懷疑服務器存在異常流量排查日記,使用ifconfig,nethogs等命令
阿新 • • 發佈:2018-06-06
ifconfignethog 流量異常 懷疑服務器存在異常流量排查日記
一、用ifconfig查看網卡流量
root@AP ~]# ifconfig
eth4 Link encap:Ethernet HWaddr 00:50:56:0A:A6:E9
inet addr:192.168.1.91 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fa70::220:58af:faba:6e8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21148074982 errors:0 dropped:0 overruns:0 frame:0
TX packets:21944211957 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7069850347226 (6.4 TiB) TX bytes:8936760647131 (8.1 TiB)
一、用ifconfig查看網卡流量
root@AP ~]# ifconfig
eth4 Link encap:Ethernet HWaddr 00:50:56:0A:A6:E9
inet addr:192.168.1.91 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fa70::220:58af:faba:6e8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21148074982 errors:0 dropped:0 overruns:0 frame:0
collisions:0 txqueuelen:1000
RX bytes:7069850347226 (6.4 TiB) TX bytes:8936760647131 (8.1 TiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:13894306 errors:0 dropped:0 overruns:0 frame:0 TX packets:13894306 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:6506280062 (6.0 GiB) TX bytes:6506280062 (6.0 GiB) virbr0 Link encap:Ethernet HWaddr 52:34:40:A1:04:BF inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:26979 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:1243664 (1.1 MiB)
二、nethogs進一步定位流量消耗的進程
1、下載RPM包:
http://rpm.pbone.net/index.php3/stat/4/idpl/40930296/dir/redhat_el_6/com/nethogs-0.8.5-1.el6.x86_64.rpm.html
選擇如下rpm:
nethogs-0.8.5-1.el6.x86_64.rpm
2、安裝 [root@AP yum.repos.d]# cd /tmp [root@AP tmp]# rpm -ivh nethogs-0.8.5-1.el6.x86_64.rpm warning: nethogs-0.8.5-1.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY Preparing... ########################################### [100%] 1:nethogs ########################################### [100%] [root@AP tmp]# NetHogs使用 [root@AP tmp]# nethogs NetHogs提供交互式控制指令: m : Cycle between display modes (kb/s, kb, b, mb) 切換網速顯示單位 r : Sort by received. 按接收流量排序 s : Sort by sent. 按發送流量排序 q : Quit and return to the shell prompt. 退出NetHogs命令工具
三、找到進程ID後進一步查進程信息
[root@AP ~]# ps -fe|grep 29640
root 9660 9385 0 17:03 pts/4 00:00:00 grep 29640
root 29640 1 52 10:13 pts/3 03:36:56 /usr/java/jdk1.7.0_79/bin/java -server -XX:PermSize=256m -XX:MaxPermSize=512m -Djetty.state=/home/jetty-distribution-7.6.16.v20170903/jetty.state -Djetty.home=/home/jetty-distribution-7.6.16.v20170903 -Djava.io.tmpdir=/tmp -jar /home/jetty-distribution-7.6.16.v20170903/start.jar etc/jetty-logging.xml etc/jetty-started.xml
[root@AP ~]#
懷疑服務器存在異常流量排查日記,使用ifconfig,nethogs等命令