VMCD.ORG » linux tools part 6– network Monitoring (2)

基于上次的nicstat linux还提供了nethogs,可以监控指定pid的具体流量,在这里可以下到源码.

获取过程：

open("/proc/$pid/fd")
open("/proc/net/tcp")
open("/proc/net/tcp6")
open("/etc/passwd")

eg:

[root@db-81 27274]# nethogs  -d  5

NetHogs version 0.7.snapshot

  PID USER     PROGRAM                      DEV        SENT      RECEIVED       
31984 oracle   oracleyhddb2                 eth0      35.318    4166.566 KB/sec
16420 liuyang  sshd: liuyang@pts/1          eth0       0.389	   0.013 KB/sec
0     root     ..83:10050-10.1.0.173:45031             0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:44767             0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:44399             0.000	   0.000 KB/sec
16514 zabbix   /sbin/zabbix_agentd          eth0       0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:42917             0.000	   0.000 KB/sec
31986 oracle   oracleyhddb2                 eth0       0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:40690             0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:39504             0.000	   0.000 KB/sec
15016 liuyang  sshd: liuyang@pts/0          eth0       0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:38933             0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:38792             0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:36237             0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:35992             0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:35715             0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:34958             0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:34793             0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:34079             0.000	   0.000 KB/sec
15134 liuyang  sshd: liuyang@notty          eth0       0.000	   0.000 KB/sec
0     root     ..83:10050-10.1.0.173:28508             0.000	   0.000 KB/sec
0     root     unknown TCP                             0.000	   0.000 KB/sec

  TOTAL                                               35.707    4166.579 KB/sec

/proc/net/tcp

[root@db-81 ~]# cat /proc/net/tcp
  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode                                                     
   0: 00000000:2742 00000000:0000 0A 00000000:00000000 00:00000000 00000000 54323        0 50676198 1 ffff810745393940 3000 0 0 2 -1                 
   1: 00000000:1622 00000000:0000 0A 00000000:00000000 00:00000000 00000000 54322        0 1204282 1 ffff81063ff60680 3000 0 0 2 -1                  
   2: 00000000:0CEA 00000000:0000 0A 00000000:00000000 00:00000000 00000000 54326        0 102946291 1 ffff810bda120180 3000 0 0 2 -1                
   3: 00000000:0015 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 102942838 1 ffff81062bc60080 3000 0 0 2 -1                
   4: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 98812948 1 ffff810bda121980 3000 0 0 2 -1                 
   5: 0100007F:177A 00000000:0000 0A 00000000:00000000 00:00000000 00000000 54324        0 104444736 1 ffff81004f0286c0 3000 0 0 2 -1                
   6: 0100007F:177B 00000000:0000 0A 00000000:00000000 00:00000000 00000000 54324        0 104449554 1 ffff81063ff60c80 3000 0 0 2 -1                
   7: 0100007F:177C 00000000:0000 0A 00000000:00000000 00:00000000 00000000 54324        0 104472621 1 ffff81062bc60680 3000 0 0 2 -1                
   8: 0100007F:177D 00000000:0000 0A 00000000:00000000 00:00000000 00000000 54324        0 104475697 1 ffff81033613b880 3000 0 0 2 -1                
   9: 0100007F:177E 00000000:0000 0A 00000000:00000000 00:00000000 00000000 54324        0 104460816 1 ffff81063ff60080 3000 0 0 2 -1                
  10: 0100007F:177F 00000000:0000 0A 00000000:00000000 00:00000000 00000000 54324        0 104477846 1 ffff81033613a680 3000 0 0 2 -1                
  11: 5100000A:0016 6E14000A:D92E 01 00000034:00000000 01:00000032 00000000     0        0 104477788 4 ffff81033613a080 512 40 15 3 100              
  12: 5100000A:0016 6E14000A:D304 01 00000000:00000000 02:0008BF47 00000000     0        0 104475630 2 ffff81062bc60c80 256 40 16 3 3                
  13: 5100000A:0016 6E14000A:C804 01 00000000:00000000 02:00078BBC 00000000     0        0 104472775 2 ffff81062bc61880 252 40 16 9 100              
  14: 5100000A:0016 6E14000A:EC72 01 00000000:00000000 02:0004210C 00000000     0        0 104444698 2 ffff81004f0280c0 493 40 18 4 4                
  15: 5100000A:0016 6E14000A:C7ED 01 00000000:00000000 02:0007889C 00000000     0        0 104472575 2 ffff81062bc61280 230 40 0 3 3                 
  16: 5100000A:0016 6E14000A:F6FC 01 00000000:00000000 02:0008A211 00000000     0        0 104460762 2 ffff81063ff61880 333 40 18 4 100              
  17: 5100000A:0016 6E14000A:EDC5 01 00000034:00000000 01:00000016 00000000     0        0 104449512 3 ffff81063ff61280 238 40 1 4 2

The data presented in each output column is:

sl	The number of the line in the output listing.
local_address	The local IP address and port number for the socket. The IP address is displayed as a little-endian four-byte hexadecimal number; that is, the least significant byte is listed first, so you’ll need to reverse the order of the bytes to convert it to an IP address. The port number is a simple two-byte hexadecimal number.
rem_address	The remote IP address and port number for the socket. Encoding is the same as for the local_address.
st	The socket status.
tx_queue:rx_queue	The size of the transmit and receive queues.
tr:tm->when	The tr field indicates whether a timer is active for this socket. A value of zero indicates the timer is not active. The tm->when field indicates the time remaining (in jiffies) before timeout occurs.
retrnsmt	Unused.
uid	The ID of the user that owns the socket. This is the same ID found in the /etc/passwd file.
time-out	Unused.
inode	A cryptic-looking number that identifies the socket to the Linux virtual filesystem.