Suspect server has abnormal traffic troubleshooting journal
First, use Ifconfig to view network card traffic
[Email protected] ~]# ifconfig
Eth4 Link encap:ethernet HWaddr 00:50:56:0a:a6:e9
inet addr:192.168.1.91 bcast:192.168.1.255 mask:255.255.255.0
Inet6 ADDR:FA70::220:58AF:FABA:6E8/64 Scope:link
Up broadcast RUNNING multicast mtu:1500 metric:1
RX packets:21148074982 errors:0 dropped:0 overruns:0 frame:0
TX packets:21944211957 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7069850347226 (6.4 tib) TX bytes:8936760647131 (8.1 tib)
lo Link encap:local Loopback inet addr:127.0.0.1 mask:255.0.0.0 inet6 addr:.: 1/128 scope:h OST up LOOPBACK RUNNING mtu:16436 metric:1 RX packets:13894306 errors:0 dropped:0 overruns:0 frame:0 TX packets:13894306 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:6506280062 (6.0 Gib) TX bytes:6506280062 (6.0 Gib) virbr0 Link encap:ethernet HWaddr 52:34:40:A1:04:BF inet addr:192.168.122.1 bcast:192.168.122.255 mask:255.255.255.0 up broadcast RUNNING multicast MTU:1500 Metric: 1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:26979 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:1243664 (1.1 MiB)
Ii. Nethogs The process of further locating the flow consumption
1. Download RPM Package:
Http://rpm.pbone.net/index.php3/stat/4/idpl/40930296/dir/redhat_el_6/com/nethogs-0.8.5-1.el6.x86_64.rpm.html
Select the following rpm:
nethogs-0.8.5-1.el6.x86_64.rpm
2、安装[[email protected] yum.repos.d]# cd /tmp[[email protected] tmp]# rpm -ivh nethogs-0.8.5-1.el6.x86_64.rpmwarning: nethogs-0.8.5-1.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEYPreparing... ########################################### [100%] 1:nethogs ########################################### [100%][[email protected] tmp]# NetHogs使用[[email protected] tmp]# nethogsNetHogs提供交互式控制指令:m : Cycle between display modes (kb/s, kb, b, mb) 切换网速显示单位r : Sort by received. 按接收流量排序s : Sort by sent. 按发送流量排序q : Quit and return to the shell prompt. 退出NetHogs命令工具
Third, find the process ID and further check the process information
[Email protected] ~]# Ps-fe|grep 29640
Root 9660 9385 0 17:03 pts/4 00:00:00 grep 29640
Root 29640 1 10:13 pts/3 03:36:56/usr/java/jdk1.7.0_79/bin/java-server-xx:permsize=256m-xx:maxpermsize=512m-djett y.state=/home/jetty-distribution-7.6.16.v20170903/jetty.state-djetty.home=/home/ jetty-distribution-7.6.16.v20170903-djava.io.tmpdir=/tmp-jar/home/jetty-distribution-7.6.16.v20170903/ Start.jar Etc/jetty-logging.xml Etc/jetty-started.xml
[Email protected] ~]#
Suspect that the server has an abnormal traffic log, using commands such as Ifconfig,nethogs