Linux系统上的网络工具甚多，如何根据实际需要选择称手的工具呢？在此作一个简单介绍：

观察网络流量：

• “sar -n DEV 1 5” 可以统计每个网卡上的网络流速：

  # sar -n DEV 2 5 ...02:47:12 PM     IFACE   rxpck/s   txpck/s    rxkB/s    txkB/s   rxcmp/s   txcmp/s  rxmcst/s02:47:14 PM        lo      0.00      0.00      0.00      0.00      0.00      0.00      0.0002:47:14 PM      eth0      2.51      0.00      0.17      0.00      0.00      0.00      0.00...

   

• iptraf 是观察网络流速的强力工具，它可以让你的观察逐步深入，从硬件层（网卡），到网络层（IPv4，IPv6），到传输层（TCP，UDP etc.），一直到每一对socket pair。

观察网络连接的状态：

• “netstat -a“
  这是传统的工具，但是它无力处理海量的网络连接。所以在大规模网络连接的主机上，建议使用ss。

  # netstat -aActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address               Foreign Address             State      tcp        0      0 *:mysql                     *:*                         LISTEN      tcp        0      0 *:5901                      *:*                         LISTEN      ...tcp        0    104 bj71s060.chn.hp.com:ssh     16.169.16.67:52681          ESTABLISHED

   

• “ss -a” 列出所有的网络连接。ss特别适合海量连接的主机。
  如果加上”-p”选项，还可以显示对应的进程号。

  # ss -aState      Recv-Q Send-Q      Local Address:Port          Peer Address:Port   LISTEN     0      50                      *:mysql                    *:*       LISTEN     0      5                       *:5901                     *:*       ...LISTEN     0      128                    :::38246                   :::*       ESTAB      0      184         16.187.252.58:ssh           16.169.16.67:52681

   

观察静态统计值：

• “netstat -i“

  # netstat -iKernel Interface tableIface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flgeth0       1500   0 572421962      0      0      0 16831237      0      0      0 BMRUlo        16436   0    556534      0      0      0   556534      0      0      0 LRU

   

• ifconfig 可以看到网卡层面的少量统计值，packet数量，collision，errors等：

  # ifconfig eth0eth0      Link encap:Ethernet  HWaddr 00:19:BB:5B:07:34            inet addr:16.187.252.58  Bcast:16.187.255.255  Mask:255.255.252.0          inet6 addr: fe80::219:bbff:fe5b:734/64 Scope:Link          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:572422657 errors:0 dropped:0 overruns:0 frame:0          TX packets:16831252 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000           RX bytes:50512945748 (47.0 GiB)  TX bytes:11194760435 (10.4 GiB)          Interrupt:19 Memory:f0500000-f0520000

   

• “ip -s link” 看到的信息基本类似：

  # ip -s link1: lo: 
        
          mtu 16436 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    RX: bytes  packets  errors  dropped overrun mcast       2255610398 556534   0       0       0       0          TX: bytes  packets  errors  dropped carrier collsns     2255610398 556534   0       0       0       0      2: eth0: 
         
           mtu 1500 qdisc pfifo_fast state UP qlen 1000    link/ether 00:19:bb:5b:07:34 brd ff:ff:ff:ff:ff:ff    RX: bytes  packets  errors  dropped overrun mcast       3268332087 572422979 0       0       0       16733497    TX: bytes  packets  errors  dropped carrier collsns     2604833405 16831285 0       0       0       0
         
        

   

• “netstat -s” 提供了各个协议下的统计信息，有些统计值比如retransmit是很有用的，只有 “netstat -s” 能看到：

  # netstat -s ... Tcp:    71479 active connections openings    7181 passive connection openings    13723 failed connection attempts    407 connection resets received    1 connections established    18969163 segments received    11210435 segments send out    85883 segments retransmited    0 bad segments received.    80162 resets sent... 475 fast retransmits 30 forward retransmits 110 retransmits in slow start 22772 other TCP timeouts 5 sack retransmits failed...