20170507Linux seven weeks two lessons IO monitor free PS network status grab

Source: Internet
Author: User
Tags disk usage

seven weeks two sessions (May 7)

10.6 Monitoring IO Performance
10.7 Free Command
10.8 PS Command
10.9 Viewing network status
10.10 Linux under Grab Bag
Extended TCP three-time handshake four times wave http://www.doc88.com/p-9913773324388.html
Tshark several usages: http://www.aminglinux.com/bbs/thread-995-1-1.html



Monitoring IO Performance


iostat-x disk use and SAR in the same package, install Sysstat when the time is installed

The main is to look at the-X option after the%util represents the IO wait, how much time disk usage is a time consuming CPU, because the CPU has allocated to memory, the application also has to wait to write to disk operations.


iotop requires the installation of the direct Yum install Iotop to see the immediate process for IO usage



Free

Commands to view memory usage directly

Free-m View Unit is M

Free-h View more humane


Total is how much memory all = used + Free+buff/cache

How much memory is used by the used

Free is the remaining memory but used plus free is not total, why? Because the Linux system pre-allocates portions to the buff and cache. The system is reserved because the data transfer process is required.

Shared

Buff/cache buffer/Cache The former is the data from the CPU to the disk the latter is the memory from the disk to the CPU

The unused part of available Free+buff/cache is available, which is the real remaining physical memory----the value of available is most important when viewing free


What is buffer and cache?

There is a certain flow of data, there are two ways, one is to take out the data to the CPU and analysis, the middle is to go through a memory, the purpose is to let the data have a mitigation, because the CPU and disk speed difference is relatively large. Cache the data in memory and use it to get it from memory (cache). In turn, calculate the CPU's data,

Need to be stored back into the disk, this process directly written in too slow, so need memory (buff) to temporarily store data, and then stored to disk.

0101010 (disk)---> Memory (Cache)--CPU

cpu01010010---> Memory (buffer)--disk





PS command


PS aux list all processes in the system

Static one-time use of the current process to list the status.

You can use the pipe character with grep to see if a process exists

Ps-elf and Aux almost


Show:

User users

PID process ID Usually this PID is used to kill the time to use kill PID can be killed process////There is the system is black, see a strange process, want to see the location of this process, find the PID and then enter the/proc/ PID can be entered into the process directory for viewing.

%cpu% of CPU

%MEM% of memory

VSZ RSS virtual Memory physical memory

TTY Console Login

STAT needs attention

Stat is the state of the process, in the following ways:

D---a process that cannot be interrupted. Interruptions can have an impact on the program. This will directly affect the system load, because the system load will be directly related to this.

R---The run state of the process. Refers to a time period in which the CPU is used

S---sleep state. After you run sleep, and then activate the run

T--Paused process


s sleep process (uppercase s)

Vmstat pause after FG continues, and then use another terminal to view the status of S+, because the Vmstat occupies a very short CPU time, so is a magnified sleep state, is to appear to be running, actually sleep, run, sleep running state, The CPU resources are also very low. + indicates foreground process

Since you can see the background run, + No, and R also appears. S and R alternately appear.


Z Zombie Process


< high-priority process CPU prioritizes resources for it to use

N low-priority process.

Memory is locked in memory paging process

S master Process


L Multithreading Process


The biggest difference is:

1 processes contain threads, threads are sub-units of processes

2 All threads under the same process share the same memory, and the memory between processes is isolated from each other.





View network Status

Netstat is the command to view TCP/IP communication status


For example, the installation of a database service, server services, and so on, you need to listen to the port, so-called listening port is the different applications through which port to communicate. Open a port other devices can connect and communicate data over the port. such as the Web port, the sshd port, remote connection


Netstat-lnp

NETSTAT-LTNP only View TCP-LUNP View only UDP-LTUNP view TCP UDP

L---Listen

Explain:

TCP is IPV

TCP6 is IPv6.

The protocol concept for TCP UDP needs to be understood. Three handshakes, four waves

A socket is a file that communicates between two processes on the same server.

Look at what socket files are available.

After you deploy some services later, you need to use PS to view the process, or use Netstat to view the ports.



NETSTAT-NN View the TCP/IP status.


There is a netstat pipeline with the command shown in awk that shows the status of the current listening, establishing, etc.

Netstat-an |awk '/^tcp/{++sta[$NF]} END {(key in STA) print key, "\ T", Sta[key]} '


Attention need to pay attention to established

If this value is large, it means that the system is busy and the site is connected--that is, how many clients are connecting to the server at the same time.

This number is the number of concurrent connections. That is, the state of communication is being maintained, and it consumes resources directly. Usually within 1000 of the words are normal, if the number is too large is not normal.



Ss-an and Netstat are alike.

You can then use awk to filter the information. For example, to view services in the listener,-I ignores case. The disadvantage is that the name of the process is not displayed.



Linux under Grab Bag

Grab Bag Tool tcpdump

See which packages are coming in. And the flow of data, length. The default is TCP packets, if you find a lot of UDP packets are likely to attack. Eg DDos UDP flood. Access to professional anti-attack devices or services only.


TCPDUMP-NN NIC Name

-nn the first n means that the IP is displayed as a number without displaying the hostname.

Time source IP and port > Destination IP and port: Packet information


Tcpdump-nn NIC Port 80 Specify port

Tcpdump-nn NIC not port and host 192.168.0.100 exclude Port 22, as long as the 192.168.0.100 package

Tcpdump-nn-c 10-w 1.cap Packet writes 10 records to a 1.cap file

It is not possible to cat because it contains real data information, because it catches the data through the network card. If you want to see it, you can use Tcpdump-r to view it.


Wireshark is also the command to grab the bag yum install Wireshark

The following command can be used to view Web Access for 80 ports of a specified NIC. But without a Web service, you won't be able to perform this action.

Tshark-n-T a-r http.request-t fields-e "Frame.time"-E "ip.src"-E "http.host"-E "Http.request.method"-E "http.requ Est.uri "


Look at the teacher on-line server display, very good, what IP access to what page can be seen, this can be used to count user access.

Tshark-n-t a-rhttp.request- t Fields-e "Frame.time"-E"ip.src"-E"Http.host"-E"Http.request.method"-E"Http.request.uri" 

20170507Linux seven weeks two lessons IO monitor free PS network status grab

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.