71.free,ps,netstat, grab Bag tool

Free

The free command displays the number of unused and used memory in the current system and also shows the memory buffers used by the kernel.

Command syntax

Free (option)

Options

-B: Displays memory usage in bytes;
-K: Displays memory usage in kilobytes;
-M: Displays memory usage in megabytes;
-O: Do not display buffer adjustment columns;
-s< interval seconds;: Continuous observation of memory usage;
-T: Displays the sum of memory columns;
-V: Displays version information.

Case

Free-m
Total used free shared buffers Cached
MEM:2016 1973 42 0 163 1497
-/+ buffers/cache:312 1703
swap:4094 0 4094
The first part of the Mem line explains:
Total: Memory totals;
Used: The number of memory that has been used;
Free: The number of idle memory;
Shared: not currently obsolete;
Buffers buffer: number of cache memory;
Cached Page: The number of cache memory.
Relationship: total = used + Free
The second part (-/+ Buffers/cache) explains:
(-buffers/cache) used memory: The first part of the Mem line in used–buffers–cached
(+buffers/cache) Free Memory: The first part of the MEM line Free + buffers + Cached
The visible-buffers/cache reflects the memory that is actually eaten by the program, and +buffers/cache reflects the total amount of memory that can be appropriated.

The third part refers to the swap partition.

Ps

The PS command is used to report the process status of the current system. You can break and delete unnecessary programs with the KILL command at any time. The PS command is the most basic and powerful process view command that can be used to determine which processes are running and running, whether the process is complete, if the process is dead, which processes are consuming too much resources, and so on, and most of the information can be obtained by executing the command.

Grammar

PS (option)

Options

Option thief more than the usual is the PS aux or with pipe character use if you need to know, you can--help on the system PS

Command description

PID: The ID of the process, this ID is very useful, the kernel management process in Linux relies on PID to identify and manage a certain process, such as I want to terminate one of the processes, the kill process PID is sometimes not killed, you need to add a-9 option kill-9 process PID, this is a bit violent , serious time back lost data, so try not to.

STAT: Indicates the status of the process, and the process state is divided into the following types (not required to remember, but to understand)
D: A process that cannot be interrupted (usually IO)
R: Running Process
S: A process that has been interrupted, typically, most of the processes in the system are in this state
T: A process that has stopped or is paused, if we are running a command, say sleep 10 if we press ctrl-z and let him pause, then we will show the status of T in PS View.
W: This seems to say that after the kernel 2.6xx, it is indicated that there is not enough memory page allocation
X: Dead process (this never seems to happen)
Z: Zombie process, can't kill, fight the garbage process, the system a small resource, but no relationship. If too many, there is a problem. Generally does not appear.
<: high-priority process
N: Low-priority process
L: Memory is locked in memory paging
S: Main process
L: Multithreaded Process
+: Represents a process running in the foreground

Netstat command command description

The netstat command is used to print the status information of network systems in Linux, allowing you to learn about the network conditions of the entire Linux system.

Grammar

Netstat (option)

Options

-A or--all: Displays all sockets in the connection;
-a< network type > or--< network type;: Lists the relevant addresses in the network type connection;
-C or--continuous: Continuous listing of network status;
-C or--cache: shows the cache information of the router configuration;
-E or--extend: Displays other relevant information about the network;
-F or--fib: show fib;
-G or--groups: Displays the multi-broadcast Function group member list;
-H or--help: online help;
-I or--interfaces: Displays the Web interface information form;
-L or--listening: Displays the socket of the server in the monitor;
-M or--masquerade: Displays the spoofed network connection;
-N or--numeric: Use the IP address directly, not through the domain name server;
-N or--netlink or--symbolic: Displays the symbolic connection name of the network hardware peripheral device;
-O or--timers: Display timer;
-P or--programs: shows the program identification code and program name of the socket being used;
-R or--route: Show routing Table;
-S or--statistice: Display the network work information statistics;
-T or--tcp: shows the connection status of the TCP transport protocol;
-U or--UDP: Displays the connection status of the UDP transport protocol;
-V or--verbose: Displays the instruction execution process;
-V or--version: Displays version information;
-W or--raw: Displays the connection status of the raw transport protocol;
-X or--unix: The effect of this parameter is the same as specifying the "-A unix" parameter;
--ip or--inet: The effect of this parameter is the same as specifying the "-A inet" parameter.

Case

List all ports (both listening and not listening)
Netstat-a #列出所有端口
Netstat-at #列出所有tcp端口
Netstat-au #列出所有udp端口
List all Sockets in the listening state
Netstat-l #只显示监听端口
NETSTAT-LT #只列出所有监听 TCP port
Netstat-lu #只列出所有监听 UDP port
NETSTAT-LX #只列出所有监听 UNIX Ports
Show statistics for each protocol
Netstat-s displaying statistics for all ports
Netstat-st displaying statistics for TCP ports
Netstat-su displaying statistics for UDP ports

Show PID and process name in netstat output
Netstat-pt

Grab Bag tool 1.tcpdump tool description

The tcpdump command is a sniffer tool that can print header information for all packets that pass through the network interface, or you can save the packet to a file using the-w option for later analysis.

Grammar

tcpdump (option)

Options

-A: Attempts to convert the network and broadcast addresses into names;
-c< number of packets;: After receiving the specified number of packets, stop the dumping operation;
-D: Converts the compiled packet encoding into a readable format and dumps it to the standard output;
-DD: Converts the compiled packet encoding into the C language format and dumps it to the standard output;
-DDD: Converts the compiled packet encoding into a decimal number format and dumps it to the standard output;
-E: Displays the header of the connection level on each column of dumping data;
-F: Digital display of the Internet address;
-f< expression file;: Specify the file containing the expression;
-i< network interface;: Send the packet using the specified network section;
-L: Buffers using standard output columns;
-N: Do not convert the host's network address into a name;
-N: Do not list domain names;
-O: Do not optimize the packet encoding;
-P: Do not let the network interface into promiscuous mode;
-Q: Fast output, listing only a few transmission protocol information;
-r< packet file;: Reads packet data from the specified file;
-s< packet size;: Sets the size of each packet;
-S: Lists the number of TCP associations with absolute rather than relative values;
-T: Time stamp is not displayed on each column of dumping data;
-TT: Display of unformatted timestamp on each column of dumping data;
-t< packet type;: Forces the data packet specified by the expression to be translated into the set packet type;
-V: Displays the instruction execution process in detail;
-VV: Show the instruction execution process in more detail;
-X: The data packets are listed in hexadecimal loadline;
-w< packet File: Writes the packet data to the specified file.

Instance

If you do not have tcpdump this command, you need to use the Yum install-y tcpdump command to install it. The third and fourth columns in the example above show which Ip+port is connected to which ip+port, and the information that follows is the information about the packet, and the-NN parameter is for the ip+ port number to be displayed directly, only the third and fourth columns of interest. The-i option is followed by the device name, if you want to catch the ENS33 network card packet, followed by EENS33.
If you do not add-nn, the host name + service name is displayed.
-C option to specify the number of grab packets.

# tcpdump -nn -i ens33 port 22           //只抓22端口的包# tcpdump host 192.168.x.x   //抓取指定ip的包# tcpdump -nn -i ens33 tcp and not port 22        //指定抓tcp的包，但是不要22端口的# tcpdump -nn -i ens33 port 22 and port 53       //只抓22和53端口的包# tcpdump -nn -i ens33 -c 10 -i ens33 -w /tmp/tset.cap    //保存10次抓包到/tmp/test.cap# tcpdump -r /tmp/test.cap  //读取抓包文件

2.wireshark Tools

71.free,ps,netstat, grab Bag tool