Monitor IO performance, free, PS commands and Netstat commands, grab kit Tools Tcpdump,tshark

Source: Internet
Author: User

I. Monitoring IO performance
Iostat-x Focus on%util
Iotop to see which process is reading and writing

Ii. free command (view memory usage)
-M
-H
-G
Buff buffer (CPU processed data > memory (Buff) > Disk)
Cache caching (Disk > Memory (cache) >CPU processing data)
Formula: Total= used + Free +buff/cache
Avaliable contains free and buffer/cache remaining parts
How my swap is all 0.

PS Command (view system process)
PS aux all the processes in the system are listed in snapshot form
PS aux |grep process name (view an Access process)

Kill a process: kill +pid
Each process has a directory: Ls-l/proc/(505) PID
STAT section Description (focus on understanding)
D: A process that cannot be interrupted
Process of R:run State
S:sleep process
T: Paused process (Ctrl +z pause FG Recovery)
Z: Zombie Process
<: high-priority processes
N: Low-priority process
s (small s): main process
L: Multithreaded Process
+: Foreground process

Iv. netstat View network status
NETSTAT-LNP viewing the Listening port,
Netstat-an View TCP/IP status (extended TCP/IP three-time handshake, four waves)
NETSTAT-LNTP only look at TCP, not including sockets
Ss-an and Netstat same usage
Netstat-an |awk '/^tcp/{++sta[$NF]} END {for (key in STA) print key, "\ T", Sta[key]} ' can view all states
(if the established is large, the system is busy, usually within 1000)

Five, Linux under Grab Bag (tcpdump)
Tcpdump-nn the first n means that the IP is displayed in digital form, if the hostname is not displayed,
Look at the flow of data.
Usually TCP, if you see a packet of UDP can be attacked. (DDOS UDP flood flood attack, if you encounter this can only access professional anti-attack equipment (Chuang Yu company did a good job?) )
TCPDUMP-NN Prot 80 Specifies that only 80 ports are caught
Tcpdump-nn-i eth0 No port 80 In addition to 80 ports
Cpdump-i eth0-nn Prot and host 192.168.1.1 Catch ip192.168.1.100 80-Port Package

cpdump -nn -i eth0 -c 1001 -w /tmp/1.cap 只抓100 个包并存在/tmp目录下用file 1.cap 大概在内容,不可以用cat打开

To see if you want to use Tcpdump-r 1.cap

2, Tshark grasping the bag tool
1. Installation: Yum install-y Wireshark
2, Tshark-n-T a-r http.request-t fields-e "Frame.time"-E "ip.src"-E "http.host"-E "Http.request.method"-E "http.re Quest.uri "
Use this command to view a case where you specify a network adapter 80 port for Web Access, and you need to remember!

Monitor IO performance, free, PS commands and Netstat commands, grab kit Tools Tcpdump,tshark

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.