Monitor IO performance, free, PS commands and Netstat commands, grab kit Tools Tcpdump,tshark

I. Monitoring IO performance
Iostat-x Focus on%util
Iotop to see which process is reading and writing

Ii. free command (view memory usage)
-M
-H
-G
Buff buffer (CPU processed data > memory (Buff) > Disk)
Cache caching (Disk > Memory (cache) >CPU processing data)
Formula: Total= used + Free +buff/cache
Avaliable contains free and buffer/cache remaining parts
How my swap is all 0.

PS Command (view system process)
PS aux all the processes in the system are listed in snapshot form
PS aux |grep process name (view an Access process)

Kill a process: kill +pid
Each process has a directory: Ls-l/proc/(505) PID
STAT section Description (focus on understanding)
D: A process that cannot be interrupted
Process of R:run State
S:sleep process
T: Paused process (Ctrl +z pause FG Recovery)
Z: Zombie Process
<: high-priority processes
N: Low-priority process
s (small s): main process
L: Multithreaded Process
+: Foreground process

Iv. netstat View network status
NETSTAT-LNP viewing the Listening port,
Netstat-an View TCP/IP status (extended TCP/IP three-time handshake, four waves)
NETSTAT-LNTP only look at TCP, not including sockets
Ss-an and Netstat same usage
Netstat-an |awk '/^tcp/{++sta[$NF]} END {for (key in STA) print key, "\ T", Sta[key]} ' can view all states
(if the established is large, the system is busy, usually within 1000)

Five, Linux under Grab Bag (tcpdump)
Tcpdump-nn the first n means that the IP is displayed in digital form, if the hostname is not displayed,
Look at the flow of data.
Usually TCP, if you see a packet of UDP can be attacked. (DDOS UDP flood flood attack, if you encounter this can only access professional anti-attack equipment (Chuang Yu company did a good job?) )
TCPDUMP-NN Prot 80 Specifies that only 80 ports are caught
Tcpdump-nn-i eth0 No port 80 In addition to 80 ports
Cpdump-i eth0-nn Prot and host 192.168.1.1 Catch ip192.168.1.100 80-Port Package

cpdump -nn -i eth0 -c 1001 -w /tmp/1.cap 只抓100 个包并存在/tmp目录下用file 1.cap 大概在内容，不可以用cat打开

To see if you want to use Tcpdump-r 1.cap

2, Tshark grasping the bag tool
1. Installation: Yum install-y Wireshark
2, Tshark-n-T a-r http.request-t fields-e "Frame.time"-E "ip.src"-E "http.host"-E "Http.request.method"-E "http.re Quest.uri "
Use this command to view a case where you specify a network adapter 80 port for Web Access, and you need to remember!

Monitor IO performance, free, PS commands and Netstat commands, grab kit Tools Tcpdump,tshark