Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use socktop to detect the communication status of socket under Linux". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to use socktop to detect the communication status of socket under Linux.

All socket communication comes through socket interface, and any family communication, including Unix domain socket, has to go, so as long as you intercept a few syscall read and written by socket, you can understand the sending and receiving of unix domain sockets.

The systemtap distribution provides a tool, socktop, located at / usr/share/doc/systemtap/examples/network/socktop, which is a very convenient tool and is the best way to do this.

Installation

To deploy SystemTap, you need to install the following two RPM packages:

The code is as follows:

Systemtap

Systemtap-runtime

With root privileges, run the following command to install:

The code is as follows:

Yum install systemtap systemtap-runtime

Note: before using SystemTap, you need to install kernel packets, which can be installed by running the following command:

The code is as follows:

Stap-prep

If the installation fails, install it manually. For manual installation steps, see manually installing kernel packets.

Note: the error message for running stap-prep on my host is as follows

The code is as follows:

[root@test ~] # stap-prep

Need to install the following packages:

Kernel-devel-2.6.18-308.el5.x86_64

Kernel-debuginfo-2.6.18-308.el5.x86_64

Traceback (most recent call last):

File "/ usr/bin/yumdownloader", line 19, in

Import yum

ImportError: No module named yum

Problem downloading rpm (s) kernel-devel-2.6.18-308.el5.x86_64 kernel-debuginfo-2.6.18-308.el5.x86_64

Manually install the necessary kernel packets

The kernel packets you need contain packages in your kernel that match the following fields-devel,-debuginfo, and-debuginfo-common. As follows:

The code is as follows:

Kernel-debuginfo

Kernel-debuginfo-common

Kernel-devel

You need to install the package corresponding to your kernel and run the command

The code is as follows:

Uname-r

2.6.18-308.el5

You can specify that your kernel is 2.6.18-308.el5, so the packages you need are as follows:

The code is as follows:

Kernel-debuginfo-2.6.18-308.el5.x86_64.rpm

Kernel-devel-2.6.18-308.el5.x86_64.rpm

Kernel-debuginfo-common-2.6.18-308.el5.x86_64.rpm

Important! Note: these three packages must match your kernel version, which you don't understand.

Download these three rpm packages and go to http://rpm.pbone.net to download them. Or the simplest way to search for package names in google.

Download kernel-debuginfo-2.6.18-308.el5.x86_64.rpm:

Wget ftp://ftp.pbone.net/mirror/ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/x86_64/Debuginfo/kernel-debuginfo-2.6.18-308.el5.x86_64.rpm

Download kernel-devel-2.6.18-308.el5.x86_64.rpm:

Wget ftp://ftp.pbone.net/mirror/ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/x86_64/Debuginfo/kernel-devel-2.6.18-308.el5.x86_64.rpm

Download kernel-debuginfo-common-2.6.18-308.el5.x86_64.rpm:

Wget ftp://ftp.pbone.net/mirror/ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/x86_64/Debuginfo/kernel-debuginfo-common-2.6.18-308.el5.x86_64.rpm

Install the three packages separately:

The code is as follows:

Rpm-ivh kernel-debuginfo-common-2.6.18-308.el5.x86_64.rpm

Rpm-ivh kernel-debuginfo-2.6.18-308.el5.x86_64.rpm

Rmp-ivh kernel-devel-2.6.18-308.el5.x86_64.rpm

Initialization test

To test that stap is installed correctly, you need to run the following command test:

The code is as follows:

Stap-v-e 'probe vfs.read {printf ("read performed\ n"); exit ()}'

Socket read-write Viewer socktop

Introduction to copyright and simple functions in socktop source code:

Use help

The code is as follows:

$/ usr/share/doc/systemtap/examples/network/socktop-h

USAGE: socktop [- d] [- I interval] [- N num] [- P protocol]... [- f family]...

[- t stype]... [- n pname]... [- p pid]... [- u username]... [- h]

-d # print network device traffic (default: off)

-I interval # interval in seconds between printing (default: 5)

-N num # number of top processes and devices to print (default: 10)

-f family # this protocol family only (default: all)

-P protocol # this protocol only (default: all)

-t stype # this socket type only (default: all)

-n pname # this process name only (default: all)

-p pid # this process ID only (default: all)

-u username # this user only (default: all)

-c count # number of iteration

-m mod_name # generate instrumentation (but do not run)

-h # print this help text

Protocol Families:

LOCAL, INET, INET6, IPX, NETLINK, X25, AX25, ATMPVC, APPLETALK, PACKET

Protocols:

TCP, UDP, SCTP, IP, FC,... (see / etc/protocols for complete list)

Socket Types:

STREAM, DGRAM, RAW, RDM, SEQPACKET, DCCP, PACKET

The use of the above is very clear, what we want to filter is the unix socket, report the situation every 5 seconds, and type out the traffic of the network equipment easily.

The code is as follows:

$sudo / usr/share/doc/systemtap/examples/network/socktop-f LOCAL-I 5-d

= = Thu Mar 31 21:23:03 2011 =

-- PROCESSES--

PID UID # SEND # RECV SEND_KB RECV_KB PROT FAMILY COMMAND

24821 50453 1 0 0 0 IP LOCAL crond

3840 0 0 2 0 0 IP LOCAL syslog-ng

-- DEVICES--

DEV # XMIT # RECV XMIT_KB RECV_KB

Eth0 457 250 102 38

Bond0 457 0 102 0

Lo 24 24 2 2

Eth2 0 10 0 0

=

We can see very clearly that crond is sending and syslog-ng is receiving.

If you want to know the content of the message, you can change the script to dump the message.

At this point, I believe you have a deeper understanding of "how to use socktop to detect the communication status of socket under Linux". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.