This article is an article introducing the skills of managing Linux network performance. It mainly introduces the use of route, netstat, and tcpdump network management test tools and their achievable functions.
route
When configuring the network, you must specify the path that the packet will pass when receiving the packet. On Linux systems, a command route is provided. This command can set a static route for the NIC configured by the ifconfig command. This setup is usually introduced in /etc/rc.d/rc.inet1 and is done at system boot time.
We use a few examples to illustrate how to use the route command:
route add -net 127.0.0.0
This command will add a route to the routing table or a specified route. Note that the network is a Class A address and the mask is set to 255.0.0.0. This newly added entry is connected to the lo device.
route add -net xxx.xxx.xxx.xxx netmask 255.255.255.0 dev eth0
This command adds a route to the host with IP address xxx.xxx.xxx.xxx, its network mask is set to 255.255.255.0.
route del -net xxx.xxx.xxx.xxx
This command will delete the route of the network xxx.xxx.xxx.xxx.
Using the route command can also easily manage the routing information of the entire network, and the output result is the routing table of the network. As shown below:
------------------------------------------- ----------------------
[root@lee /root]#route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.8.224 * 255.255.255.255 UH 0 0 0 eth0
10.10.8.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
Default dgc8.njupt.edu 0.0.0.0 UG 0 0 0 eth0
default dgc8.njupt.edu 0.0.0.0 UG 1 0 0 eth0
[root@lee /root]#
----- -------------------------------------------------- ----------
The meaning of each field in the output result is:
·Destination indicates the destination IP address of the route.
·Gateway indicates the host name or IP address used by the gateway. The "*" output above indicates that there is no gateway.
·Genmask represents the network mask of the route. Before comparing it to the destination address of the route, the kernel sets the route by a bitwise AND operation with the IP address of the Genmask and the packet.
·Flags is a flag indicating a route. The available flags and their meanings are: U indicates that the route is started, H indicates that the target is a host, G indicates that the gateway is used, R indicates that the dynamic route is reset, D indicates dynamic routing, and M indicates that the route is modified! Indicates that the route is rejected.
·Metric represents the unit cost of the route.
·Ref indicates the number of other routes that depend on the current status of the route.
·Use indicates the number of routing table entries being used.
·Iface represents the destination network of the packet sent by the route.
By looking at these output information, we can easily manage the routing table of the network.
netstat
The netstat command is a very useful tool for monitoring TCP/IP networks. It can display routing tables, actual network connections, and status information for each network interface device. After executing netstat on the computer, the output is as follows:
--------------------------------- --------------------------------
[root@lee /root]#netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Types State I-Node Path
Unix 5 [ ] DGRAM 460 /dev/log
Unix 0 [ ] STREAM CONNECTED 173 @00000014
Unix 0 [ ] DGRAM 662
Unix 0 [ ] DGRAM 631
Unix 0 [ ] DGRAM 544
Unix 0 [ ] DGRAM 484
Unix 0 [ ] DGRAM 470
[root@lee /root]#
-------------------- ---------------------------------------------
From the whole On the above, the output of netstat can be divided into two parts: The first part: Active Internet connections, called active TCP connection. In the above output, there is no content in this part, indicating that there is no TCP connection yet. The second part: Active UNIX domain sockets, called active Unix domain sockets. The output shows the connection status of the Unix domain socket:
·Proto shows the protocol used by the connection.
·RefCnt indicates the process number connected to this set of interfaces.
·Types shows the type of socket.
·State displays the current state of the socket.
·Path indicates the path name used by other processes connected to the socket.
You can use netstat -a to view the status of all sockets, which is very useful when debugging network programs. Netstat -r will display the contents of the routing table. Generally, you also need to specify the "-n" option, so that you can get the address in numeric format or the IP address of the default router. Using netstat -i will display all network interface information. Using netstat also gives you the current network state and the topology of the network, which is very useful in practice.
tcpdump
The tcpdump command is used to monitor TCP/IP connections and directly read the packet header of the data link layer. You can specify which packets are being monitored and which controls are to be formatted. For example, if we want to monitor the communication between all Ethernets, execute the following command:
tcpdump -i eth0
Even if it is on a relatively quiet network, there is a lot of communication, so we may only need to get our interest. The information of those packets. In general, the TCP/IP stack only accepts inbound packet bindings for the local host while ignoring other computer addressing on the network (unless you are using a router). When the tcpdump command is run, it sets the TCP/IP stack to promiscuous mode. This mode accepts all packets and makes them display efficiently. If we are concerned about the communication of our local host, one way is to disable the promiscuous mode by using the "-p" parameter. Another way is to specify the hostname:
tcpdump -i eth0 host hostname
At this time, The system will only monitor communication packets for the host named hostname. The host name can be either the local host or any computer on the network. The following command can read all the data sent by the host hostname:
tcpdump -i eth0 src host hostname
The following command can monitor all packets sent to the host hostname:
tcpdump -i eth0 dst host hostname
We can also monitor packets passing through the specified gateway:
tcpdump -i eth0 gateway Gatewayname
If you also want to monitor TCP or UDP packets addressed to the specified port, execute the following command:
tcpdump -i eth0 host hostname and port 80
This command will display the headers from each packet and the address from port 80 of host hostname. Port 80 is the default HTTP service port number of the system. If we only need to list the packets sent to port 80, use dst port; if we only want to see the packets returning port 80, use src port.