怀疑服务器存在异常流量排查日记，使用ifconfig，nethogs等命令

怀疑服务器存在异常流量排查日记
一、用ifconfig查看网卡流量
root@AP ~]# ifconfig
eth4 ?????Link encap:Ethernet ?HWaddr 00:50:56:0A:A6:E9 ?
inet addr:192.168.1.91 ?Bcast:192.168.1.255 ?Mask:255.255.255.0
inet6 addr: fa70::220:58af:faba:6e8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST ?MTU:1500 ?Metric:1
RX packets:21148074982 errors:0 dropped:0 overruns:0 frame:0
TX packets:21944211957 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7069850347226 (6.4 TiB) ?TX bytes:8936760647131 (8.1 TiB)

lo ???????Link encap:Local Loopback ???????inet addr:127.0.0.1 ?Mask:255.0.0.0 ?????inet6 addr: ::1/128 Scope:Host ?????UP LOOPBACK RUNNING ?MTU:16436 ?Metric:1 ?????RX packets:13894306 errors:0 dropped:0 overruns:0 frame:0 ?????TX packets:13894306 errors:0 dropped:0 overruns:0 carrier:0 ?????collisions:0 txqueuelen:0 ??????RX bytes:6506280062 (6.0 GiB) ?TX bytes:6506280062 (6.0 GiB)virbr0 ???Link encap:Ethernet ?HWaddr 52:34:40:A1:04:BF ???????inet addr:192.168.122.1 ?Bcast:192.168.122.255 ?Mask:255.255.255.0 ?????UP BROADCAST RUNNING MULTICAST ?MTU:1500 ?Metric:1 ?????RX packets:0 errors:0 dropped:0 overruns:0 frame:0 ?????TX packets:26979 errors:0 dropped:0 overruns:0 carrier:0 ?????collisions:0 txqueuelen:0 ??????RX bytes:0 (0.0 b) ?TX bytes:1243664 (1.1 MiB)

二、nethogs进一步定位流量消耗的进程
1、下载RPM包：
http://rpm.pbone.net/index.php3/stat/4/idpl/40930296/dir/redhat_el_6/com/nethogs-0.8.5-1.el6.x86_64.rpm.html
选择如下rpm：
nethogs-0.8.5-1.el6.x86_64.rpm

2、安装[root@AP yum.repos.d]# cd /tmp[root@AP tmp]# rpm -ivh nethogs-0.8.5-1.el6.x86_64.rpmwarning: nethogs-0.8.5-1.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEYPreparing... ???????????????########################################### [100%] ??1:nethogs ???????????????########################################### [100%][root@AP tmp]# NetHogs使用[root@AP tmp]# nethogsNetHogs提供交互式控制指令：m : Cycle between display modes (kb/s, kb, b, mb) 切换网速显示单位r : Sort by received. 按接收流量排序s : Sort by sent. 按发送流量排序q : Quit and return to the shell prompt. 退出NetHogs命令工具

三、找到进程ID后进一步查进程信息
[root@AP ~]# ps -fe|grep 29640
root ?????9660 ?9385 ?0 17:03 pts/4 ???00:00:00 grep 29640
root ????29640 ????1 52 10:13 pts/3 ???03:36:56 /usr/java/jdk1.7.0_79/bin/java -server -XX:PermSize=256m -XX:MaxPermSize=512m -Djetty.state=/home/jetty-distribution-7.6.16.v20170903/jetty.state -Djetty.home=/home/jetty-distribution-7.6.16.v20170903 -Djava.io.tmpdir=/tmp -jar /home/jetty-distribution-7.6.16.v20170903/start.jar etc/jetty-logging.xml etc/jetty-started.xml
[root@AP ~]#

怀疑服务器存在异常流量排查日记，使用ifconfig，nethogs等命令

原文地址：http://blog.51cto.com/yunlongzheng/2125639