2018-1-23 Linux Learning Notes

10.6 Monitoring IO Performance

• This section focuses on Iostat and iotop two commands for monitoring IO performance.
• The Iostat command is used to monitor system input and CPU usage. It reports disk activity statistics and also reports CPU usage. Iostat has a weakness, that is, it cannot analyze a process in depth, only the overall situation of the system.
• You can view it directly using Iostat, but use iostat-x to see more detailed information (using this command should focus on the%util column)
  
• The Iotop command is used to monitor disk I/O usage. Iotop has a UI similar to top, which includes information about PID, user, I/O, process, and so on. The IO statistics tools under Linux such as Iostat can only be counted to the read and write of Per device, if you want to know how each process uses IO, the iotop command can be easily viewed.
  10.7 Free Command
• The free command is used to view memory usage (use this command to focus on the available column).
• FREE-M/-G/-H---> Display memory usage in units deemed appropriate by the m/g/system

• Buffer/cache differences
  Disk---> Memory (cache)--->CPU
  CPU---> Memory (buffer)---> Disk

• Formula: total=used+free+buff/cache
• Available contains the remainder of free and Buffer/cache
  10.8 PS Command
• The PS command is used to view the process status of the current system. You can use the kill command to interrupt and remove unnecessary programs at any time. This command allows you to determine which processes are running and running, whether the process is complete, if the process is dead, which processes are consuming too many resources, and so on. Most of the information can be obtained by executing the command.
• Common usage:
  PS aux | grep command name
  Ps-elf
  Option meaning:
  A: Displays all programs under the current terminal, including other users ' programs
  U: Show program status in user-oriented format
  x: Show All Programs, not the terminal to distinguish
  -E: The effect of this option is the same as specifying the "A" option
  -L or L: Show program status in verbose format
  -F: Display Uid,ppip,c and Stime fields
  -A: Show All Programs

• The stat section explains:
  D a process that cannot be interrupted
  The process of R run state
  The process of the S sleep state
  T paused process
  Z Zombie Process
  < high-priority processes
  N Low-priority processes
  Memory paging is locked in memory
  S master Process
  L Multithreading Process
  + Foreground Process
  
  10.9 Viewing network status
• The netstat command can be used to view network status information.
• Common usage:
  NETSTAT-LNP---> View listening ports ( focus on active Internet connections (only servers)
  Netstat-an---> View the status of the network connection of the system (with a focus on state status of established, typically within 1000 of the state, too large to focus on troubleshooting)
  Option meaning:
  -A: Shows all sockets in the connection
  -L: Displays the socket of the server in the monitor
  -N: Use the IP address directly, not through the domain name server
  -P: Shows the program identification code and program name of the socket being used
  
  
• Tips:
  Count the number of connections currently in various states of the system:
  Netstat-an | awk '/^tcp/{++sta[$NF]}end{for (key in STA) print key, "\ T", Sta[key]} '
  
  Add:
  Ss-an and Netstat use similar. 10.10 Linux under Grab Bag
• The tcpdump command is used to crawl network packets, which can print header information for all packets that pass through the network interface, or you can use the-w option to save the packet to a file for later analysis.
• Common usage:
  Tcpdump-nn-i ENS33---> Crawl packets that pass through the NIC Ens33
  Tcpdump-nn Port 80-i Ens33---> Crawl 80-Port packets
  Tcpdump-nn not port, and host 192.168.1.100---> Crawl non 22 ports and packets from IP 192.168.1.100
  TCPDUMP-NN-C 100-w/tmp/1.cap---> Crawl 100 package and save to file/tmp/1.cap
  Tcpdump-r/tmp/1.cap---> Reading files/tmp/1.cap
  

• The Tshark command is used to crawl and analyze network packets.
  The Wireshark package must be installed before using the Tshark command
  Yum Install-y Wireshark
  Tips:
  Displays the domain name and URI of the access HTTP request:
  Tshark-n-T a-r http.request-t fields-e "Frame.time"-E "ip.src"-E "http.host"-E "Http.request.method"-E "http.requ Est.uri "

Extended Knowledge:
The TCP protocol's three-time handshake four-time wave mechanism simple principle ( related knowledge from the network, thanks to the original author ).

• Three-time handshake:
  1.A initiates A connection request to B: A--->b
  2.B receives a send signal and sends a confirmation message to a: B--->a
  3.A receives a confirmation signal from B and sends a confirmation signal to B: A--->b

With the first handshake, B knows that a can send data.
With a second handshake, a knows that B can send data.
In combination with the first, two handshakes, a knows that B can receive data.
In combination with the third handshake, B knows that a can receive data.

• Four times wave:
  1.A initiates a request to B, indicating that a has no data to send: a--->b
  2.B sends a signal to a to confirm the disconnect request for a: B--->a
  3.B sends a signal to a, requests disconnect, indicates b no data to send: b--->a
  4.A Send confirmation signal to B, agree to disconnect: A--->b

Why is the 2nd, 3 waves not in a wave? Because at this point a although no longer send the data, but also can receive data, B may also have data to send to a, so two waves can not be combined to one time.

The number of waves is more than a handshake, because the handshake process, communication only need to deal with the connection. And the wave process, communication in addition to processing the connection, but also processing data.

2018-1-23 Linux Learning notes