Monitoring IO Performance/free Command/ps command/view network status/linux grab the packet

Monitoring IO Performance

Use the Iostat command to view disk usage

[Email protected] ~]# iostat-x

Here we focus on util This column,util is a percentage of the display, if the larger the value of your hard disk is more busy, this will be the reason for your system to become slow

Use the iotop command to see if the process uses a large disk
You first need to install this command

[email protected] ~]# Yum install-y iotop
[Email protected] ~]# Iotop

Free command

The free command can view the total memory size of the current system and the use of memory. Centos7 is a little more concise than CENTOS6, but the general content is the same.

[[email protected] ~]# free

total：内存总大小used：真正使用的实际内存大小free：剩余物理内存大小（没有被分配，纯剩余）shared：共享内存大小，不用关注它buff/cache：buffer和cache都是一部分内存，内存的作用就是缓解CPU和IO的速度差距的available：系统可以使用内存有多大

The free command shows a result in fact that there is a hidden formula:total=used+free+buff/cache. available is made up of part of the memory that is free and Buff/cache not yet occupied.
Free can also add some parameters- m and- g(respectively, MB and GB units display) print memory usage, and even support- h option

PS command

viewing system processes using the PS command

[[Email protected] ~]# PS aux

There is a ps-elf command In addition to the PS aux command, but commonly used as PS aux command

PID: Indicates the ID of the process, which is useful. In Linux, the kernel management process relies on PID to identify and manage a process, such as the need to terminate a process, the command "kill process ID", sometimes this does not close some processes, need to add 9 options, But you are a bit forced (violent), serious words may lose data, so try not to.

STAT: Status of the process, the status is divided into the following types

D:不能中断的进程（通常为IO）R：正在运行的进程，包含等待CPU时间片的进程S：已经中断的进程。通常情况下，系统的大部分进程都是这个状态T：已经停止或者暂停的进程。Z：僵尸进程，即杀不掉，打不死的垃圾进程，占用系统一点资源，不过没有关系。如果占用太多，则需要重视<：高优先级进程N：底优先级进程L：在内存中被锁了内存分页s：主进程l：多线程进程+：在前台运行的进程，比如在当前终端执行的ps aux就是前台进程

View network Status

netstat: Used for printing network connection status, system open port, routing table and other information, commonly used;

[[email protected] ~]# NETSTAT-LNP//print which ports the current system launches
And
[[email protected] ~]# Netstat-an//Print network connection Status

TCP Three handshake four wave, need to focus on the content;
Https://wenku.baidu.com/view/91793c1ec281e53a5802ff29.html

Share the skill to see the number of all States (client and server in the number of communications, within 1000 is normal)

[Email protected] ~]# Netstat-an | awk '/^tcp/{++sta[$NF]} END {for (key in STA) print key, "\ T", Sta[key]} '
LISTEN 9
Established 1

Linux under Grab Bag

tcpdump Tools: To see what packets are on a network card, especially when you initially determine that there is a traffic attack on the server, use the Capture tool to crawl the packet to know which IP is attacking.
If you do not have the tcpdump tool, install it first;

[email protected] ~]# Yum install-y tcpdump
[Email protected] ~]# tcpdump-nn-i ens33

Common parameters -nn here because of the use of the virtual machine so you need to specify the network card with the-i parameter, the command to enter the output, the screen will continue to print out characters, the string is constantly refreshed, which is the flow of data transfer process and data packets, focusing on the third and fourth columns that represents which ip+ port is connected to which ip+ Port . Ctrl + C exits the program.
The tcpdump also has the- C and- w options,-c Specifies the number of catches, and-W saves the crawl results to the specified path

[Email protected] ~]# tcpdump-nn-i ens33-c 10-w/home/ask/documentation/

Besides, there are

[[email protected] ~]# tcpdump-nn-i ens33 Port 22//Specify a packet to crawl 22 ports
[[email protected] ~]# tcpdump-nn-i ens33 not port 22//Specify to crawl packets other than 22 ports
[[email protected] ~]# tcpdump-nn-i ens33 TCP and not port 22//Specifies to crawl TCP packets, but excludes 22 ports of
[[email protected] ~]# tcpdump-nn-i ens33 Port and Port 24//Specify to crawl only 22 and 24 port packages

Wireshark Tools

Installing the tshark clutch Tool

[email protected] ~]# Yum install-y wireshark

Specify to view 80 port access

[Email protected] ~]# tshark-n-t a-r http.request-t fields-e "Frame.time"-E "ip.src"-E "http.host"-E "http.reques T.method "-E" Http.request.uri "

Monitoring IO Performance/free Command/ps command/view network status/linux catch package