1. 程式人生 > >懷疑服務器存在異常流量排查日記,使用ifconfig,nethogs等命令

懷疑服務器存在異常流量排查日記,使用ifconfig,nethogs等命令

ifconfignethog 流量異常

懷疑服務器存在異常流量排查日記
一、用ifconfig查看網卡流量
root@AP ~]# ifconfig
eth4 Link encap:Ethernet HWaddr 00:50:56:0A:A6:E9
inet addr:192.168.1.91 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fa70::220:58af:faba:6e8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21148074982 errors:0 dropped:0 overruns:0 frame:0
TX packets:21944211957 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7069850347226 (6.4 TiB) TX bytes:8936760647131 (8.1 TiB)

lo        Link encap:Local Loopback  
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:16436  Metric:1
      RX packets:13894306 errors:0 dropped:0 overruns:0 frame:0
      TX packets:13894306 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0 
      RX bytes:6506280062 (6.0 GiB)  TX bytes:6506280062 (6.0 GiB)

virbr0    Link encap:Ethernet  HWaddr 52:34:40:A1:04:BF  
      inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:26979 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0 
      RX bytes:0 (0.0 b)  TX bytes:1243664 (1.1 MiB)

二、nethogs進一步定位流量消耗的進程
1、下載RPM包:
http://rpm.pbone.net/index.php3/stat/4/idpl/40930296/dir/redhat_el_6/com/nethogs-0.8.5-1.el6.x86_64.rpm.html
選擇如下rpm:
nethogs-0.8.5-1.el6.x86_64.rpm

2、安裝
[root@AP yum.repos.d]# cd /tmp
[root@AP tmp]# rpm -ivh nethogs-0.8.5-1.el6.x86_64.rpm
warning: nethogs-0.8.5-1.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   1:nethogs                ########################################### [100%]
[root@AP tmp]# 

NetHogs使用
[root@AP tmp]# nethogs

NetHogs提供交互式控制指令:
m : Cycle between display modes (kb/s, kb, b, mb) 切換網速顯示單位
r : Sort by received. 按接收流量排序
s : Sort by sent. 按發送流量排序
q : Quit and return to the shell prompt. 退出NetHogs命令工具

技術分享圖片

三、找到進程ID後進一步查進程信息
[root@AP ~]# ps -fe|grep 29640
root 9660 9385 0 17:03 pts/4 00:00:00 grep 29640
root 29640 1 52 10:13 pts/3 03:36:56 /usr/java/jdk1.7.0_79/bin/java -server -XX:PermSize=256m -XX:MaxPermSize=512m -Djetty.state=/home/jetty-distribution-7.6.16.v20170903/jetty.state -Djetty.home=/home/jetty-distribution-7.6.16.v20170903 -Djava.io.tmpdir=/tmp -jar /home/jetty-distribution-7.6.16.v20170903/start.jar etc/jetty-logging.xml etc/jetty-started.xml
[root@AP ~]#

懷疑服務器存在異常流量排查日記,使用ifconfig,nethogs等命令