Shulou(Shulou.com)06/01 Report--

Network Management of Linux (8) Network Monitoring tools

There are many tools to check the status of network and process communication in linux, and the establishment of communication between networks is carried out through soket sockets, the so-called sockets are equivalent to sockets, and a host will produce a variety of sockets, which is equivalent to the process of plug insertion into the socket, that is, process communication in the host. To establish communication in the network is to insert all kinds of things into each other. Of course, these are just rude metaphors. In fact, soket is used to encapsulate packets sent by protocols such as tcp/udp: it is equivalent to food packaging, adding the port port number, process number, and so on, and then sending it to the other party, and then the other party puts back the specific data according to the package of the data. In this way, the direct communication between various processes between the network does not interfere with each other. Just like couriers and couriers, whose express delivery, who will collect it, the route is to your home.

The tools available in linux:

Netstat command

Instructions for man documentation help:

Netstat-Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

Print network connection, routing table, interface statistics, camouflage connection, multicast connection and other information.

Description of options:

Netstat [option]...

-r: displays the routing table

-t: related to established tcp protocols

-u: related to established udp protocols

-w: raw sokect (unpackaged)

-l: in monitoring state

-a: all statu

-n: and digital display IP and port

-e: expand the mode for more status information

-p: displays related processes and PID

Commonly used in combination:

Find out the network connection:

Netstat-tan displays all tcp-related connection status

Netstat-uan displays all udp-related connection status

Netstat-tnl shows tcp connections for all listening statu

Netstat-unl shows udp connections for all listening statu

Display the routing table:

Netstat-rn displays kernel routing table without reverse parsing

Display interface statistics:

Netstat-I # displays the status of all network interface information

Netstat-I=FACE_NAME # displays the specified device information status

Example: netstat-I=eth0 # displays eth0 device data connection status information

Ss command

Ss-another utility to investigate sockets

This is another tool for displaying socket information. The netstat command traverses proc to get socket information, as well as old commands. Ss uses netlink to communicate with kernel tcp_diga modules to get socket information, which is more accurate.

Introduction to format and options:

Ss [option] [FILTER]

Option:

-t: related to tcp protocol

-u: related to udp protocol

-w: naked socket character related

-x: unix sock system kernel related

-l: connection of listen snooping statu

-a: all connections

-n: numeric format

-p: related programs and PID

-e: extended information

-m: memory usage

-o: timer information

FILTER: = [state TCP-STATE] [EXPRESSION]

Standard status of TCP:

LISTEN: monitoring

ESTABLISHED: established connection

FIN_WAIT_1

FIN_WAIT_2

SYN_SENT

SYN_RECV

CLOSED shuts down

EXPRESSION:

Dport = # destination port

Sport = # Source Port

Example:'(dport =: ssh or sport =: ssh)'

Common combinations:

Ss-tan# all tcp connection statu

Ss-tanl # tcp status of all monitors

Ss-tanlp # all listeners to tcp and display process PID

Ss-uan # all udp status

Additional usage:

Ssh-A QUERY# to view the status of the corresponding type or protocol. The QUERY parameter is the type to be specified.

QUERY:

All, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram, unix_stream

Unix_seqpacket, packet_raw, packet_dgram.

The identifier parameters available in TCP-STATE:

All TCP standard status parameters:

Established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed

Close-wait, last-ack, listen, closing.

Complex state parameters:

All the states of all

Connection status of all connections (except for listening and shutting down)

Synchronized all synchronized, except syn-sent, status of all connections

Bucket all maintenance status of scokect and syn-recv

All states of big that are opposite to bucket

Case presentation:

Show all locally opened ports ss-l

[root@localhost www] # ss-l | tail-n 10

Parsing: udp is stateless, so open connections will show that both protocols are listening.

Displays the specific socket opened by each process.

[root@localhost www] # ss-pl | tail-n 10

Show all tcp socket

[root@localhost www] # ss-t-a

Show all UDP Socekt

[root@localhost www] # ss-u-a

Show all established SMTP connections

[root@localhost www] # ss-o state established'(dport =: smtp or sport =: smtp)'

Show all established HTTP connections

[root@localhost www] # ss-o state established'(dport =: http or sport =: http)'

Find all the processes that connect to the X server

[root@localhost www] # ss-x src / tmp/.X11-unix/*

List the number of sockets for each current protocol

[root@localhost www] # ss-s

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.