ͳ¼ÆÁ¬½ÓÊý״̬(LinuxÍøÂçÁ¬½Ó״̬¼ì²é£¡)

ͳ¼ÆÁ¬½ÓÊý״̬£º
LinuxÍøÂçÁ¬½Ó״̬¼ì²é£¡
¼ì²élinuxµÄÍøÂçÁ¬½Ó״̬ÆäʵºÜ¼òµ¥£¬ÀûÓÃLinuxÄÚÖõÄһЩÃüÁîºÍSHELLµÄ¼¸¸öС¼¼ÇɾͿÉÒÔÍê³É¿´ËƸ´Ôӵļì²éÈÎÎñ£¬ÕâÒ²ÊÇLinuxµÄ÷ÈÁ¦Ö®Ò»£¡
×î»ù±¾µÄ£¬
netstat -atn
¸ÃÃüÁîµÄ½âÊÍÊÇÁгö»ùÓÚTCPЭÒé(-t)µÄËùÓÐÁ¬½Ó£¬²¢½«Í¨ÐÅË«·½ÒÔIPµØÖ·µÄ£¨-n)µÄ·½Ê½ÏÔʾ£¬¶ø²»ÊÇÖ÷»úÃû£¡£¡
netstat -atn | cut -b 49-75 | grep -o -P "\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b" | sort | uniq -c | sort -n -r -k 1,7 | head -10
ÕâÐÐÃüÁîÓÃÀ´·ÖÎönetstatµÄÊä³ö½á¹û£¬×îºóµÃ³öµÄÊÇÄ¿Ç°´¦ÓÚÁ¬½ÓÖеIJ»Í¬µÄIPµØÖ·£»Õâ¸öÃüÁîÔÚUbuntu£¨cut -b 45-75)Éϲ»ÄÜʵÏÖ£¬ÕâÊDz»Í¬µÄLinux¶ÔÓÚһЩ»ù±¾ÃüÁîµÄʵÏÖ²»Í¬£¨±àÒëµÄÑ¡ÏîºÍ²ÎÊý²»Ò»Ö£©£¬µ«ÊÇubuntuÉÏ¿ÉÒÔÓÃÏÂÃæµÄÃüÁîʵÏÖÏàËƵŦÄÜ£¬
netstat -atn | cut -b 45-75 | cut -d':' -f1 |sort | uniq -c | sort -n -r -k 1,7 | head -10
ΨһµÄȱµãÊDz»ÓÃÕýÔò±í´ïʽµÄÇé¿öÏÂtitleÄÚÈÝÐÐÒ²±»·ÅÁ˽øÀ´£¬µ±È»»¹¿ÉÒÔÓÃһЩÃüÁîÈ¥³ýÕâЩÎÄ×ÖÐУ¬ÕâÀï¾Í²»Õ¹¿ªÁË£¡
netstat -atn |cut -b 77-90 £ü sort | uniq -c ÊÇÁгöÿ¸öÁ¬½ÓµÄ״̬²¢Í³¼Æ£¡
¶ÔÓÚnetstatÃüÁîÊä³öµÄ·ÖÎöÆäʵ»¹Óкܶ෽·¨£¬Õâ¶ù¾Í²»ÔÙÁо٣¡
time tcpdump -ns 200 -c 100 '(dst port http or dst port https) and tcp[13] & 2!=0' | grep -o -P '\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}.\d{1,5}\s\>' | cut -d '.' -f 1-4 | sort | uniq -c | sort -n -r -k 1,7 | head -25
Õâ¸öÃüÁîÊǶÔÓÚ100¸ö°üÖÐÓжàÉÙ¸öÐÂÁ¬½ÓÇëÇóµÄͳ¼Æ£¡ÔËÓÃÁËtcpdumpץȡ100¸ö£¨£­c 100£©°ü£¬×îºóÁгöÕâЩÇëÇóµÄIPµØÖ·¡£
ÕâÀïÖ»ÊÇÁ½¸ö¼òµ¥µÄÀý×Ó£¬»¹ÓкܶàÃüÁî×éºÏÔËÓõÄʵÀý¿ÉÒÔ´ó´ó¼Ó¿ìÎÒÃǵŤ×÷ЧÂÊ£¬ÕâЩ¶¼Ö»ÒªºÏÀíÔËÓÃLinuxµÄÃüÁî¾Í¿ÉÒÔÁË£¡£¡
²é¿´http½ø³ÌÊý£º
[root@localhost conf]# ps -ef|grep httpd|wc -l
½á¹û - 1 (ÒòΪ°üº¬ÁËgrep httpdÕâ¸ö½ø³Ì)
 
 
[root@localhost conf]# netstat -n|awk '/^tcp/{++S[$NF]} END {for(a in S) print a,S[a]}'
LAST_ACK 173
SYN_RECV 35
CLOSE_WAIT 159
ESTABLISHED 152
FIN_WAIT1 29
FIN_WAIT2 10
CLOSING 39
TIME_WAIT 103