Summarize the commands that are commonly used under Linux
nc
NC command, which is commonly carried by Linux, is known as the "Swiss Army Knife". Both Windows and Linux have a platform tool that you can download and install accordingly. The use of UDP and TCP protocol network connection to read and write data, is a stable backdoor tool. It is also a powerful network debugging and sniffing tool.
Use format:
NC [-options] hostname port[s] [ports] ... Connect to a Place
Nc-l-P port [options] [hostname] [port] bind port waiting for connection
The parameters are:
-e Prog program redirection, once the connection is executed. It also has security implications.
-I secs delay interval
-L listening mode for inbound connections
-N Set the IP address of the number, cannot use the host name
-P Port
-O file record 16-binary transfer
-R arbitrarily specify local and remote segment ports
-S addr Local Source Address
-U UDP mode
-v Verbose output with two-V to get more detailed content
-W secs timeout
-Z turns the input and output off for scanning
The port number can specify a single, the latter a range
Of course NC Can and watch command configure dynamic real-time monitoring
Netstat
The netstat command is used to display various network related information, such as: Network connection, routing table, interface status multicast member, etc.
Netstat output can be divided into two parts: Active TCP connection and active UNIX domain socket interface
Active TCP is primarily used to monitor network transmission related
Active UNIX is used for native communication, and performance can be increased by one times
often See parameters:
-A all means to display the options used, and the default does not show listen related
-T TCP meaning only TCP-related options are shown
-u UDP means only UDP-related
-N rejects the display of aliases, can show all numbers converted into numbers
-l list only service status in listen
-P Display the program name of the CV related link
-R display routing information, routing table
-E Display Extended information
-S statistics according to each protocol
-C time interval for executing netstat
In addition listen and listening states can only be seen with-a or-l
NETSTAT-A lists all ports, including listening and non-listening
Netstat-at List TCP ports
Netstat-pt first dead PID and process name (-p)
Netstat-i Display the list of network interfaces
You can use watch and awk to extract the relevant required fields for listening
Lsof
Full Name list open files, listing the current system opening file
The application open file descriptor provides a lot of information about the application itself, so being able to view this list through the Lsof tool can be a great help for system detection and troubleshooting
Lsof Common parameters:
lsof filename Displays all processes that open the specified file
Lsof-a indicates that two parameters must be met before the results are displayed
Lsof-c string Displays the command column that contains the specified string in the process open descriptor
Lsof-u Username Displays the files that are open by the user process
Lsof-g GID shows the status of the GID process
Lsof +d/dir/displays files that are opened by the process in the directory
Lsof +d/dir/Ibid, but recursive
Lsof-n do not convert IP to hostname
Lsof-i used to display condition-compliant processes
LS-I[46] [Protocol] [@hostname |hostaddr][:service|port]
Ipv4|ipv6 tcp| Udp
LSOF-I:22 View 22 Port operating conditions
Uptime
Display results include the time the server has been running, how many users are logged in, and the overall evaluation of server performance
Load average records the last 1,5,15 minute interval, indicating the number of processes waiting to be executed in the queue, and if the CPU is blocked, the value becomes larger
The best value for load average is 1, which indicates that each process can be processed by CU immediately, and that this value should be divided by the number of physical CPUs in the system of multiple CPUs
Top
The top command shows the actual CPU usage, and the default 5s refreshes once
PID: Process identification
User: Username for process Owner
PRI: Priority of the process
Ni:nice level
Size: The amount of memory the process consumes, including code, data, and stacks
RSS: The amount of physical memory used by the process
SHARE: The number of shared memory for this process and other processes
STAT: Status of the process
S Sleep State
R Run Status
T Stop State
D Interrupt Sleep State
Z Zombie Status
%CPU: Shared CPU usage
%MEM Shared physical Memory
Time: Process consumed by CPU
Command: Start a task with an argument
Iostat
Iostat is part of the Sysstat package, showing that the average CPU time is similar to uptime after the system is booted
Can show disk subsystem usage, IOSTAT can be used to detect CPU utilization and disk utilization
%user:user level (application) CPU usage
%nice: CPU Usage for the user level with nice priority
%sys:system level (kernel) CPU usage
%idle: Idle CPU resource condition
Device: Block device name
Tps: The number of devices per second that the device transmits (I/O requests per second). Multiple individual I/O requests can be composed of one transport operation because a transfer operation can be of different capacity
BLK_READ/S,BLK--WRTN/S: The number of blocks that the device reads and writes per second, the block may be of different capacity
BLK_READ,BLK_WRTN: Total number of block devices read and written since the system started
Vmstat
The Vmstat command provides monitoring of information such as processes, memory, page I/O blocks, and CPUs, and Vmstat can display the average or sampled values of the test results
. Process (Procs)
R: Number of processes waiting for run time
B: Process in non-disruptive sleep state
W: Processes that are swapped out but can still be run, this value is calculated
. MEMORYSWPD: Number of virtual memory
Free: Amount of idle memory
Buff: The amount of memory used as a buffer
. Swap
Si: Quantity exchanged from hard disk
So: Swap to hard drive to get the number
. Io
BI: The fast number of outputs to a single block device
Bo: Number of blocks accepted from a single block device
. system
In: Number of interrupts per second, including clock
CS: Number of context switches that occur per second
% CPU Uptime
US: Non-kernel code run time (user time, nice time)
SY: Kernel code run time (System time)
ID: Idle Time
WA: Waiting for I/O operation time
Vmstat Additional parameters:
. M: Show the memory utilization of the kernel
. A: Display memory page information, including active and inactive memory pages
. N: Displays the header line, which is used when you use the sample mode and the command results are output to a file.
-P partition, Vmstat provides statistics on I/O results
Ps/pstree
System analysis of the most commonly used commands, PS provides a list of running processes
The Pstree command can display all process information in a tree-like structure, and can integrate child process information
Sar
The SAR program is also part of the Sysstat installation package for mobile, reporting, and storage System information.
SAR command three application composition
SAR: Used to display data
SA1/SA2: Used to collect and store data
The data generated by the SAR command is saved by default in the/var/log/sa/directory
You can also use SAR to get a real-time execution result from the command line, which can include CPU utilization, memory page, network I/O, etc.
SAR 3 5 per 3s execution, 5 times SAR
Free
The free command displays the memory usage used by the system, including idle, used, and swapped space.
The free command display also includes some cache and buffer information used by the kernel
Parameters:
-b,-k,-m,-g are displayed with Bytes,kilobytes,megabytes,gigabytes respectively.
-l difference shows low and high memory
-C {Count} shows the number of free outputs
Pmap
The PMAP command shows how much memory is used by one or more processes, and this tool can be used to determine which process on the server is consuming excessive memory and causing a memory bottleneck
Strace
Strace intercepts and records the system invocation information of the process, and also includes the command signals that the process accepts. This is a good diagnostic and debugging tool, but requires system administrator privileges
Strace-p <pid>
Ulimit
Ulimit can be used to control the use of system resources
Mpstat
The Mpstat command is also part of the Sysstat. Primarily used to monitor the situation of each available CPU in a multi-CPU system. The Mpstat command shows the operation of each CPU or all CPUs, as well as the use of parameters to monitor a certain frequency of sample results, as in the case of the Vmstat command.
Valgrind
Memory and performance detection tools, primarily for memory leak detection, performance detection