seven weeks two sessions (March 20)
10.6 Monitoring IO Performance
10.7 Free Command
10.8 PS Command
10.9 Viewing network status
10.10 Linux under Grab bag
Extended TCP three-time handshake four times wave http://www.doc88.com/p-9913773324388.html
Tshark several usages: http://www.aminglinux.com/bbs/thread-995-1-1.html
10.6 Monitoring IO Performance
Two commands for the status of a disk
Iostat-x disk usage
Iotop Disk usage
In our operations, disk IO is also an important indicator in addition to looking at memory CPU performance.
Sometimes, memory and CPU clearly have surplus, but the system load is very high, with Vmstat view status, you will find B and WA larger, this indicates that the system disk has bottlenecks. So, to see the status of the disk in more detail.
Monitor system Status
The Iostat command was installed when the Sysstat was installed.
Usage can be #iostat or #iostat 1
Usage is similar to Vmstat.
[Email protected] sed]# Iostat
Linux 3.10.0-693.el7.x86_64 (centos7.4-01) March 20, 2018 _x86_64_(1 CPU)
AVG-CPU:%user%nice%system%iowait%steal%idle
0.06 0.00 0.16 0.08 0.00 99.69
Device:tps kb_read/s kb_wrtn/s Kb_read Kb_wrtn
SDA 0.68 8.63 1.40 107340 17392
SDB 0.02 0.29 0.00 3612 0
dm-0 0.00 0.08 0.00 1036 0
Here you can see the SDA SDB two hard disk and read, write speed This command looks not very rich,
Because these #sar-b can be seen.
[Email protected] sed]# Sar-b
Linux 3.10.0-693.el7.x86_64 (centos7.4-01) March 20, 2018 _x86_64_(1 CPU)
11:25 06 sec LINUX RESTART
11:30 02 Sec. TPs Rtps Wtps bread/s bwrtn/s
11:40 01 sec 0.07 0.00 0.07 0.00 1.27
11:50 01 sec 0.30 0.14 0.16 3.84 3.76
12:00 01 sec 0.07 0.01 0.06 0.78 0.68
12:10 01 sec 0.11 0.02 0.09 0.31 1.14
12:20 01 sec 0.88 0.41 0.47 11.15 11.03
12:30 01 sec 0.04 0.00 0.04 0.00 0.55
12:40 01 sec 0.05 0.00 0.05 0.00 0.53
[Email protected] sed]# iostat-x
Linux 3.10.0-693.el7.x86_64 (centos7.4-01) March 20, 2018 _x86_64_(1 CPU)
AVG-CPU:%user%nice%system%iowait%steal%idle
0.06 0.00 0.15 0.07 0.00 99.72
device:rrqm/s wrqm/s r/s w/s rkb/s wkb/s avgrq-sz avgqu-sz await r_await w_await SVCTM%util
SDA 0.00 0.01 0.36 0.23 7.32 1.23 29.14 0.01 15.13 5.89 29.42 2.64 0.15
SDB 0.00 0.00 0.02 0.00 0.25 0.00 29.25 0.00 1.53 1.53 0.00 0.93 0.00
Dm-0 0.00 0.00 0.00 0.00 0.07 0.00 48.19 0.00 3.53 3.53 0.00 1.47 0.00
Focus Point
%util This column represents an IO wait
Disk usage, how much time it takes to CPU, a portion of the CPU that is processed by the process, calculated. There is also a part of waiting for IO, waiting for disk to read and write.
How much of this waiting time is%util
If this wait time is bigger, the reading and writing follow the big. Prove that the disk read and write in a busy state, if the reading and writing is not big, just%util large indicates that the hard disk may have problems, faulty. If the hard drive is very slow, it will certainly affect performance, even if the CPU is very strong, the operation is fast, hard disk can not keep up, there will be a big bottleneck.
such as the discovery of disk IO is very busy, very frequent, you can use #iotop (first run requires installation)
It is similar to top and is also dynamic display, sorting.
[Email protected] sed]# Iotop
10.7 Free Command
The free command can view the total memory size and usage of the current system.
The free command for the CentOS 7 system shows a more concise result than CentOS 6, but the general content is consistent.
[[email protected] ~]# free
Total used free shared buff/cache available
mem:1008152 126864 605284 6880 276004 702136
swap:2097148 0 2097148
Three lines, the first line is the description, the second row of memory usage, the third row swap swap partition usage. The second line of memory is what you need to focus on.
Add-m so that its output unit is m,
[Email protected] ~]# free-m
Total used free shared buff/cache available
mem:984 123 591 6 269 685
swap:2047 0 2047
-H Displays the current appropriate units * commonly used
[Email protected] ~]# free-h
Total used free shared buff/cache available
mem:984m 123M 591M 6.7M 269M 685M
swap:2.0g 0B 2.0G
The Linux system will allocate a portion of memory to the Buff/cache
How to distinguish between buffer and cache
000 is the data
000 (disk)--memory (cache)-->CPU
When the CPU is calculated, it needs to read the data out of the disk and put it into memory temporarily, this memory is the cache.
CPU---memory (buffer)---disk
The data is CPU-bound and is about to be written to disk, with the memory buffer.
Because the speed of data conversion between disk and CPU is somewhat different, it is necessary to alleviate this speed conversion through memory.
Total=used+free+buff/cache
Avaiable: How much memory the system can use.
The avaiable contains the remainder of free and buffer/cache. (Available is the focus point)
Total and available are different.
10.8 PS Command
The PS command is a specialized display of the system process, which is a snapshot of the current process. Equivalent to the Task Manager for Windows.
#ps aux lists all the processes in the system
View System A process uses grep to filter
Format # PS aux |grep process name
[[Email protected] ~]# PS aux |grep nginx
Root 1831 0.0 0.0 112676 984 pts/0 r+ 17:45 0:00 grep--color=auto nginx
[Email protected] ~]# ps-elf This usage is similar to #ps aux. All processes are displayed
The PID represents the ID of the process.
#kill PID can kill the related process the usage format is #kill 1346.
Each process has a directory/proc/505 (PID)/
Focus Point
STAT Status
D A process that cannot be interrupted, usually IO. This state directly affects the load on the system.
RRun state of the process, some time period in the use of CPU.
Theprocess of the S sleep state.
T has stopped or paused the process. If we run a command, such as Vmstat 1, when we press CTRL + Z to pause the process, the PS command displays the T state.
Test
[[email protected] ~]# vmstat run #vmstat command
procs-----------Memory-------------Swap-------io-----system--------CPU-----
R b swpd free buff cache si so bi bo in CS us sy ID WA St
3 0 0 604728 2076 274284 0 0 8 2 48 54 0 0 100 0 0
[Email protected] ~]# Vmstat 1
procs-----------Memory-------------Swap-------io-----system--------CPU-----
R b swpd free buff cache si so bi bo in CS us sy ID WA St
2 0 0 604868 2076 274316 0 0 8 2 48 54 0 0 100 0 0
0 0 0 604852 2076 274316 0 0 0 0 45 41 0 0 100 0 0
0 0 0 604852 2076 274316 0 0 0 0 63 53 1 0 99 0 0
^z
[1]+ has stopped Vmstat 1
[[Email protected] ~]# PS aux |grep vmstat show T status
Root 1878 0.0 0.1 148316 1356 pts/0 T 18:09 0:00 vmstat 1
Root 1884 0.0 0.0 112676 980 pts/0 s+ 18:09 0:00 grep--color=auto vmstat
[[email protected] ~]# FG back to front desk
Vmstat 1
2 0 0 604224 2076 274452 0 0 124 149 23199 21059 0 0 100 0 0
0 0 0 604224 2076 274452 0 0 0 0 47 43 0 0 100 0 0
[[Email protected] ~]# PS aux |grep vmstat at this time Vmstat is already in s+ state, s+ status indicates sleep and is in the foreground. + indicates the foreground.
Root 1878 0.0 0.1 148316 1356 pts/0 s+ 18:09 0:00 vmstat 1
Root 1917 0.0 0.0 112676 980 PTS/1 r+ 18:18 0:00 grep--color=auto vmstat
Z Zombie process.
<: High-priority process. CPU resources are prioritized for use by this process.
N: Low-priority process.
L: Memory paging is locked in memory.
S: The main process, the back nginx or the PHP-FPM service will often have its shadow.
L: multithreaded process, meaning that this process has multiple threads.
The biggest differences between threads and processes are:
1 processes contain threads, threads are sub-units of processes, and a process has multiple threads.
2 All threads under the same process share the same memory (the threads are shared with each other between threads), and the memory between processes is isolated from each other.
+: foreground process.
Start time
Time to start
command, and top command is the same.
10.9 Viewing network status
This section learns the netstat command, which is used to view network status.
Linux server has a lot of services, service often with the client to communicate with each other, it means that it should have a listening port, there is a port for external communication. Netstat is a state that looks at TCP/IP traffic.
Install a service to the system, install an nginx, and provide a Web service .... With these services, you need to listen to a port for these services. Under normal circumstances, a machine, it is not any port monitoring, if there is no port, there is no way to listen.
* Learn what the socket file does.
[[email protected] ~]# NETSTAT-LNP listening port to print which ports the current system launches.
[[email protected] ~]# Netstat-an View TCP/IP status
View TCP UDP Status
[Email protected] ~]# NETSTAT-LTUNP
Active Internet connections (only servers)
Proto recv-q send-q Local address Foreign address State Pid/program Name
TCP 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 949/sshd
TCP 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1055/master
TCP6 0 0::: $:::* LISTEN 949/sshd
TCP6 0 0:: 1:25:::* LISTEN 1055/master
UDP 0 0 127.0.0.1:323 0.0.0.0:* 577/chronyd
UDP6 0 0:: 1:323:::* 577/chronyd
[[email protected] ~]# Netstat-an |awk '/^tcp/{++sta[$NF]} END {for (key in STA) print key, "\ T", Sta[key]} '
LISTEN 4
Established 1
Focus on established, if this number is large, it means the system is busy.
#ss-an can also view the TCP/IP status
View Listen status
#ss-an |grep-i Listen
PPT in *centos7.aminglinux.com
* Learn what the socket file does. Three-time handshake process.
10.10 Linux under Grab Bag
Introduced
Grab Bag Tool
Sometimes you might want to look at what packets are on a network card, especially if you have a traffic attack on your initial binding server and use the grab kit to get the packets to know which IPs are attacking.
#tcpdump-nn-i network card name (network card name can be viewed in ifconfig)
[[email protected] ~]# tcpdump-nn-i ens33 Source address IP address display
About data information:
The first column is the time, the second column is the IP, the source IP, the port > Where to go to the destination IP destination IP Port flage start packet information.
The primary concern is the source IP and the source port.
-nn the first n IP is displayed numerically, and if not added, the hostname is displayed. General use-nn
[[email protected] ~]# tcpdump-n-i ens33 Source Address host name display
The SSH you see is Port 22, and if you do not know that SSH represents 22 ports, such as other names that do not know the specified port, then it is easy to see the details.
Information one by one pairs should come back with
* Learn about DDoS attacks, UDP flood UDP flood attacks.
Specify port
[Email protected] ~]# tcpdump-nn-i ens33 Port 22
Exclude port Usage
[[email protected] ~]# tcpdump-nn-i ens33 not Port 22
Specify the port, specify the host IP
[Email protected] ~]# tcpdump-nn-i ens33 Port and host 192.168.189.128
Packet specified length, specified number, stored on a file
For example, specify a length of 100.
[Email protected] ~]# tcpdump-nn-i ens33-c 100-w/tmp/1.cap
In the process of grasping the package, it is relatively slow, similar to the suspended state. At this point, you can open a new terminal.
If the terminal does not generate some data flow, then it will not produce so many packets.
For example, when using tcpdump to view the packet, it is actually in the traffic generated data flow, so there is a packet generation, this is an internal loop.
If this terminal does not produce any data and does not produce any information, then it does not have any packets. The data packet is generated, and the screen (the paused interface) naturally has the data. So open a new terminal and use the new terminal to generate the packet so you can continue to grab the packet.
Grab the package Success tips,
Data Packet 1.cap
Use #file to view properties, not cat view, because this is the information that the network card captures, in fact it is a real communication packet information, rather than text format.
Read data stream (the data inside the packet is called the data stream), need to use #tcpdump-r/tmp/1.cap
[Email protected] ~]# File/tmp/1.cap
/tmp/1.cap:tcpdump capture File (Little-endian)-version 2.4 (Ethernet, capture length 262144)
#wireshark Tools
10.6-10.10 Monitoring IO Performance free Command PS Command View Network Linux under Grab Bag