目录
tcpdump 抓包
个人比较喜欢用wireshark,所以希望可以用tcpdump来抓出完整的数据包,命令如下:
tcpdump -i bond0 -s 0 -w test.pcap
# -s 0 时表示将数据包的大小设置最大,一般是65535
# -i 表示需要抓包的接口
# -w 表示输出成文件,后面加文件名
抓指定端口/类型的包
tcpdump -i any -nnnvvvSs0 port 80 or icmp -w test.pcap
# 抓取所有接口的 HTTP 报文和 ICMP 报文
查看接口的包统计
直接在下列路径中查看信息
ls /sys/class/net/ens192/statistics/
collisions rx_crc_errors rx_frame_errors rx_packets tx_compressed tx_heartbeat_errors
multicast rx_dropped rx_length_errors tx_aborted_errors tx_dropped tx_packets
rx_bytes rx_errors rx_missed_errors tx_bytes tx_errors tx_window_errors
rx_compressed rx_fifo_errors rx_over_errors tx_carrier_errors tx_fifo_errors
cat /sys/class/net/ens192/statistics/rx_errors
2
使用 ethtool -S查看
ethtool -S ens192
NIC statistics:
Tx Queue#: 0
TSO pkts tx: 123
TSO bytes tx: 719988
ucast pkts tx: 70199
ucast bytes tx: 11555152
mcast pkts tx: 0
mcast bytes tx: 0
bcast pkts tx: 0
bcast bytes tx: 0
pkts tx err: 0
pkts tx discard: 0
drv dropped tx total: 0
too many frags: 0
giant hdr: 0
hdr err: 0
tso: 0
ring full: 0
pkts linearized: 0
hdr cloned: 0
giant hdr: 0
Tx Queue#: 1
TSO pkts tx: 1947
TSO bytes tx: 7245407
ucast pkts tx: 73105
ucast bytes tx: 19277667
mcast pkts tx: 0
mcast bytes tx: 0
bcast pkts tx: 0
bcast bytes tx: 0
pkts tx err: 0
pkts tx discard: 0
drv dropped tx total: 0
too many frags: 0
giant hdr: 0
hdr err: 0
tso: 0
ring full: 0
pkts linearized: 0
hdr cloned: 0
giant hdr: 0
Tx Queue#: 2
TSO pkts tx: 2807
TSO bytes tx: 11056731
ucast pkts tx: 44023
ucast bytes tx: 27165411
mcast pkts tx: 1
mcast bytes tx: 90
bcast pkts tx: 0
bcast bytes tx: 0
pkts tx err: 0
pkts tx discard: 0
drv dropped tx total: 0
too many frags: 0
giant hdr: 0
hdr err: 0
tso: 0
ring full: 0
pkts linearized: 0
hdr cloned: 0
giant hdr: 0
Tx Queue#: 3
TSO pkts tx: 563
TSO bytes tx: 4512342
ucast pkts tx: 90701
ucast bytes tx: 13327927
mcast pkts tx: 0
mcast bytes tx: 0
bcast pkts tx: 5
bcast bytes tx: 210
pkts tx err: 0
pkts tx discard: 0
drv dropped tx total: 0
too many frags: 0
giant hdr: 0
hdr err: 0
tso: 0
ring full: 0
pkts linearized: 0
hdr cloned: 0
giant hdr: 0
Rx Queue#: 0
LRO pkts rx: 0
LRO byte rx: 0
ucast pkts rx: 86203
ucast bytes rx: 60258838
mcast pkts rx: 0
mcast bytes rx: 0
bcast pkts rx: 4793
bcast bytes rx: 533243
pkts rx OOB: 0
pkts rx err: 2
drv dropped rx total: 0
err: 0
fcs: 0
rx buf alloc fail: 0
Rx Queue#: 1
LRO pkts rx: 0
LRO byte rx: 0
ucast pkts rx: 97957
ucast bytes rx: 88863336
mcast pkts rx: 0
mcast bytes rx: 0
bcast pkts rx: 18
bcast bytes rx: 3595
pkts rx OOB: 0
pkts rx err: 0
drv dropped rx total: 0
err: 0
fcs: 0
rx buf alloc fail: 0
Rx Queue#: 2
LRO pkts rx: 0
LRO byte rx: 0
ucast pkts rx: 78741
ucast bytes rx: 50341638
mcast pkts rx: 0
mcast bytes rx: 0
bcast pkts rx: 424
bcast bytes rx: 43566
pkts rx OOB: 0
pkts rx err: 0
drv dropped rx total: 0
err: 0
fcs: 0
rx buf alloc fail: 0
Rx Queue#: 3
LRO pkts rx: 0
LRO byte rx: 0
ucast pkts rx: 123592
ucast bytes rx: 108195680
mcast pkts rx: 0
mcast bytes rx: 0
bcast pkts rx: 426
bcast bytes rx: 60455
pkts rx OOB: 0
pkts rx err: 0
drv dropped rx total: 0
err: 0
fcs: 0
rx buf alloc fail: 0
tx timeout count: 0
查看物理网卡信息
# lshw -class network
*-network
description: Ethernet interface
product: 82579LM Gigabit Network Connection
vendor: Intel Corporation
physical id: 19
bus info: pci@0000:00:19.0
logical name: enp0s25
version: 04
serial: 3c:97:0e:02:98:c8
capacity: 1Gbit/s
width: 32 bits
clock: 33MHz
capabilities: pm msi bus_master cap_list ethernet physical tp 10bt 10bt-fd
configuration: autonegotiation=on broadcast=yes driver=e1000e driverversion
resources: irq:50 memory:f1600000-f161ffff memory:f162a000-f162afff ioport: