在Linux零碎上,咱们能够通过 [ip] , [netstat] 或者 [ethtool] 命令显示网络接口抛弃数据包的统计信息。接下来咱们看看如何应用每个命令。
应用netstat按接口显示数据包
其实 [netstat] 命令曾经过期,可应用命令 [ip] 和 [ss] 来代替。然而 [netstat] 仍然在一些旧的Linux散发版本上可用,因而在 ip/ss 不可用的状况,咱们能够应用netstat,其语法如下
netstat -inetstat --interfaces例如
~$ netstat -iKernel Interface tableIface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flgdocker0 1500 0 188180 0 0 0 151852 0 0 0 BMRUeth0 1500 0 472368 0 0 0 375351 0 0 0 BMRUlo 65536 0 51687 0 0 0 51687 0 0 0 LRUvethc8f46ea 1500 0 136984 0 0 0 79587 0 0 0 BMRU如果想显示每种协定的概要统计信息,能够执行
netstat -snetstat --statistics例如
$ netstat -sIp: 527622 total packets received 19 with invalid addresses 329762 forwarded 0 incoming packets discarded 191137 incoming packets delivered 568337 requests sent outIcmp: 8 ICMP messages received 8 input ICMP message failed. ICMP input histogram: destination unreachable: 7 timeout in transit: 1 5 ICMP messages sent 0 ICMP messages failed ICMP output histogram: destination unreachable: 5IcmpMsg: InType3: 7 InType11: 1 OutType3: 5Tcp: 2509 active connections openings 26 passive connection openings 748 failed connection attempts 14 connection resets received 4 connections established 182968 segments received 241886 segments send out 72 segments retransmited 279 bad segments received. 1844 resets sent InCsumErrors: 279Udp: 8067 packets received 5 packets to unknown port received. 0 packet receive errors 11440 packets sent只显示tcp的信息
netstat -s -tnetstat --statistics --tcp只显示udp的信息
netstat -s -unetstat --statistics --udp应用ip命令显示网络接口数据包信息
如果要显示所有接口的统计信息,命令如下
ip -s link如果要显示某一个接口的,则制订接口名
ip -s link show {interface}例如
$ ip -s link show eth02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 00:16:3e:02:c8:e3 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 377786943 473945 0 0 0 0 TX: bytes packets errors dropped carrier collsns 266024587 377467 0 0 0 0RX批示了接管的数据包,TX批示了发送的数据包。
应用ethtool命令查问指定网络接口的信息
能够应用 -S 或者 --statistics 选项来显示统计信息,语法如下
ethtool -S {device}例如
❯ ethtool -S wlan1NIC statistics: rx_packets: 487703 rx_bytes: 207474712 rx_duplicates: 180 rx_fragments: 487682 rx_dropped: 19952 tx_packets: 141579 tx_bytes: 34804215 tx_filtered: 0 tx_retry_failed: 0 tx_retries: 19541 sta_state: 4 txrate: 400000000 rxrate: 360000000 signal: 201 channel: 0 noise: 18446744073709551615 ch_time: 18446744073709551615 ch_time_busy: 18446744073709551615 ch_time_ext_busy: 18446744073709551615 ch_time_rx: 18446744073709551615 ch_time_tx: 18446744073709551615还能够间接应用cat或者column命令来查问 /proc/net/dev 文件,例如
❯ column -t /proc/net/devInter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 230352757 1201722 0 0 0 0 0 0 230352757 1201722 0 0 0 0 0 0eth0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0wlan1: 1346770664 2865963 0 14 0 0 0 0 282983658 1154942 0 0 0 0 0 0br-13cb4d22d1c8: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0br-44561b4ee062: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0br-70b0dad49865: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0docker0: 6824830 44848 0 0 0 0 0 0 133304965 47104 0 0 0 0 0 0vetheb8b528: 2360070 13321 0 0 0 0 0 0 60431688 18817 0 0 0 0 0 0vetha4dc663: 461283 2464 0 0 0 0 0 0 2981558 2302 0 0 0 0 0 0补充:如何诊断数据包抛弃的起因
发现网络数据有被抛弃的请,想找出起因,这里介绍一个工具 dropwath。
首先应用须要本人编译装置该工具,上面示例在Ubuntu上编译装置:
sudo apt-get install libpcap-dev libnl-3-dev libnl-genl-3-dev binutils-dev libreadline6-dev autoconf libtool pkg-config build-essentialgit clone https://github.com/nhorman/dropwatch.gitcd dropwatch./autogen.sh./configuremakemake install而后能够运行dropwatch进行监控
$ dropwatch -l kasInitializing kallsyms dbdropwatch> helpCommand Syntax:exit - Quit dropwatchhelp - Display this messageset: alertlimit <number> - capture only this many alert packets alertmode <mode> - set mode to "summary" or "packet" trunc <len> - truncate packets to this length. Only applicable when "alertmode" is set to "packet" queue <len> - queue up to this many packets in the kernel. Only applicable when "alertmode" is set to "packet" sw <true | false> - monitor software drops hw <true | false> - monitor hardware dropsstart - start capturestop - stop captureshow - show existing configurationstats - show statisticsdropwatch>还能够通过 [tcpdump] 进行网络抓包,而后应用 [wireshark] 来进行剖析。