1、關于netstat -anq 的 Recv-Q與Send-Q說明
[root@zayhu01-mb ~]# netstat -anp | head
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2742/sshd
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 29931/ruby
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 15776/python2.6
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 15783/python2.6
tcp 0 0 0.0.0.0:28027 0.0.0.0:* LISTEN 2880/bin/mongod
tcp 0 0 0.0.0.0:50491 0.0.0.0:* LISTEN 2567/rpc.statd
tcp 0 0 0.0.0.0:24224 0.0.0.0:* LISTEN 29931/ruby
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 31248/zabbix_agentd
[root@zayhu01-mb ~]#
What It Means
"Proto" is short for protocol, which is either TCP or UDP. "Recv-Q" and "Send-Q" mean receiving queue and sending queue. These should always be zero; if they're not you might have a problem. Packets should not be piling up in either queue, except briefly, as this example shows:
tcp 0 593 192.168.1.5:34321 venus.euao.com:smtp ESTABLISHED
That happened when I hit the "check mail" button in KMail; a brief queuing of outgoing packets is normal behavior. If the receiving queue is consistently jamming up, you might be experiencing a denial-of-service attack. If the sending queue does not clear quickly, you might have an application that is sending them out too fast, or the receiver cannot accept them quickly enough.
"Local address" is either your IP and port number, or IP and the name of a service. "Foreign address" is the hostname and service you are connected to. The asterisk is a placeholder for IP addresses, which of course cannot be known until a remote host connects. "State" is the current status of the connection. Any TCP state can be displayed here, but these three are the ones you want to see
大緻意思如下:
Recv-Q Send-Q分别表示網絡接收隊列,發送隊列。Q是Queue的縮寫。這兩個值通常應該為0,如果不為0可能是有問題的。packets在兩個隊列裡都不應該有堆積狀态。可接受短暫的非0情況。如下中的示例,短暫的Send-Q隊列發送pakets非0是正常狀态。
如果接收隊列Recv-Q一直處于阻塞狀态,可能是遭受了拒絕服務 denial-of-service 攻擊。如果發送隊列Send-Q不能很快的清零,可能是有應用向外發送資料包過快,或者是對方接收資料包不夠快。
Recv-Q:表示收到的資料已經在本地接收緩沖,但是還有多少沒有被程序取走,recv()
Send-Q:對方沒有收到的資料或者說沒有Ack的,還是本地緩沖區.
通過netstat的這兩個值就可以簡單判斷程式收不到包到底是包沒到還是包沒有被程序recv。
例如:
[root@zayhu01-mb ~]# netstat -anp|grep 16715 | grep 7070 | grep -v LISTEN
sctp 0 0 172.34.11.11:7070 172.34.28.118:37733 ESTABLISHED 16715/java
sctp 0 604 172.34.11.11:7070 172.34.0.206:36314 ESTABLISHED 16715/java
sctp 0 839 172.34.11.11:7070 172.34.17.191:44516 ESTABLISHED 16715/java
sctp 0 483 172.34.11.11:7070 172.34.5.72:38376 ESTABLISHED 16715/java
sctp 0 482 172.34.11.11:7070 172.34.23.190:60160 ESTABLISHED 16715/java
sctp 0 0 172.34.11.11:7070 172.34.8.26:41579 ESTABLISHED 16715/java
sctp 0 0 172.34.11.11:7070 172.34.8.151:60199 ESTABLISHED 16715/java
sctp 0 0 172.34.11.11:7070 172.34.27.100:38005 ESTABLISHED 16715/java
sctp 0 607 172.34.11.11:7070 172.34.11.11:36616 ESTABLISHED 16715/java
sctp 0 0 172.34.11.11:7070 172.34.10.26:45828 ESTABLISHED 16715/java
sctp 0 787 172.34.11.11:7070 172.34.2.121:53356 ESTABLISHED 16715/java
sctp 0 752 172.34.11.11:7070 172.34.28.86:37574 ESTABLISHED 16715/java
sctp 0 483 172.34.11.11:7070 172.34.16.161:35600 ESTABLISHED 16715/java
sctp 0 0 172.34.11.11:7070 172.34.0.206:45765 ESTABLISHED 16715/java
sctp 0 0 172.34.11.11:7070 172.34.17.191:42716 ESTABLISHED 16715/java
[root@zayhu01-mb ~]# netstat -anp|grep 16715 | grep 7070 | grep -v LISTEN | awk '{sum+=$2}END{print sum}' Recv-Q的總和
[root@zayhu01-mb ~]# netstat -anp|grep 16715 | grep 7070 | grep -v LISTEN | awk '{sum+=$3}END{print sum}' Send-Q的總和
4503
2、關于 /proc/net/sctp/assocs 檔案說明
[root@zayhu01-mb ~]# awk '{for(i=1;i<NF;i++)if($i~/LPORT/)l=i;if($l~/7070|LPORT/)print }' /proc/net/sctp/assocs
ASSOC SOCK STY SST ST HBKT ASSOC-ID TX_QUEUE RX_QUEUE UID INODE LPORT RPORT LADDRS <-> RADDRS HBINT INS OUTS MAXRT T1X T2X RTXC wmema wmemq sndbuf rcvbuf
ffff88036c975000 ffff88073bf05c00 2 1 3 26 13869 702 0 501 925943431 7070 41343 172.34.11.11 <-> *172.34.16.161 7500 10 10 10 0 0 0 1529 1280 212992 212992
ffff880003223000 ffff88073bf07300 2 1 3 35 13106 0 0 501 903426908 7070 37788 172.34.11.11 <-> *172.34.21.131 7500 10 10 10 0 0 0 1 0 212992 212992
解釋:
awk '{for(i=1;i<NF;i++)if($i~/LPORT/)l=i;if($l~/7070|LPORT/)print }' /proc/net/sctp/assocs 輸出LPORT列包含7070的行
awk '{for(i=1;i<NF;i++)if($i~/LPORT/)l=i;if($l~/7070|LPORT/)print }' /proc/net/sctp/assocs |awk '{for(i=1;i<NF;i++)if($i~/RX_QUEUE/)k=i;print $k}' 輸出 RX_QUEUE列
awk '{for(i=1;i<NF;i++)if($i~/LPORT/)l=i;if($l~/7070|LPORT/)print }' /proc/net/sctp/assocs |awk '{for(i=1;i<NF;i++)if($i~/RX_QUEUE/)k=i;print $k}'|grep -v "RX_QUEUE"|awk '{sum+=$1}'END'{print sum}' 計算這一列的總和
assoc: 表示assoc的記憶體位址。
sock:表示sock的記憶體位址。
STY:表示sctp sock的類型。
SCTP_SOCKET_UDP = 0,
SCTP_SOCKET_UDP_HIGH_BANDWIDTH = 1,
SCTP_SOCKET_TCP = 2,
SST: 表示sock的狀态。sctp的sock狀态延續了tcp協定的狀态。
sctp中sock的狀态:
SCTP_SS_CLOSED = TCP_CLOSE, //7
SCTP_SS_LISTENING = TCP_LISTEN, //10
SCTP_SS_ESTABLISHING = TCP_SYN_SENT, //2
SCTP_SS_ESTABLISHED = TCP_ESTABLISHED, //1
SCTP_SS_CLOSING = TCP_CLOSING, //11
ST: 表示assoc的狀态。 assoc的狀态取值如下:
/* SCTP state defines for internal state machine */
SCTP_STATE_EMPTY = 0,
SCTP_STATE_CLOSED = 1,
SCTP_STATE_COOKIE_WAIT = 2,
SCTP_STATE_COOKIE_ECHOED = 3,
SCTP_STATE_ESTABLISHED = 4,
SCTP_STATE_SHUTDOWN_PENDING = 5,
SCTP_STATE_SHUTDOWN_SENT = 6,
SCTP_STATE_SHUTDOWN_RECEIVED = 7,
SCTP_STATE_SHUTDOWN_ACK_SENT = 8,
HBKT: 表示該assoc在hash表中的hash值。
ASSOC-ID:表示該連接配接的ID值。
TX_QUEUE: 表示發送緩存的記憶體使用量,機關:位元組。
RX_QUEUE: 表示接收隊列的記憶體使用量,機關:位元組。
UID INODE: 分别表示sock所對應的uid和inode值。
LPORT RPORT:分别表示本地端口和遠端端口。
LADDRS <-> RADDRS :分别表示本地IP位址和遠端IP位址。
HBINT:表示assoc發送heartbeat的間隔時間OUTS:同INS類似,表示該assoc可以允許發送的最大 stream數,預設值是10。
MAXRT:表示該assoc允許的最大重傳數,預設值是10
![RTMPdump(libRTMP) 源代碼分析 9: 接收消息(Message)(接收視音頻資料)[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)