0:0]
root      1100  0.0  0.0 123208   780 ?        Ss   17:01   0:00 /usr/sbin/anacron -s
root      1103  0.0  0.0      0     0 ?        S    17:01   0:00 [kworker/0:2]
root      1104  0.0  0.0      0     0 ?        S    17:06   0:00 [kworker/0:1]
root      1111  0.0  0.0      0     0 ?        S    17:11   0:00 [kworker/0:3]
root      1123  0.0  0.1 151064  1820 pts/0    R+   17:14   0:00 ps aux
[root@shu-test ~]#

USER:所屬用戶;
PID:進程的標簽,配合kill殺死進程;

STAT部分詳解:
D:不能中斷的進程;
R:run狀態的進程;
S:sleep狀態的進程;
T:暫停的進程;
Z:僵屍進程;
<:高優先級進程;
N:低優先級進程;
L:內存中被鎖了的內存分頁;
s:主進程;
l:多線程進程;
+:前臺進程;

查詢進程

ps aux | grep 進程名
查詢當前進程是否存在或運行;

[root@shu-test ~]# ps aux | grep nginx
root      1141  0.0  0.0 112676   984 pts/0    S+   17:30   0:00 grep --color=auto nginx
[root@shu-test ~]#

netstat

查看網絡狀態

netstat -lnp

查看監聽的端口

[root@shu-test ~]# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      887/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      988/master          
tcp6       0      0 :::22                   :::*                    LISTEN      887/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      988/master          
udp        0      0 127.0.0.1:323           0.0.0.0:*                           559/chronyd         
udp6       0      0 ::1:323                 :::*                                559/chronyd         
raw6       0      0 :::58                   :::*                    7           584/NetworkManager  
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     18543    988/master           public/flush
unix  2      [ ACC ]     STREAM     LISTENING     18558    988/master           public/showq
unix  2      [ ACC ]     STREAM     LISTENING     18514    988/master           public/pickup
unix  2      [ ACC ]     STREAM     LISTENING     18518    988/master           public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     18521    988/master           public/qmgr
unix  2      [ ACC ]     STREAM     LISTENING     12104    1/systemd            /run/lvm/lvmpolld.socket
unix  2      [ ACC ]     STREAM     LISTENING     15692    529/VGAuthService    /var/run/vmware/guestServicePipe
unix  2      [ ACC ]     STREAM     LISTENING     12121    1/systemd            /run/lvm/lvmetad.socket
unix  2      [ ACC ]     STREAM     LISTENING     11881    1/systemd            /run/systemd/private
unix  2      [ ACC ]     SEQPACKET  LISTENING     12139    1/systemd            /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     14473    1/systemd            /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     18525    988/master           private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     18528    988/master           private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     18531    988/master           private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     18534    988/master           private/defer
unix  2      [ ACC ]     STREAM     LISTENING     18537    988/master           private/trace
unix  2      [ ACC ]     STREAM     LISTENING     18540    988/master           private/verify
unix  2      [ ACC ]     STREAM     LISTENING     18546    988/master           private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     18549    988/master           private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     18552    988/master           private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     18555    988/master           private/relay
unix  2      [ ACC ]     STREAM     LISTENING     18561    988/master           private/error
unix  2      [ ACC ]     STREAM     LISTENING     18564    988/master           private/retry
unix  2      [ ACC ]     STREAM     LISTENING     18567    988/master           private/discard
unix  2      [ ACC ]     STREAM     LISTENING     18570    988/master           private/local
unix  2      [ ACC ]     STREAM     LISTENING     18573    988/master           private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     18576    988/master           private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     18579    988/master           private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     18582    988/master           private/scache
unix  2      [ ACC ]     STREAM     LISTENING     7659     1/systemd            /run/systemd/journal/stdout
[root@shu-test ~]#

netstat -an

查看所有的連接狀態

netstat -lntp

只查看tcp的端口監聽(不包含socket)

[root@shu-test ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      887/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      988/master          
tcp6       0      0 :::22                   :::*                    LISTEN      887/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      988/master          
[root@shu-test ~]#

netstat -lnup

只查看udp的端口監聽(不包含socket)

[root@shu-test ~]# netstat -lnup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
udp        0      0 127.0.0.1:323           0.0.0.0:*                           559/chronyd         
udp6       0      0 ::1:323                 :::*                                559/chronyd         
[root@shu-test ~]#

統計命令

統計netstat下的所有狀態的數據;
netstat -an | awk ‘/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}‘

[root@shu-test ~]# netstat -an | awk ‘/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}‘
LISTEN      4
ESTABLISHED      1
[root@shu-test ~]#

Linux抓包工具

tcpdump工具

安裝包


yum install -y tcpdump

指定網卡抓包

格式:
tcpdump -nn -i 網卡名
tcpdump -nn -i ens33
指定抓取網卡名為ens33的包

18:15:44.680680 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110393004, win 11469, length 0
18:15:44.680691 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393004:110393184, ack 16121, win 294, length 180
18:15:44.680773 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393184:110393476, ack 16121, win 294, length 292
18:15:44.680862 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110393476, win 11351, length 0
18:15:44.680872 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393476:110393656, ack 16121, win 294, length 180
18:15:44.680953 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393656:110393948, ack 16121, win 294, length 292
18:15:44.681036 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110393948, win 11233, length 0
18:15:44.681046 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393948:110394128, ack 16121, win 294, length 180
18:15:44.681126 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110394128:110394420, ack 16121, win 294, length 292
18:15:44.681200 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110394420, win 11115, length 0
18:15:44.681210 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110394420:110394600, ack 16121, win 294, length 180
^C
672976 packets captured
672978 packets received by filter
0 packets dropped by kernel
[root@shu-test ~]#

其中主要看
192.168.188.1.63319 > 192.168.188.2.22
這一列,前面ip表示ip源與端口,後面ip表示目的ip與端口

指定端口

格式:
tcpdump -nn -i [網卡名] port [端口號]
tcpdump -nn -i ens33 port 22
指定抓取網卡名為ens33 端口號為22的包

19:09:40.694055 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10288736:10288916, ack 1405, win 294, length 180
19:09:40.694109 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10288916:10289096, ack 1405, win 294, length 180
19:09:40.694163 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10289096:10289276, ack 1405, win 294, length 180
19:09:40.694216 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10289276:10289456, ack 1405, win 294, length 180
19:09:40.694274 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10289456:10289572, ack 1405, win 294, length 116
19:09:40.694396 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 10289456, win 9284, length 0
^C
60636 packets captured
60637 packets received by filter
0 packets dropped by kernel
[root@shu-test ~]#

其他命令

tcpdump -nn -i [網卡名] not port [端口號] and host 192.168.0.100
抓取指定網卡名,端口號xx以外的所有端口號,主機名為192.168.0.100的包

指定抓包個數

-c [數值]:
tcpdump -nn -i ens33 -c 100
指定抓取100個包;

19:17:40.694337 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 15628:15904, ack 1, win 294, length 276
19:17:40.694447 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 15904:16084, ack 1, win 294, length 180
100 packets captured
100 packets received by filter
0 packets dropped by kernel
[root@shu-test ~]#

指定抓包個數保存到文件

-w [文件路徑]:
tcpdump -nn -i ens33 -c 10 -w ip.txt
指定抓取10個包保存到當前目錄的ip.txt文件;

[root@shu-test abc]# tcpdump -nn -i ens33 -c 10 -w ip.txt
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10 packets captured
10 packets received by filter
0 packets dropped by kernel
[root@shu-test abc]#

查看抓取的數據包文件內容

無法cat抓取的數據包文件,只能使用tcpdump命令查看;
格式:
tcpdump -r ip.txt

[root@shu-test abc]# tcpdump -r ip.txt
reading from file ip.txt, link-type EN10MB (Ethernet)
19:22:13.562207 IP shu-test.ssh > 192.168.188.1.63319: Flags [P.], seq 1557505249:1557505397, ack 547063394, win 294, length 148
19:22:13.562796 IP 192.168.188.1.63319 > shu-test.ssh: Flags [.], ack 148, win 16375, length 0
19:22:15.250771 IP6 fe80::1bc:2163:4c7e:5a43.62981 > ff02::1:3.hostmon: UDP, length 22
19:22:15.250816 IP 192.168.188.1.60303 > 224.0.0.252.hostmon: UDP, length 22
19:22:15.451154 IP 192.168.188.1.netbios-ns > 192.168.188.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:22:15.989543 IP shu-test.ssh > 192.168.188.1.63319: Flags [.], seq 148:3068, ack 1, win 294, length 2920
19:22:15.989682 IP shu-test.ssh > 192.168.188.1.63319: Flags [P.], seq 3068:3944, ack 1, win 294, length 876
19:22:15.990097 IP 192.168.188.1.63319 > shu-test.ssh: Flags [.], ack 3944, win 16425, length 0
19:22:15.990418 IP 192.168.188.1.63319 > shu-test.ssh: Flags [P.], seq 1:53, ack 3944, win 16425, length 52
19:22:16.030573 IP shu-test.ssh > 192.168.188.1.63319: Flags [.], ack 53, win 294, length 0
[root@shu-test abc]#

tshark 抓包工具

安裝包


yum install -y wireshark

查看當前http服務器訪問的ip以及所訪問的http鏈接


tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"

查看磁盤io、內存free、系統進程ps、網絡狀態netstat、Linux抓包tcpdump