关于linux:如何在Linux上显示网络接口数据包统计信息

65次阅读

共计 3670 个字符,预计需要花费 10 分钟才能阅读完成。

在 Linux 零碎上,咱们能够通过 [ip] , [netstat] 或者 [ethtool] 命令显示网络接口抛弃数据包的统计信息。接下来咱们看看如何应用每个命令。

应用 netstat 按接口显示数据包

其实 [netstat] 命令曾经过期,可应用命令 [ip] 和 [ss] 来代替。然而 [netstat] 仍然在一些旧的 Linux 散发版本上可用,因而在 ip/ss 不可用的状况,咱们能够应用 netstat,其语法如下

netstat -i
netstat --interfaces

例如

~$ netstat -i
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0    1500 0    188180      0      0 0        151852      0      0      0 BMRU
eth0       1500 0    472368      0      0 0        375351      0      0      0 BMRU
lo        65536 0     51687      0      0 0         51687      0      0      0 LRU
vethc8f46ea  1500 0    136984      0      0 0         79587      0      0      0 BMRU

如果想显示每种协定的概要统计信息,能够执行

netstat -s
netstat --statistics

例如

$ netstat -s
Ip:
    527622 total packets received
    19 with invalid addresses
    329762 forwarded
    0 incoming packets discarded
    191137 incoming packets delivered
    568337 requests sent out
Icmp:
    8 ICMP messages received
    8 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 7
        timeout in transit: 1
    5 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 5
IcmpMsg:
        InType3: 7
        InType11: 1
        OutType3: 5
Tcp:
    2509 active connections openings
    26 passive connection openings
    748 failed connection attempts
    14 connection resets received
    4 connections established
    182968 segments received
    241886 segments send out
    72 segments retransmited
    279 bad segments received.
    1844 resets sent
    InCsumErrors: 279
Udp:
    8067 packets received
    5 packets to unknown port received.
    0 packet receive errors
    11440 packets sent

只显示 tcp 的信息

netstat -s -t
netstat --statistics --tcp

只显示 udp 的信息

netstat -s -u
netstat --statistics --udp

应用 ip 命令显示网络接口数据包信息

如果要显示所有接口的统计信息,命令如下

ip -s link

如果要显示某一个接口的,则制订接口名

ip -s link show {interface}

例如

$ ip -s link show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:16:3e:02:c8:e3 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    377786943  473945   0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    266024587  377467   0       0       0       0

RX 批示了接管的数据包,TX 批示了发送的数据包。

应用 ethtool 命令查问指定网络接口的信息

能够应用 -S 或者 –statistics 选项来显示统计信息,语法如下

ethtool -S {device}

例如

❯ ethtool -S wlan1
NIC statistics:
     rx_packets: 487703
     rx_bytes: 207474712
     rx_duplicates: 180
     rx_fragments: 487682
     rx_dropped: 19952
     tx_packets: 141579
     tx_bytes: 34804215
     tx_filtered: 0
     tx_retry_failed: 0
     tx_retries: 19541
     sta_state: 4
     txrate: 400000000
     rxrate: 360000000
     signal: 201
     channel: 0
     noise: 18446744073709551615
     ch_time: 18446744073709551615
     ch_time_busy: 18446744073709551615
     ch_time_ext_busy: 18446744073709551615
     ch_time_rx: 18446744073709551615
     ch_time_tx: 18446744073709551615

还能够间接应用 cat 或者 column 命令来查问 /proc/net/dev 文件,例如

❯ column -t /proc/net/dev
Inter-|           Receive     |        Transmit                                                                                                              
face              |bytes      packets  errs      drop  fifo  frame  compressed  multicast|bytes  packets    errs     drop  fifo  colls  carrier  compressed  
lo:               230352757   1201722  0         0     0     0      0           0                230352757  1201722  0     0     0      0        0           0
eth0:             0           0        0         0     0     0      0           0                0          0        0     0     0      0        0           0
wlan1:            1346770664  2865963  0         14    0     0      0           0                282983658  1154942  0     0     0      0        0           0
br-13cb4d22d1c8:  0           0        0         0     0     0      0           0                0          0        0     0     0      0        0           0
br-44561b4ee062:  0           0        0         0     0     0      0           0                0          0        0     0     0      0        0           0
br-70b0dad49865:  0           0        0         0     0     0      0           0                0          0        0     0     0      0        0           0
docker0:          6824830     44848    0         0     0     0      0           0                133304965  47104    0     0     0      0        0           0
vetheb8b528:      2360070     13321    0         0     0     0      0           0                60431688   18817    0     0     0      0        0           0
vetha4dc663:      461283      2464     0         0     0     0      0           0                2981558    2302     0     0     0      0        0           0

补充:如何诊断数据包抛弃的起因

发现网络数据有被抛弃的请,想找出起因,这里介绍一个工具 dropwath。

首先应用须要本人编译装置该工具,上面示例在 Ubuntu 上编译装置:

sudo apt-get install libpcap-dev libnl-3-dev libnl-genl-3-dev binutils-dev libreadline6-dev autoconf libtool pkg-config build-essential

git clone https://github.com/nhorman/dropwatch.git
cd dropwatch
./autogen.sh
./configure
make
make install

而后能够运行 dropwatch 进行监控

$ dropwatch -l kas
Initializing kallsyms db
dropwatch> help
Command Syntax:
exit                             - Quit dropwatch
help                             - Display this message
set:
        alertlimit <number>      - capture only this many alert packets
        alertmode <mode>         - set mode to "summary" or "packet"
        trunc <len>              - truncate packets to this length. Only applicable when "alertmode" is set to "packet"
        queue <len>              - queue up to this many packets in the kernel. Only applicable when "alertmode" is set to "packet"
        sw <true | false>        - monitor software drops
        hw <true | false>        - monitor hardware drops
start                            - start capture
stop                             - stop capture
show                             - show existing configuration
stats                            - show statistics
dropwatch>

还能够通过 [tcpdump] 进行网络抓包,而后应用 [wireshark] 来进行剖析。

正文完
 0