查看磁盤io、內存free、系統進程ps、網絡狀態netstat、Linux抓包tcpdump
iostat -x
查看磁盤使用(安裝包與sar的安裝包一起)
主要查看%util
[root@shu-test ~]# iostat -x Linux 3.10.0-693.el7.x86_64 (shu-test) 2018年01月23日 _x86_64_ (1 CPU) avg-cpu: %user %nice %system %iowait %steal %idle 0.13 0.00 0.44 0.15 0.00 99.28 Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util sda 0.00 0.12 7.63 2.61 110.65 11.27 23.83 0.01 0.97 0.89 1.18 0.37 0.38 sdb 0.00 0.00 0.10 0.00 2.28 0.00 45.16 0.00 0.35 0.35 0.00 0.35 0.00 scd0 0.00 0.00 0.02 0.00 1.11 0.00 114.22 0.00 2.39 2.39 0.00 2.17 0.00 [root@shu-test ~]#
iotop
當發現io很忙,可以使用iotop查詢是哪個進程使用io大;
安裝包
yum install -y iotop
查看磁盤io使用進程;
[root@shu-test ~]# iotop Total DISK READ : 0.00 B/s | Total DISK WRITE : 0.00 B/s Actual DISK READ: 0.00 B/s | Actual DISK WRITE: 0.00 B/s TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND 1 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % systemd --switched-root --system --deserialize 21 2 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kthreadd] 3 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksoftirqd/0] 5 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kworker/0:0H] 7 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [migration/0] 8 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [rcu_bh] 9 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [rcu_sched] 10 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [watchdog/0] 12 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kdevtmpfs] 13 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [netns] 14 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [khungtaskd] 15 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [writeback] 16 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kintegrityd] 17 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [bioset] 18 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kblockd] 19 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [md] 533 be/4 dbus 0.00 B/s 0.00 B/s 0.00 % 0.00 % dbus-daemon --system --addr~idfile --systemd-activation 25 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kswapd0] 26 be/5 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksmd] 27 be/7 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [khugepaged] 28 be/0 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [crypto]
free命令
查看內存使用情況
[root@shu-test ~]# free
total used free shared buff/cache available
Mem: 1008152 122192 636236 6864 249724 711676
Swap: 2097148 0 2097148
[root@shu-test ~]#
Mem:內存使用情況
Swap:交換分區使用情況
total:總大小;
used:使用中;
shared:共享中的;
buff/cache:緩存;
available:可獲得的;
公式:
total=used+free+cache
avaliable包含free和buffer/cache剩余部分
用單位表示數據顯示;
free -h
[root@shu-test ~]# free -h
total used free shared buff/cache available
Mem: 984M 119M 621M 6.7M 243M 695M
Swap: 2.0G 0B 2.0G
[root@shu-test ~]#
ps命令
查看系統進程(特重要)
ps aux
將系統是由進程靜態的列出(top為動態)
[root@shu-test ~]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.6 128164 6820 ? Ss 16:10 0:01 /usr/lib/systemd/systemd --switched-root --system
root 2 0.0 0.0 0 0 ? S 16:10 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 16:10 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 16:10 0:00 [kworker/0:0H]
root 7 0.0 0.0 0 0 ? S 16:10 0:00 [migration/0]
root 8 0.0 0.0 0 0 ? S 16:10 0:00 [rcu_bh]
root 9 0.0 0.0 0 0 ? R 16:10 0:00 [rcu_sched]
root 10 0.0 0.0 0 0 ? S 16:10 0:00 [watchdog/0]
root 12 0.0 0.0 0 0 ? S 16:10 0:00 [kdevtmpfs]
root 13 0.0 0.0 0 0 ? S< 16:10 0:00 [netns]
root 14 0.0 0.0 0 0 ? S 16:10 0:00 [khungtaskd]
root 15 0.0 0.0 0 0 ? S< 16:10 0:00 [writeback]
root 16 0.0 0.0 0 0 ? S< 16:10 0:00 [kintegrityd]
root 17 0.0 0.0 0 0 ? S< 16:10 0:00 [bioset]
root 18 0.0 0.0 0 0 ? S< 16:10 0:00 [kblockd]
root 19 0.0 0.0 0 0 ? S< 16:10 0:00 [md]
root 25 0.0 0.0 0 0 ? S 16:10 0:00 [kswapd0]
root 26 0.0 0.0 0 0 ? SN 16:10 0:00 [ksmd]
root 27 0.0 0.0 0 0 ? SN 16:10 0:00 [khugepaged]
root 28 0.0 0.0 0 0 ? S< 16:10 0:00 [crypto]
root 36 0.0 0.0 0 0 ? S< 16:10 0:00 [kthrotld]
root 37 0.0 0.0 0 0 ? S 16:10 0:00 [kworker/u128:1]
root 38 0.0 0.0 0 0 ? S< 16:10 0:00 [kmpath_rdacd]
root 39 0.0 0.0 0 0 ? S< 16:10 0:00 [kpsmoused]
root 41 0.0 0.0 0 0 ? S< 16:10 0:00 [ipv6_addrconf]
root 60 0.0 0.0 0 0 ? S< 16:10 0:00 [deferwq]
root 92 0.0 0.0 0 0 ? S 16:10 0:00 [kauditd]
root 229 0.0 0.0 0 0 ? S< 16:10 0:00 [mpt_poll_0]
root 231 0.0 0.0 0 0 ? S< 16:10 0:00 [mpt/0]
root 233 0.0 0.0 0 0 ? S< 16:10 0:00 [ata_sff]
root 241 0.0 0.0 0 0 ? S 16:10 0:00 [scsi_eh_0]
root 242 0.0 0.0 0 0 ? S< 16:10 0:00 [scsi_tmf_0]
root 243 0.0 0.0 0 0 ? S 16:10 0:00 [scsi_eh_1]
root 246 0.0 0.0 0 0 ? S< 16:10 0:00 [scsi_tmf_1]
root 249 0.0 0.0 0 0 ? S 16:10 0:00 [scsi_eh_2]
root 251 0.0 0.0 0 0 ? S< 16:10 0:00 [scsi_tmf_2]
root 252 0.0 0.0 0 0 ? S 16:10 0:00 [kworker/u128:2]
root 255 0.0 0.0 0 0 ? S< 16:10 0:00 [ttm_swap]
root 276 0.0 0.0 0 0 ? S< 16:10 0:00 [bioset]
root 277 0.0 0.0 0 0 ? S< 16:10 0:00 [xfsalloc]
root 278 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs_mru_cache]
root 279 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-buf/sda3]
root 280 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-data/sda3]
root 281 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-conv/sda3]
root 282 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-cil/sda3]
root 283 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-reclaim/sda]
root 284 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-log/sda3]
root 285 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-eofblocks/s]
root 286 0.0 0.0 0 0 ? S 16:10 0:00 [xfsaild/sda3]
root 353 0.0 0.2 34940 2788 ? Ss 16:10 0:00 /usr/lib/systemd/systemd-journald
root 372 0.0 0.4 121356 4084 ? Ss 16:10 0:00 /usr/sbin/lvmetad -f
root 374 0.0 0.5 47696 5736 ? Ss 16:10 0:00 /usr/lib/systemd/systemd-udevd
root 417 0.0 0.0 0 0 ? S< 16:10 0:00 [kworker/0:1H]
root 439 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-buf/sda1]
root 441 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-data/sda1]
root 442 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-conv/sda1]
root 444 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-cil/sda1]
root 446 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-reclaim/sda]
root 448 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-log/sda1]
root 450 0.0 0.0 0 0 ? S< 16:10 0:00 [xfs-eofblocks/s]
root 452 0.0 0.0 0 0 ? S 16:10 0:00 [xfsaild/sda1]
root 500 0.0 0.0 55452 900 ? S<sl 16:10 0:00 /sbin/auditd
root 524 0.0 0.1 24204 1668 ? Ss 16:10 0:00 /usr/lib/systemd/systemd-logind
polkitd 527 0.0 1.3 534888 13884 ? Ssl 16:10 0:00 /usr/lib/polkit-1/polkitd --no-debug
root 529 0.0 0.6 99608 6100 ? Ss 16:10 0:00 /usr/bin/VGAuthService -s
root 531 0.0 0.4 214500 4720 ? Ssl 16:10 0:00 /usr/sbin/rsyslogd -n
dbus 533 0.0 0.1 32776 1860 ? Ssl 16:10 0:00 /bin/dbus-daemon --system --address=systemd: --nof
root 549 0.1 0.6 305368 6324 ? Ssl 16:10 0:04 /usr/bin/vmtoolsd
root 554 0.0 0.1 126236 1676 ? Ss 16:10 0:00 /usr/sbin/crond -n
root 556 0.0 0.0 110044 828 tty1 Ss+ 16:10 0:00 /sbin/agetty --noclear tty1 linux
chrony 559 0.0 0.1 115640 1780 ? S 16:10 0:00 /usr/sbin/chronyd
root 569 0.0 2.8 334236 28996 ? Ssl 16:10 0:00 /usr/bin/python -Es /usr/sbin/firewalld --nofork -
root 584 0.0 0.8 472132 9016 ? Ssl 16:10 0:00 /usr/sbin/NetworkManager --no-daemon
root 886 0.0 1.8 562392 18644 ? Ssl 16:10 0:00 /usr/bin/python -Es /usr/sbin/tuned -l -P
root 887 0.0 0.4 105996 4072 ? Ss 16:10 0:00 /usr/sbin/sshd -D
root 988 0.0 0.2 89544 2092 ? Ss 16:10 0:00 /usr/libexec/postfix/master -w
postfix 989 0.0 0.3 89648 4004 ? S 16:10 0:00 pickup -l -t unix -u
postfix 990 0.0 0.3 89716 4024 ? S 16:10 0:00 qmgr -l -t unix -u
root 998 0.0 0.5 145700 5212 ? Ss 16:10 0:00 sshd: root@pts/0
root 1001 0.0 0.2 116156 2984 pts/0 Ss 16:10 0:00 -bash
root 1071 0.0 0.0 0 0 ? R 16:41 0:01 [kworker/0:0]
root 1100 0.0 0.0 123208 780 ? Ss 17:01 0:00 /usr/sbin/anacron -s
root 1103 0.0 0.0 0 0 ? S 17:01 0:00 [kworker/0:2]
root 1104 0.0 0.0 0 0 ? S 17:06 0:00 [kworker/0:1]
root 1111 0.0 0.0 0 0 ? S 17:11 0:00 [kworker/0:3]
root 1123 0.0 0.1 151064 1820 pts/0 R+ 17:14 0:00 ps aux
[root@shu-test ~]#
USER:所屬用戶;
PID:進程的標簽,配合kill殺死進程;
STAT部分詳解:
D:不能中斷的進程;
R:run狀態的進程;
S:sleep狀態的進程;
T:暫停的進程;
Z:僵屍進程;
<:高優先級進程;
N:低優先級進程;
L:內存中被鎖了的內存分頁;
s:主進程;
l:多線程進程;
+:前臺進程;
查詢進程
ps aux | grep 進程名
查詢當前進程是否存在或運行;
[root@shu-test ~]# ps aux | grep nginx
root 1141 0.0 0.0 112676 984 pts/0 S+ 17:30 0:00 grep --color=auto nginx
[root@shu-test ~]#
netstat
查看網絡狀態
netstat -lnp
查看監聽的端口
[root@shu-test ~]# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 887/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 988/master
tcp6 0 0 :::22 :::* LISTEN 887/sshd
tcp6 0 0 ::1:25 :::* LISTEN 988/master
udp 0 0 127.0.0.1:323 0.0.0.0:* 559/chronyd
udp6 0 0 ::1:323 :::* 559/chronyd
raw6 0 0 :::58 :::* 7 584/NetworkManager
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 18543 988/master public/flush
unix 2 [ ACC ] STREAM LISTENING 18558 988/master public/showq
unix 2 [ ACC ] STREAM LISTENING 18514 988/master public/pickup
unix 2 [ ACC ] STREAM LISTENING 18518 988/master public/cleanup
unix 2 [ ACC ] STREAM LISTENING 18521 988/master public/qmgr
unix 2 [ ACC ] STREAM LISTENING 12104 1/systemd /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 15692 529/VGAuthService /var/run/vmware/guestServicePipe
unix 2 [ ACC ] STREAM LISTENING 12121 1/systemd /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 11881 1/systemd /run/systemd/private
unix 2 [ ACC ] SEQPACKET LISTENING 12139 1/systemd /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 14473 1/systemd /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 18525 988/master private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 18528 988/master private/rewrite
unix 2 [ ACC ] STREAM LISTENING 18531 988/master private/bounce
unix 2 [ ACC ] STREAM LISTENING 18534 988/master private/defer
unix 2 [ ACC ] STREAM LISTENING 18537 988/master private/trace
unix 2 [ ACC ] STREAM LISTENING 18540 988/master private/verify
unix 2 [ ACC ] STREAM LISTENING 18546 988/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 18549 988/master private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 18552 988/master private/smtp
unix 2 [ ACC ] STREAM LISTENING 18555 988/master private/relay
unix 2 [ ACC ] STREAM LISTENING 18561 988/master private/error
unix 2 [ ACC ] STREAM LISTENING 18564 988/master private/retry
unix 2 [ ACC ] STREAM LISTENING 18567 988/master private/discard
unix 2 [ ACC ] STREAM LISTENING 18570 988/master private/local
unix 2 [ ACC ] STREAM LISTENING 18573 988/master private/virtual
unix 2 [ ACC ] STREAM LISTENING 18576 988/master private/lmtp
unix 2 [ ACC ] STREAM LISTENING 18579 988/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 18582 988/master private/scache
unix 2 [ ACC ] STREAM LISTENING 7659 1/systemd /run/systemd/journal/stdout
[root@shu-test ~]#
netstat -an
查看所有的連接狀態
netstat -lntp
只查看tcp的端口監聽(不包含socket)
[root@shu-test ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 887/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 988/master
tcp6 0 0 :::22 :::* LISTEN 887/sshd
tcp6 0 0 ::1:25 :::* LISTEN 988/master
[root@shu-test ~]#
netstat -lnup
只查看udp的端口監聽(不包含socket)
[root@shu-test ~]# netstat -lnup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 127.0.0.1:323 0.0.0.0:* 559/chronyd
udp6 0 0 ::1:323 :::* 559/chronyd
[root@shu-test ~]#
統計命令
統計netstat下的所有狀態的數據;
netstat -an | awk ‘/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}‘
[root@shu-test ~]# netstat -an | awk ‘/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}‘
LISTEN 4
ESTABLISHED 1
[root@shu-test ~]#
Linux抓包工具
tcpdump工具
安裝包
yum install -y tcpdump
指定網卡抓包
格式:
tcpdump -nn -i 網卡名
tcpdump -nn -i ens33
指定抓取網卡名為ens33的包
18:15:44.680680 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110393004, win 11469, length 0
18:15:44.680691 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393004:110393184, ack 16121, win 294, length 180
18:15:44.680773 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393184:110393476, ack 16121, win 294, length 292
18:15:44.680862 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110393476, win 11351, length 0
18:15:44.680872 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393476:110393656, ack 16121, win 294, length 180
18:15:44.680953 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393656:110393948, ack 16121, win 294, length 292
18:15:44.681036 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110393948, win 11233, length 0
18:15:44.681046 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110393948:110394128, ack 16121, win 294, length 180
18:15:44.681126 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110394128:110394420, ack 16121, win 294, length 292
18:15:44.681200 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 110394420, win 11115, length 0
18:15:44.681210 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 110394420:110394600, ack 16121, win 294, length 180
^C
672976 packets captured
672978 packets received by filter
0 packets dropped by kernel
[root@shu-test ~]#
其中主要看
192.168.188.1.63319 > 192.168.188.2.22
這一列,前面ip表示ip源與端口,後面ip表示目的ip與端口
指定端口
格式:
tcpdump -nn -i [網卡名] port [端口號]
tcpdump -nn -i ens33 port 22
指定抓取網卡名為ens33 端口號為22的包
19:09:40.694055 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10288736:10288916, ack 1405, win 294, length 180
19:09:40.694109 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10288916:10289096, ack 1405, win 294, length 180
19:09:40.694163 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10289096:10289276, ack 1405, win 294, length 180
19:09:40.694216 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10289276:10289456, ack 1405, win 294, length 180
19:09:40.694274 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 10289456:10289572, ack 1405, win 294, length 116
19:09:40.694396 IP 192.168.188.1.63319 > 192.168.188.2.22: Flags [.], ack 10289456, win 9284, length 0
^C
60636 packets captured
60637 packets received by filter
0 packets dropped by kernel
[root@shu-test ~]#
其他命令
tcpdump -nn -i [網卡名] not port [端口號] and host 192.168.0.100
抓取指定網卡名,端口號xx以外的所有端口號,主機名為192.168.0.100的包
指定抓包個數
-c [數值]:
tcpdump -nn -i ens33 -c 100
指定抓取100個包;
19:17:40.694337 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 15628:15904, ack 1, win 294, length 276
19:17:40.694447 IP 192.168.188.2.22 > 192.168.188.1.63319: Flags [P.], seq 15904:16084, ack 1, win 294, length 180
100 packets captured
100 packets received by filter
0 packets dropped by kernel
[root@shu-test ~]#
指定抓包個數保存到文件
-w [文件路徑]:
tcpdump -nn -i ens33 -c 10 -w ip.txt
指定抓取10個包保存到當前目錄的ip.txt文件;
[root@shu-test abc]# tcpdump -nn -i ens33 -c 10 -w ip.txt
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10 packets captured
10 packets received by filter
0 packets dropped by kernel
[root@shu-test abc]#
查看抓取的數據包文件內容
無法cat抓取的數據包文件,只能使用tcpdump命令查看;
格式:
tcpdump -r ip.txt
[root@shu-test abc]# tcpdump -r ip.txt
reading from file ip.txt, link-type EN10MB (Ethernet)
19:22:13.562207 IP shu-test.ssh > 192.168.188.1.63319: Flags [P.], seq 1557505249:1557505397, ack 547063394, win 294, length 148
19:22:13.562796 IP 192.168.188.1.63319 > shu-test.ssh: Flags [.], ack 148, win 16375, length 0
19:22:15.250771 IP6 fe80::1bc:2163:4c7e:5a43.62981 > ff02::1:3.hostmon: UDP, length 22
19:22:15.250816 IP 192.168.188.1.60303 > 224.0.0.252.hostmon: UDP, length 22
19:22:15.451154 IP 192.168.188.1.netbios-ns > 192.168.188.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:22:15.989543 IP shu-test.ssh > 192.168.188.1.63319: Flags [.], seq 148:3068, ack 1, win 294, length 2920
19:22:15.989682 IP shu-test.ssh > 192.168.188.1.63319: Flags [P.], seq 3068:3944, ack 1, win 294, length 876
19:22:15.990097 IP 192.168.188.1.63319 > shu-test.ssh: Flags [.], ack 3944, win 16425, length 0
19:22:15.990418 IP 192.168.188.1.63319 > shu-test.ssh: Flags [P.], seq 1:53, ack 3944, win 16425, length 52
19:22:16.030573 IP shu-test.ssh > 192.168.188.1.63319: Flags [.], ack 53, win 294, length 0
[root@shu-test abc]#
tshark 抓包工具
安裝包
yum install -y wireshark
查看當前http服務器訪問的ip以及所訪問的http鏈接
tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"
查看磁盤io、內存free、系統進程ps、網絡狀態netstat、Linux抓包tcpdump