seven weeks two sessions (May 7)
10.6 Monitoring IO Performance
10.7 Free Command
10.8 PS Command
10.9 Viewing network status
10.10 Linux under Grab Bag
Extended TCP three-time handshake four times wave http://www.doc88.com/p-9913773324388.html
Tshark several usages: http://www.aminglinux.com/bbs/thread-995-1-1.html
Monitoring IO Performance
iostat-x disk use and SAR in the same package, install Sysstat when the time is installed
The main is to look at the-X option after the%util represents the IO wait, how much time disk usage is a time consuming CPU, because the CPU has allocated to memory, the application also has to wait to write to disk operations.
iotop requires the installation of the direct Yum install Iotop to see the immediate process for IO usage
Free
Commands to view memory usage directly
Free-m View Unit is M
Free-h View more humane
Total is how much memory all = used + Free+buff/cache
How much memory is used by the used
Free is the remaining memory but used plus free is not total, why? Because the Linux system pre-allocates portions to the buff and cache. The system is reserved because the data transfer process is required.
Shared
Buff/cache buffer/Cache The former is the data from the CPU to the disk the latter is the memory from the disk to the CPU
The unused part of available Free+buff/cache is available, which is the real remaining physical memory----the value of available is most important when viewing free
What is buffer and cache?
There is a certain flow of data, there are two ways, one is to take out the data to the CPU and analysis, the middle is to go through a memory, the purpose is to let the data have a mitigation, because the CPU and disk speed difference is relatively large. Cache the data in memory and use it to get it from memory (cache). In turn, calculate the CPU's data,
Need to be stored back into the disk, this process directly written in too slow, so need memory (buff) to temporarily store data, and then stored to disk.
0101010 (disk)---> Memory (Cache)--CPU
cpu01010010---> Memory (buffer)--disk
PS command
PS aux list all processes in the system
Static one-time use of the current process to list the status.
You can use the pipe character with grep to see if a process exists
Ps-elf and Aux almost
Show:
User users
PID process ID Usually this PID is used to kill the time to use kill PID can be killed process////There is the system is black, see a strange process, want to see the location of this process, find the PID and then enter the/proc/ PID can be entered into the process directory for viewing.
%cpu% of CPU
%MEM% of memory
VSZ RSS virtual Memory physical memory
TTY Console Login
STAT needs attention
Stat is the state of the process, in the following ways:
D---a process that cannot be interrupted. Interruptions can have an impact on the program. This will directly affect the system load, because the system load will be directly related to this.
R---The run state of the process. Refers to a time period in which the CPU is used
S---sleep state. After you run sleep, and then activate the run
T--Paused process
s sleep process (uppercase s)
Vmstat pause after FG continues, and then use another terminal to view the status of S+, because the Vmstat occupies a very short CPU time, so is a magnified sleep state, is to appear to be running, actually sleep, run, sleep running state, The CPU resources are also very low. + indicates foreground process
Since you can see the background run, + No, and R also appears. S and R alternately appear.
Z Zombie Process
< high-priority process CPU prioritizes resources for it to use
N low-priority process.
Memory is locked in memory paging process
S master Process
L Multithreading Process
The biggest difference is:
1 processes contain threads, threads are sub-units of processes
2 All threads under the same process share the same memory, and the memory between processes is isolated from each other.
View network Status
Netstat is the command to view TCP/IP communication status
For example, the installation of a database service, server services, and so on, you need to listen to the port, so-called listening port is the different applications through which port to communicate. Open a port other devices can connect and communicate data over the port. such as the Web port, the sshd port, remote connection
Netstat-lnp
NETSTAT-LTNP only View TCP-LUNP View only UDP-LTUNP view TCP UDP
L---Listen
Explain:
TCP is IPV
TCP6 is IPv6.
The protocol concept for TCP UDP needs to be understood. Three handshakes, four waves
A socket is a file that communicates between two processes on the same server.
Look at what socket files are available.
After you deploy some services later, you need to use PS to view the process, or use Netstat to view the ports.
NETSTAT-NN View the TCP/IP status.
There is a netstat pipeline with the command shown in awk that shows the status of the current listening, establishing, etc.
Netstat-an |awk '/^tcp/{++sta[$NF]} END {(key in STA) print key, "\ T", Sta[key]} '
Attention need to pay attention to established
If this value is large, it means that the system is busy and the site is connected--that is, how many clients are connecting to the server at the same time.
This number is the number of concurrent connections. That is, the state of communication is being maintained, and it consumes resources directly. Usually within 1000 of the words are normal, if the number is too large is not normal.
Ss-an and Netstat are alike.
You can then use awk to filter the information. For example, to view services in the listener,-I ignores case. The disadvantage is that the name of the process is not displayed.
Linux under Grab Bag
Grab Bag Tool tcpdump
See which packages are coming in. And the flow of data, length. The default is TCP packets, if you find a lot of UDP packets are likely to attack. Eg DDos UDP flood. Access to professional anti-attack devices or services only.
TCPDUMP-NN NIC Name
-nn the first n means that the IP is displayed as a number without displaying the hostname.
Time source IP and port > Destination IP and port: Packet information
Tcpdump-nn NIC Port 80 Specify port
Tcpdump-nn NIC not port and host 192.168.0.100 exclude Port 22, as long as the 192.168.0.100 package
Tcpdump-nn-c 10-w 1.cap Packet writes 10 records to a 1.cap file
It is not possible to cat because it contains real data information, because it catches the data through the network card. If you want to see it, you can use Tcpdump-r to view it.
Wireshark is also the command to grab the bag yum install Wireshark
The following command can be used to view Web Access for 80 ports of a specified NIC. But without a Web service, you won't be able to perform this action.
Tshark-n-T a-r http.request-t fields-e "Frame.time"-E "ip.src"-E "http.host"-E "Http.request.method"-E "http.requ Est.uri "
Look at the teacher on-line server display, very good, what IP access to what page can be seen, this can be used to count user access.
Tshark-n-t a-rhttp.request- t Fields-e "Frame.time"-E"ip.src"-E"Http.host"-E"Http.request.method"-E"Http.request.uri"
20170507Linux seven weeks two lessons IO monitor free PS network status grab