生活随笔
收集整理的這篇文章主要介紹了
网络观察方法
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
工具
netstat
- 默認:列出連接的套接字
- -a:所有套接字
- -s: 網絡棧統計信息
- -i:網絡接口信息
- -r:列出路由表
- -n:不解析IP為主機名
- -v:顯示冗長的詳細信息
- -c:連續模式
- OK:成功傳輸的數據包
- ERR:錯誤數據包
- DRP:丟包
- OVR:超限
netstat -s
Ip:
903984797 total packets received
0 forwarded
0 incoming packets discarded
903984742 incoming packets delivered
903601997 requests sent out
48 dropped because of missing route
Icmp:
210617 ICMP messages received
135814 input ICMP message failed.ICMP input histogram:destination unreachable:
209724timeout in transit:
707echo requests:
186209865 ICMP messages sent
0 ICMP messages failedICMP output histogram:destination unreachable:
209865
IcmpMsg:InType3:
209724InType8:
186InType11:
707OutType3:
209865
Tcp:
447882384 active connections openings
557407 passive connection openings
446943009 failed connection attempts
163 connection resets received
8 connections established
902646251 segments received
902815309 segments send out
9470 segments retransmited
0 bad segments received.
445282817 resets sent
Udp:
1045235 packets received
206 packets to unknown port received.
0 packet receive errors
600846 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
TcpExt:
34 invalid SYN cookies received
1 ICMP packets dropped because they were out-of-window
621974 TCP sockets finished
time wait in fast timer
3197 TCP sockets finished
time wait in slow timer
19870 delayed acks sent
2 delayed acks further delayed because of locked socketQuick ack mode was activated
1316 times77229 packets directly queued to recvmsg prequeue.
168675 bytes directly
in process context from backlog
8606364 bytes directly received
in process context from prequeue
1589005 packet headers predicted
52475 packets header predicted and directly queued to user
2790664 acknowledgments not containing data payload received
1694511 predicted acknowledgments
696 congestion windows recovered without slow start after partial ack
18 timeouts
in loss state
136610 other TCP timeouts
49 connections reset due to unexpected data
2 connections reset due to early user close
93 connections aborted due to
timeoutTCPRcvCoalesce:
1526118TCPOFOQueue:
2019TCPOFOMerge:
109TCPChallengeACK:
1TCPSpuriousRtxHostQueues:
135894TCPAutoCorking:
33959TCPSynRetrans:
8620TCPOrigDataSent:
4521933TCPHystartTrainDetect:
55TCPHystartTrainCwnd:
1251TCPACKSkippedSynRecv:
6
IpExt:InMcastPkts:
2InBcastPkts:
82370InOctets:
39333180487OutOctets:
39018604444InMcastOctets:
72InBcastOctets:
16274146InNoECTPkts:
903973618InECT0Pkts:
11179
多項按協議分組的網絡數據,主要是TCP,值得關注的指標:
- 相比接收的總數據包更高速的包轉發率:檢查服務器是否應該轉發(路由)數據包
- 開放的被動連接:監視它們能顯示客戶機連接負載
- 相比發送的數據段更高的數據段重傳率:能支持網絡的不穩定
- 套接字緩沖超限導致的數據包從接收隊列中刪除:這是網絡飽和的標志,增加套接字緩沖修復
/proc/net/snamp 統計信息
cat /proc/net/snmpIp: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip:
2 64 903985425 0 0 0 0 0 903985370 903602588 0 48 0 0 0 0 0 0 0
Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
Icmp:
210617 135814 0 209724 707 0 0 0 186 0 0 0 0 0 209865 0 209865 0 0 0 0 0 0 0 0 0 0
IcmpMsg: InType3 InType8 InType11 OutType3
IcmpMsg:
209724 186 707 209865
Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
Tcp:
1 200 120000 -1
447882801 557407 446943426 163 8 902646758 902815832 9470 0 445282817 0
Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors
Udp:
1045318 206 0 600915 0 0 0
UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors
UdpLite:
0 0 0 0 0 0 0
sar
ifconfig 逐漸被ip命令淘汰,總體與netstat -i結果類似
traceroute
發出一系列數據包實驗性的探測到一個主機當前的路由
tcpdump/wireshark這個需要單獨聊
systemtap/perf 這個也要單獨聊
strace 跟蹤套接字相關的系統調用并檢查其使用的選項
lsof 按進程ID列出包括套接字細節在內的打開的文件
ss 套接字統計信息
nfsstat NFS服務器和客戶機統計信息
iftop 按主機(嗅探)總結網絡接口吞吐量
/proc/net網絡統計信息文件
書中大篇幅的談到用dtrace來做各種探針檢測,但是dtrace還是有點學習成本,暫且先放著了,不過提到的一些概念倒是可以記錄一下
套接字延時:
- 連接延時:對于同步的系統調用,是connect()消耗的時間;對于非阻塞的I/O,是執行connect() 至poll() 或者select()(或其他系統調用)報告套接字就緒的時間
- 首字節延時:自執行connect()或者從accept()返回,直到第一字節數據由任何一個I/O系統調用從套接字接收到的時間。
- 套接字持續時間:同一個文件描述符由socket()到close()的時間;要聚焦連接的持續時間,可以由connect()或者accept()開始計時。
總結
以上是生活随笔為你收集整理的网络观察方法的全部內容�,希望文章能夠幫你解決所遇到的問題����。
如果覺得生活随笔網站內容還不錯��,歡迎將生活随笔推薦給好友��。
