工具

netstat

• 默認：列出連接的套接字
• -a：所有套接字
• -s: 網(wǎng)絡棧統(tǒng)計信息
• -i：網(wǎng)絡接口信息
• -r：列出路由表
• -n：不解析IP為主機名
• -v：顯示冗長的詳細信息
• -c：連續(xù)模式
  
• OK：成功傳輸?shù)臄?shù)據(jù)包
• ERR：錯誤數(shù)據(jù)包
• DRP：丟包
• OVR：超限

netstat -s Ip:903984797 total packets received0 forwarded0 incoming packets discarded903984742 incoming packets delivered903601997 requests sent out48 dropped because of missing route Icmp:210617 ICMP messages received135814 input ICMP message failed.ICMP input histogram:destination unreachable: 209724timeout in transit: 707echo requests: 186209865 ICMP messages sent0 ICMP messages failedICMP output histogram:destination unreachable: 209865 IcmpMsg:InType3: 209724InType8: 186InType11: 707OutType3: 209865 Tcp:447882384 active connections openings557407 passive connection openings446943009 failed connection attempts163 connection resets received8 connections established902646251 segments received902815309 segments send out9470 segments retransmited0 bad segments received.445282817 resets sent Udp:1045235 packets received206 packets to unknown port received.0 packet receive errors600846 packets sent0 receive buffer errors0 send buffer errors UdpLite: TcpExt:34 invalid SYN cookies received1 ICMP packets dropped because they were out-of-window621974 TCP sockets finished time wait in fast timer3197 TCP sockets finished time wait in slow timer19870 delayed acks sent2 delayed acks further delayed because of locked socketQuick ack mode was activated 1316 times77229 packets directly queued to recvmsg prequeue.168675 bytes directly in process context from backlog8606364 bytes directly received in process context from prequeue1589005 packet headers predicted52475 packets header predicted and directly queued to user2790664 acknowledgments not containing data payload received1694511 predicted acknowledgments696 congestion windows recovered without slow start after partial ack18 timeouts in loss state136610 other TCP timeouts49 connections reset due to unexpected data2 connections reset due to early user close93 connections aborted due to timeoutTCPRcvCoalesce: 1526118TCPOFOQueue: 2019TCPOFOMerge: 109TCPChallengeACK: 1TCPSpuriousRtxHostQueues: 135894TCPAutoCorking: 33959TCPSynRetrans: 8620TCPOrigDataSent: 4521933TCPHystartTrainDetect: 55TCPHystartTrainCwnd: 1251TCPACKSkippedSynRecv: 6 IpExt:InMcastPkts: 2InBcastPkts: 82370InOctets: 39333180487OutOctets: 39018604444InMcastOctets: 72InBcastOctets: 16274146InNoECTPkts: 903973618InECT0Pkts: 11179

多項按協(xié)議分組的網(wǎng)絡數(shù)據(jù)，主要是TCP，值得關注的指標：

• 相比接收的總數(shù)據(jù)包更高速的包轉發(fā)率：檢查服務器是否應該轉發(fā)（路由）數(shù)據(jù)包
• 開放的被動連接：監(jiān)視它們能顯示客戶機連接負載
• 相比發(fā)送的數(shù)據(jù)段更高的數(shù)據(jù)段重傳率：能支持網(wǎng)絡的不穩(wěn)定
• 套接字緩沖超限導致的數(shù)據(jù)包從接收隊列中刪除：這是網(wǎng)絡飽和的標志，增加套接字緩沖修復

/proc/net/snamp 統(tǒng)計信息

cat /proc/net/snmpIp: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates Ip: 2 64 903985425 0 0 0 0 0 903985370 903602588 0 48 0 0 0 0 0 0 0 Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps Icmp: 210617 135814 0 209724 707 0 0 0 186 0 0 0 0 0 209865 0 209865 0 0 0 0 0 0 0 0 0 0 IcmpMsg: InType3 InType8 InType11 OutType3 IcmpMsg: 209724 186 707 209865 Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors Tcp: 1 200 120000 -1 447882801 557407 446943426 163 8 902646758 902815832 9470 0 445282817 0 Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors Udp: 1045318 206 0 600915 0 0 0 UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors UdpLite: 0 0 0 0 0 0 0

sar

ifconfig 逐漸被ip命令淘汰，總體與netstat -i結果類似

traceroute
發(fā)出一系列數(shù)據(jù)包實驗性的探測到一個主機當前的路由

tcpdump/wireshark這個需要單獨聊

systemtap/perf 這個也要單獨聊

strace 跟蹤套接字相關的系統(tǒng)調用并檢查其使用的選項
lsof 按進程ID列出包括套接字細節(jié)在內的打開的文件
ss 套接字統(tǒng)計信息
nfsstat NFS服務器和客戶機統(tǒng)計信息
iftop 按主機（嗅探）總結網(wǎng)絡接口吞吐量
/proc/net網(wǎng)絡統(tǒng)計信息文件

---

書中大篇幅的談到用dtrace來做各種探針檢測，但是dtrace還是有點學習成本，暫且先放著了，不過提到的一些概念倒是可以記錄一下
套接字延時：

• 連接延時：對于同步的系統(tǒng)調用，是connect()消耗的時間；對于非阻塞的I/O，是執(zhí)行connect() 至poll() 或者select()（或其他系統(tǒng)調用）報告套接字就緒的時間
• 首字節(jié)延時：自執(zhí)行connect()或者從accept()返回，直到第一字節(jié)數(shù)據(jù)由任何一個I/O系統(tǒng)調用從套接字接收到的時間。
• 套接字持續(xù)時間：同一個文件描述符由socket()到close()的時間；要聚焦連接的持續(xù)時間，可以由connect()或者accept()開始計時。

總結

以上是生活随笔為你收集整理的网络观察方法的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內容還不錯，歡迎將生活随笔推薦給好友。