Catalog

netcat(nc)

Network state detection tool

ifconfig and ip

netstat and ss

Network packet capturing tool

tcpdump

Wireshark

Other common tools

sar

nslookup

dstat

netcat(nc)

abbreviation nc, go by the name of “ Swiss Army knife ”, Use nc-h View help documents .
ncat Many parameters are related to nc identical , The difference is nc It's plaintext transmission , Lack of Authentication , and ncat It makes up for these shortcomings .
The main role ：
1、telnet Remote login
2、 Port scanning
3、 Transmitting text messages
4、 Transfer files and directories
5、 Encrypt the transfer file

Network state detection tool

ifconfig and ip

Ifconfig and ip Used to view network configuration ：

The output indicators of the two are basically the same , Only the display format is different ,ip It has richer functions and easier interfaces .
Output contents include ： The status flag of the network interface 、MTU size 、IP、 subnet 、MAC Address and network packet statistics .
There are several indicators closely related to network performance that need attention ：
（1） The status flag of the network interface ：ifconfig In the output RUNNING perhaps ip In the output LOWER_UP, Indicates that the physical network is connected , If you can't see them , Usually, the network cable may be unplugged ;
（2） The number of bytes sent and received by the network 、 Number of packages 、 The number of errors and packet loss , especially TX and RX Part of the errors、dropped、overruns Equal index , If not for 0, It usually means that there is a network I/O problem .

netstat and ss

Both are used to view sockets 、 Network interface and routing table information ,ss And netstat The output of is similar , however ss Better performance .
netstat The grammar format is netstat [ Options ].

Output contents include ： Socket state 、 Receiving queue 、 Sending queue 、 Local address 、 Remote address 、 process PID And process name, etc .
Among them, the receiving queue needs special attention （Recv-Q） And send queue （Send-Q）, The two values should usually be 0, If the 0, It indicates that there is the accumulation of network packets , But in different socket States , They have different meanings .
netstat The commonly used options are ：

netstat The main uses are ：
（1） View port services ：netstat -antp | grep 22
among -a Parameter indicates that all ports are displayed ;-n It means to use directly ip Address , Not through the domain name server ;-t Parameters indicate display TCP The port of the transmission protocol ;-p Indicates that the display is in use socket Program identification code and program name ;
（2） Find out the port where the program runs

（3） Display network statistics

（4） Show routing information

Network packet capturing tool

tcpdump and Wireshark It is a commonly used network packet capturing and analysis tool , among tcpdump Only the command line format is supported ,Wireshark Besides being able to grab bags , Provides a graphical interface and summary analysis tools , When analyzing complex network scenarios , More applicable . When actually analyzing network performance , First use tcpdump Grab the bag , Reuse Wireshark analysis , It's also a common method .

tcpdump

Grammar format ：
tcpdump [ -DenNqvX ] [ -c count ] [ -F file ] [ -i interface ] [ -r file ][ -s snaplen ] [ -w file ] [ expression ]
Common options and filter expressions ：

Wireshark

Can be tcpdump The captured network packets are saved in a file , use Wireshark open .
$ tcpdump -nn host 93.184.216.34 -w web.pcap
Open the interface as follows ：

Wireshark The display format is more regular and clear , You can also view the details of network packets at each layer of the protocol stack ：
In the menu bar, click Statistics -> Flow Graph, then , In the pop-up interface Flow type choice TCP Flows, You can see it more clearly , The whole process TCP The execution of the flow ：
This is similar to the three handshakes and four waves I have learned , But all of them only wave their hands three times , Because the server handle ACK and FIN The merge was sent together .

Other common tools

sar

sar（System ActivityReporter System activity report ） Is currently the Linux One of the most comprehensive system performance analysis tools on , The activities of the system can be reported from many aspects , Include ： Reading and writing of documents 、 Usage of system calls 、 disk I/O、CPU efficiency 、 Memory usage 、 Process activities and IPC Related activities, etc .

nslookup

nslookup Used for query DNS The record of , Check whether domain name resolution is normal , Used to diagnose network problems in case of network failure .

dstat

dstat Is a replaceable vmstat、iostat、netstat、ifstat These command tools , It's an all-round system information statistics tool .
Use dstat Will be displayed CPU、 disk I/O、 The overall usage of network and memory resources and the number of interrupts and context interrupts are two key system indicators , Take network resources as an example ,dstat It can also output some key indicators about the network ：
$ dstat –tcp
------tcp-sockets-------
lis act syn tim clo
27 38 0 0 0
27 38 0 0 0
The meaning of these indicators is ：
(1)Lis : Indicates that you are listening （Listen） The number of connections to the state ;
(2)Act： Indicates that you are connected （ESTABLISHED） The number of connections to the state ;
(3)Syn： The number of connections in the three handshake stage , If the index is too large , It often means that there are a lot of TCP New connection request ;
(4)Tim： be in TIME-WAIT The number of connections to the state ;
(5)Clo： be in CLOSE-WAIT The number of connections to the state , If there are too many items , It often means that the application exists bug, No initiative to call close() To close these connections .