赞
踩
[root@localhost ~]# cat /proc/sys/net/ipv4/tcp_wmem
4096 16384 4194304
tcp_wmem 中这三个数字的含义分别为 min、default、max。TCP 发送缓冲区的大小会在 min 和 max 之间动态调整,初始的大小是 default,这个动态调整的过程是由内核自动来做的,应用程序无法干预。自动调整的目的,是为了在尽可能少的浪费内存的情况下来满足发包的需要。
(3)
--route , -r
Display the kernel routing tables
等价于:
route
show / manipulate the IP routing table
ip - show / manipulate routing, devices, policy routing and tunnels
route - routing table entry.
ip route
(4)
--groups , -g
Display multicast group membership information for IPv4 and IPv6.
(5)
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
(6)
--protocol=family , -A
Specifies the address families (perhaps better described as low level protocols) for which connections are to be shown. family is a comma (',') separated list of address family keywords like
inet, inet6, unix, ipx, ax25, netrom, econet, and ddp. This has the same effect as using the --inet|-4, --inet6|-6, --unix|-x, --ipx, --ax25, --netrom, and --ddp options.
The address family inet (Iv4) includes raw, udp, udplite and tcp protocol sockets.
(7)
-p, --program
Show the PID and name of the program to which each socket belongs.
(8)
-l, --listening
Show only listening sockets. (These are omitted by default.)
[root@localhost ~]# netstat -tnp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 xx.xx.xx.xxx:22 xx.xx.xx.xx:xxxxx ESTABLISHED 28440/sshd: root@no
tcp 0 0 xx.xx.xx.xxx:22 xx.xx.xx.xx:xxxxx ESTABLISHED 27357/sshd: root@pt
tcp 0 0 xx.xx.xx.xxx:22 xx.xx.xx.xx:xxxxx ESTABLISHED 27361/sshd: root@no
tcp 0 96 xx.xx.xx.xxx:22 xx.xx.xx.xx:xxxxx ESTABLISHED 28436/sshd: root@pt
Proto
The protocol (tcp, udp, udpl, raw) used by the socket.
Recv-Q
Established: The count of bytes not copied by the user program connected to this socket.
Send-Q
Established: The count of bytes not acknowledged by the remote host.
Local Address
Address and port number of the local end of the socket.
Foreign Address
Address and port number of the remote end of the socket.
State ESTABLISHED The socket has an established connection. SYN_SENT The socket is actively attempting to establish a connection. SYN_RECV A connection request has been received from the network. FIN_WAIT1 The socket is closed, and the connection is shutting down. FIN_WAIT2 Connection is closed, and the socket is waiting for a shutdown from the remote end. TIME_WAIT The socket is waiting after close to handle packets still in the network. CLOSE The socket is not being used. CLOSE_WAIT The remote end has shut down, waiting for the socket to close. LAST_ACK The remote end has shut down, and the socket is closed. Waiting for acknowledgement. LISTEN The socket is listening for incoming connections. CLOSING Both sockets are shut down but we still don't have all our data sent. UNKNOWN The state of the socket is unknown.
其中三次握手过程设计到的State:
其中四次挥手设计到state:
图片来源于:图解网络
User
The username or the user id (UID) of the owner of the socket.
PID/Program name
Slash-separated pair of the process id (PID) and process name of the process that owns the socket.
Linux内核关于state的定义:
// linux-3.10/include/net/tcp\_states.h /\* \* INET An implementation of the TCP/IP protocol suite for the LINUX \* operating system. INET is implemented using the BSD Socket \* interface as the means of communication with the user level. \* \* Definitions for the TCP protocol sk\_state field. \* \* This program is free software; you can redistribute it and/or \* modify it under the terms of the GNU General Public License \* as published by the Free Software Foundation; either version \* 2 of the License, or (at your option) any later version. \*/ #ifndef \_LINUX\_TCP\_STATES\_H #define \_LINUX\_TCP\_STATES\_H enum { TCP_ESTABLISHED = 1, TCP_SYN_SENT, TCP_SYN_RECV, TCP_FIN_WAIT1, TCP_FIN_WAIT2, TCP_TIME_WAIT, TCP_CLOSE, TCP_CLOSE_WAIT, TCP_LAST_ACK, TCP_LISTEN, TCP_CLOSING, /\* Now a valid state \*/ TCP_MAX_STATES /\* Leave at the end! \*/ }; #define TCP\_STATE\_MASK 0xF #define TCP\_ACTION\_FIN (1 << 7) enum { TCPF_ESTABLISHED = (1 << 1), TCPF_SYN_SENT = (1 << 2), TCPF_SYN_RECV = (1 << 3), TCPF_FIN_WAIT1 = (1 << 4), TCPF_FIN_WAIT2 = (1 << 5), TCPF_TIME_WAIT = (1 << 6), TCPF_CLOSE = (1 << 7), TCPF_CLOSE_WAIT = (1 << 8), TCPF_LAST_ACK = (1 << 9), TCPF_LISTEN = (1 << 10), TCPF_CLOSING = (1 << 11) }; #endif /\* \_LINUX\_TCP\_STATES\_H \*/
netstat的显示网络数据的原理通过解析/proc/net/下的文件:
FILES /etc/services -- The services translation file /proc -- Mount point for the proc filesystem, which gives access to kernel status information via the following files. /proc/net/dev -- device information /proc/net/raw -- raw socket information /proc/net/tcp -- TCP socket information /proc/net/udp -- UDP socket information /proc/net/udplite -- UDPLite socket information /proc/net/igmp -- IGMP multicast information /proc/net/unix -- Unix domain socket information ......
我以查看tcp连接为例:
使用strace命令跟踪 netstat -t 过程中调用的open系统调用,然后重定向文件中:
strace -e open netstat -t 2>netstat_log
从结果可以看到 netstat -t 就是通过解析 /proc/net/tcp 文件获取tcp数据来源:
[root@localhost]# cat netstat_log | grep "/proc/net"
open("/proc/net/tcp", O_RDONLY) = 3
open("/proc/net/tcp6", O_RDONLY) = 3
由于/proc/net文件是文本文件,用netstat作为查看tcp临时报告的来源非常方便,只需要awk进行处理。在性能要求高的环境下,监视工具应该使用netlink接口,它以二进制格式传递信息,并避免文本解析的开销,比如ss。
当网络连接数量较多时,netstat解析数据的效率将会变低。现在一般用ss命令来替代netstat。
为了做好运维面试路上的助攻手,特整理了上百道 【运维技术栈面试题集锦】 ,让你面试不慌心不跳,高薪offer怀里抱!
这次整理的面试题,小到shell、MySQL,大到K8s等云原生技术栈,不仅适合运维新人入行面试需要,还适用于想提升进阶跳槽加薪的运维朋友。
本份面试集锦涵盖了
总计 1000+ 道面试题, 内容 又全含金量又高
1、什么是运维?
2、在工作中,运维人员经常需要跟运营人员打交道,请问运营人员是做什么工作的?
3、现在给你三百台服务器,你怎么对他们进行管理?
4、简述raid0 raid1raid5二种工作模式的工作原理及特点
5、LVS、Nginx、HAproxy有什么区别?工作中你怎么选择?
6、Squid、Varinsh和Nginx有什么区别,工作中你怎么选择?
7、Tomcat和Resin有什么区别,工作中你怎么选择?
8、什么是中间件?什么是jdk?
9、讲述一下Tomcat8005、8009、8080三个端口的含义?
10、什么叫CDN?
11、什么叫网站灰度发布?
12、简述DNS进行域名解析的过程?
13、RabbitMQ是什么东西?
14、讲一下Keepalived的工作原理?
15、讲述一下LVS三种模式的工作过程?
16、mysql的innodb如何定位锁问题,mysql如何减少主从复制延迟?
17、如何重置mysql root密码?
网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。
一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!
itMQ是什么东西?
14、讲一下Keepalived的工作原理?
15、讲述一下LVS三种模式的工作过程?
16、mysql的innodb如何定位锁问题,mysql如何减少主从复制延迟?
17、如何重置mysql root密码?
网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。
一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。