在Linux系统上,我们可以通过 [ip] , [netstat] 或者 [ethtool] 命令显示网络接口丢弃数据包的统计信息。接下来我们看看如何使用每个命令。
使用netstat按接口显示数据包
其实 [netstat] 命令已经过时,可使用命令 [ip] 和 [ss] 来代替。但是 [netstat] 依然在一些旧的Linux分发版本上可用,因此在 ip/ss 不可用的情况,我们可以使用netstat,其语法如下
netstat -i
netstat --interfaces
例如
~$ netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0 1500 0 188180 0 0 0 151852 0 0 0 BMRU
eth0 1500 0 472368 0 0 0 375351 0 0 0 BMRU
lo 65536 0 51687 0 0 0 51687 0 0 0 LRU
vethc8f46ea 1500 0 136984 0 0 0 79587 0 0 0 BMRU
如果想显示每种协议的概要统计信息,可以执行
netstat -s
netstat --statistics
例如
$ netstat -s
Ip:
527622 total packets received
19 with invalid addresses
329762 forwarded
0 incoming packets discarded
191137 incoming packets delivered
568337 requests sent out
Icmp:
8 ICMP messages received
8 input ICMP message failed.
ICMP input histogram:
destination unreachable: 7
timeout in transit: 1
5 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 5
IcmpMsg:
InType3: 7
InType11: 1
OutType3: 5
Tcp:
2509 active connections openings
26 passive connection openings
748 failed connection attempts
14 connection resets received
4 connections established
182968 segments received
241886 segments send out
72 segments retransmited
279 bad segments received.
1844 resets sent
InCsumErrors: 279
Udp:
8067 packets received
5 packets to unknown port received.
0 packet receive errors
11440 packets sent
只显示tcp的信息
netstat -s -t
netstat --statistics --tcp
只显示udp的信息
netstat -s -u
netstat --statistics --udp
使用ip命令显示网络接口数据包信息
如果要显示所有接口的统计信息,命令如下
ip -s link
如果要显示某一个接口的,则制定接口名
ip -s link show {interface}
例如
$ ip -s link show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:16:3e:02:c8:e3 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
377786943 473945 0 0 0 0
TX: bytes packets errors dropped carrier collsns
266024587 377467 0 0 0 0
RX指示了接收的数据包,TX指示了发送的数据包。
使用ethtool命令查询指定网络接口的信息
可以使用 -S 或者 --statistics 选项来显示统计信息,语法如下
ethtool -S {device}
例如
❯ ethtool -S wlan1
NIC statistics:
rx_packets: 487703
rx_bytes: 207474712
rx_duplicates: 180
rx_fragments: 487682
rx_dropped: 19952
tx_packets: 141579
tx_bytes: 34804215
tx_filtered: 0
tx_retry_failed: 0
tx_retries: 19541
sta_state: 4
txrate: 400000000
rxrate: 360000000
signal: 201
channel: 0
noise: 18446744073709551615
ch_time: 18446744073709551615
ch_time_busy: 18446744073709551615
ch_time_ext_busy: 18446744073709551615
ch_time_rx: 18446744073709551615
ch_time_tx: 18446744073709551615
还可以直接使用cat或者column命令来查询 /proc/net/dev 文件,例如
❯ column -t /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 230352757 1201722 0 0 0 0 0 0 230352757 1201722 0 0 0 0 0 0
eth0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
wlan1: 1346770664 2865963 0 14 0 0 0 0 282983658 1154942 0 0 0 0 0 0
br-13cb4d22d1c8: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
br-44561b4ee062: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
br-70b0dad49865: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
docker0: 6824830 44848 0 0 0 0 0 0 133304965 47104 0 0 0 0 0 0
vetheb8b528: 2360070 13321 0 0 0 0 0 0 60431688 18817 0 0 0 0 0 0
vetha4dc663: 461283 2464 0 0 0 0 0 0 2981558 2302 0 0 0 0 0 0
补充:如何诊断数据包丢弃的原因
发现网络数据有被丢弃的请,想找出原因,这里介绍一个工具 dropwath。
首先使用需要自己编译安装该工具,下面示例在Ubuntu上编译安装:
sudo apt-get install libpcap-dev libnl-3-dev libnl-genl-3-dev binutils-dev libreadline6-dev autoconf libtool pkg-config build-essential
git clone https://github.com/nhorman/dropwatch.git
cd dropwatch
./autogen.sh
./configure
make
make install
然后可以运行dropwatch进行监控
$ dropwatch -l kas
Initializing kallsyms db
dropwatch> help
Command Syntax:
exit - Quit dropwatch
help - Display this message
set:
alertlimit <number> - capture only this many alert packets
alertmode <mode> - set mode to "summary" or "packet"
trunc <len> - truncate packets to this length. Only applicable when "alertmode" is set to "packet"
queue <len> - queue up to this many packets in the kernel. Only applicable when "alertmode" is set to "packet"
sw <true | false> - monitor software drops
hw <true | false> - monitor hardware drops
start - start capture
stop - stop capture
show - show existing configuration
stats - show statistics
dropwatch>
还可以通过 [tcpdump] 进行网络抓包,然后使用 [wireshark] 来进行分析。
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用
。你还可以使用@
来通知其他用户。