XV, free, PS, netstat commands, and grab kits tcpdump and Tshark

Free command to view memory.

#free-K Display in KB

#free-m Display in MB

#free-G display in GB

#free-H display at a suitable size

Information for the free command output:

The real remaining memory is the second row of the free column

The numbers in the buffers and cached columns indicate how much buffers and cached are left.

A row of numbers in the free column +buffers column numbers

-Buffers/cache reacts to memory that is actually eaten by the program

+ Buffers/cache response is the total amount of memory that can be appropriated

What's the difference between buffers and cached?

Buffers refers to the size of the high-speed buffer area, is a concept of space size, run the program commonly used data, in the first run, the system will temporarily cache them in a high-speed storage area, later when the time is directly from the region to read data for the program to use, access to these data media, Since it reads and writes much faster than hard drives and memory, the size of the buffers can have a significant impact on the speed of the computer, but it will automatically disappear when the data is restarted or shut down. and cached refers to the cached data, is the real thing, such as your commonly used programs, because some of the data is often used to run these programs, the system will put them into a file, cached to a specific location, the next time you run the program, It will automatically read the data to the cache location for the program to run, the area where the data is stored on the computer's hard disk, in theory, read and write speed is unchanged, but also to save the time to find these data, it can also indirectly improve the computer's operational efficiency.

http://baike.sogou.com/v49107. ...%2598

Cache Encyclopedia

The PS command displays the system process.

#ps-elf = #ps-aux

USER PID%cpu%MEM VSZ RSS TTY STAT START time COMMAND

Root 1090 0.0 0.0 12896 828? S<SL 05:32 0:00 AUDITD

Root 1112 0.0 0.1 37184 1560? Sl 05:32 0:00

Dbus 1128 0.0 0.0 3032 896? Ss 05:32 0:00 Dbus-daemon--

Root 1283 0.0 0.0 492 tty4 ss+ 05:32 0:00/sbin/mingetty

Root 1284 0.0 0.0 2620 864? s< 05:32 0:00/sbin/udevd-d

Root 6769 1.0 0.1 6552 1076 pts/0 r+ 07:01 0:00 ps-aux

PID: The ID of the process, in Linux the kernel management process relies on PID to identify and manage a process.

Example: #kill-9 1090 (process PID)

STAT: Represents the state of a process, usually with a few:

D, a process that cannot be interrupted

R, the regular running process

S, the process that has been interrupted, usually most of it is this state.

T, the process that has been terminated or suspended,

X, the process that has died (as if it never appears)

Z, zombie process, shut down the garbage process, take up a small system of resources

<, high-priority process

N, low-priority process

L, locked memory paging in memory

s, main thread

L, multithreaded process

+, represents the process running in the foreground

#ps aux |grep-c mingetty, which is used to view the number of a process.

---------------------------------------------------------------

Netstat view the port.

#netstat-LNP the command to view all the listening ports of the current system (display the digital port)

#netstat-an to view the status of all network connections on the system (display the digital port)

Time_wait Transfer Complete Link remains

Establtshed has established a link is being communicated

Fin_wait2 status Details, refer to "TCP/IP three-time handshake"

http://blog.csdn.net/whuslei/a ... 67471

Netstat-an |grep 112.112.69.86:80 View 80 port concurrency Status

Netstat-an |grep 112.112.69.86:80 |grep-ic estab Statistics link (establtshed) Total number of links being communicated

(Front-end static page 2 to 30,000 backend with PHP MySQL etc 2000 to 3000 or so)

----------------------------------------------------------------

Grab Bag tool tcpdump and Tshark

See what packets are on a network card.

#tcpdump-nn-i eth0

07:20:55.220948 IP 192.168.1.108.22 > 192.168.1.117.50000: Flags [P.], seq 396800:397072, Ack 5761, win 359, L Ength 272

07:20:55.221032 IP 192.168.1.108.22 > 192.168.1.117.50000: Flags [P.], seq 397072:397248, Ack 5761, win 359, L Ength 176

The third fourth column is, which one ip+port is connecting which ip+port.

-nn let the third and fourth columns appear as ip+ ports, if not added, displays the hostname + server name

-I followed the device name, crawling only the device information

#tcpdump-nn-i eth0 host 192.168.1.1.1 and Port 80-c 100-w 1.cap

Specify the Ip,port specified port with host,-c specifies the number of packages, and-W writes to the specified file. In this case, the 1.cap file is the contents of the package, and if you do not add-W directly on the screen is not the packet, but the data flow. This 1.cap can be downloaded to Windows and then viewed with Wireeshark.

-s0 grab a complete package.

Wireshark Tools

#tshark-N-t a-r http.request-t fields-e "Frame.time"-E "ip.src"-E "http.host"-E "Http.request.method"-E "htttp.re Quest.uri "

XV, free, PS, netstat commands, and grab kits tcpdump and Tshark