介绍一个监控网卡及网络流量的好工具NICSTAT

三杯水Plus

发布于 2018-11-14 15:03:19

1.8K0

发布于 2018-11-14 15:03:19

文章被收录于专栏：运维运维

介绍一个监控网卡及网络流量的好工具NICSTAT

最近发现了个好的工具，是监控网卡及网络流量的叫NICSTAT,这里我通过这个例子来说明

当你发现一个陌生的东西，怎样一下子弄熟，概括来讲分为安装，应用两步，细分为：下载，解压缩，读README,安装，读HELP文档，使用。

1，下载解压缩

#wget wget http://nchc.dl.sourceforge.net/project/nicstat/nicstat-1.92.tar.gz

#tar -zxvf nicstat-1.92.tar.gz

#cd nicstat-1.92

# ls -la

total 748

drwxr-xr-x 2 innoitwiki innoitwiki 4096 Mar 12 18:08 .

drwxrwxr-x 3 innoitwiki innoitwiki 4096 Mar 12 18:04 ..

-rw-r--r-- 1 innoitwiki innoitwiki 4952 Oct 23 02:05 ChangeLog.txt

-rwxr-xr-x 1 innoitwiki innoitwiki 475 Oct 16 05:49 dladm.sh

-rw-r--r-- 1 innoitwiki innoitwiki 1312 Oct 18 07:47 enicstat

-rw-r--r-- 1 innoitwiki innoitwiki 8902 Oct 18 07:47 LICENSE.txt

-rw-r--r-- 1 innoitwiki innoitwiki 1629 Sep 5 2012 Makefile.Linux

-rw-r--r-- 1 innoitwiki innoitwiki 1596 Oct 18 08:31 Makefile.Solaris

-rw-r--r-- 1 innoitwiki innoitwiki 9423 Oct 23 02:05 nicstat.1

-rw-r--r-- 1 innoitwiki innoitwiki 67376 Oct 23 02:05 nicstat.c

-rwxr-xr-x 1 innoitwiki innoitwiki 29645 Oct 19 08:52 .nicstat.RedHat_5_i386

-rwxr-xr-x 1 innoitwiki innoitwiki 4134 Oct 16 09:38 nicstat.sh

-rwxr-xr-x 1 innoitwiki innoitwiki 69772 Oct 19 08:35 .nicstat.Solaris_10_i386

-rwxr-xr-x 1 innoitwiki innoitwiki 74920 Oct 19 08:36 .nicstat.Solaris_10_sparc

-rwxr-xr-x 1 innoitwiki innoitwiki 77700 Oct 19 08:37 .nicstat.Solaris_11_i386

-rwxr-xr-x 1 innoitwiki innoitwiki 83636 Oct 19 08:39 .nicstat.Solaris_11_sparc

-rwxr-xr-x 1 innoitwiki innoitwiki 112448 Oct 19 08:49 .nicstat.Solaris_9_i386

-rwxr-xr-x 1 innoitwiki innoitwiki 127104 Oct 19 08:44 .nicstat.Solaris_9_sparc

-rwx------ 1 innoitwiki innoitwiki 32250 Oct 19 09:02 .nicstat.Ubuntu_8_i386

-rw-r--r-- 1 innoitwiki innoitwiki 834 Oct 23 02:05 README.txt

2，读README

# cat README.txt

nicstat 1.92 README

===================

nicstat is licensed under the Artistic License 2.0. You can find a

copy of this license as LICENSE.txt included with the nicstat

distribution, or at http://www.perlfoundation.org/artistic_license_2_0

AUTHORS

timothy.cook@oracle.com (formerly tim.cook@sun.com), Brendan Gregg

(formerly Brendan.Gregg@sun.com)

HOW TO BUILD ON SOLARIS

mv Makefile.Solaris Makefile

make

HOW TO BUILD ON LINUX

mv Makefile.Linux Makefile

make

HOW TO INSTALL

make [BASEDIR=<dir>] install

Default BASEDIR is /usr/local

HOW TO INSTALL A MULTI-PLATFORM SET OF BINARIES

1. (Optional) Change BASEDIR, BINDIR and/or MP_DIR in Makefile

2. make install_multi_platform

3. (Optional) add links or binaries for your platform(s)

HOME PAGE

http://blogs.sun.com/timc/entry/nicstat_the_solaris_and_linux

3，安装

# mv Makefile.Linux Makefile

# make

The program 'make' is currently not installed. You can install it by typing:

apt-get install make

# apt-get install make #当使用系统命令MAKE时，显示没有，所以先安装

Reading package lists... 0%

Reading package lists... 100%

Reading package lists... Done

Building dependency tree... 0%

Building dependency tree... 50%

Building dependency tree

Reading state information... 0%

Reading state information... 1%

Reading state information... DoneSuggested packages:

make-doc

The following NEW packages will be installed:

make

0 upgraded, 1 newly installed, 0 to remove and 32 not upgraded.

Need to get 0 B/116 kB of archives.

After this operation, 319 kB of additional disk space will be used.

0% [Working]

50% [Working]

Selecting previously unselected package make.

(Reading database ...

(Reading database ... 5%

(Reading database ... 10%

(Reading database ... 15%

(Reading database ... 20%

(Reading database ... 25%

(Reading database ... 30%

(Reading database ... 35%

(Reading database ... 40%

(Reading database ... 45%

(Reading database ... 50%

(Reading database ... 55%

(Reading database ... 60%

(Reading database ... 65%

(Reading database ... 70%

(Reading database ... 75%

(Reading database ... 80%

(Reading database ... 85%

(Reading database ... 90%

(Reading database ... 95%

(Reading database ... 100%

(Reading database ... 54391 files and directories currently installed.)

Unpacking make (from .../make_3.81-8.1ubuntu1.1_i386.deb) ...

Processing triggers for man-db ...

Setting up make (3.81-8.1ubuntu1.1) ...

# make

gcc -O3 -m32 nicstat.c -o nicstat

nicstat.c:99:0: warning: "DUPLEX_UNKNOWN" redefined [enabled by default]

/usr/include/linux/ethtool.h:839:0: note: this is the location of the previous definition

nicstat.c: In function 鈥榣oad_netstat鈥?

nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]

mv nicstat `./nicstat.sh --bin-name`

# make install

gcc -O3 -m32 nicstat.c -o nicstat

nicstat.c:99:0: warning: "DUPLEX_UNKNOWN" redefined [enabled by default]

/usr/include/linux/ethtool.h:839:0: note: this is the location of the previous definition

nicstat.c: In function 鈥榣oad_netstat鈥?

nicstat.c:1481:5: warning: use of assignment suppression and length modifier together in gnu_scanf format [-Wformat]

sudo install -o root -g root -m 4511 `./nicstat.sh --bin-name` /usr/local/bin/nicstat

sudo install -o bin -g bin -m 555 enicstat /usr/local/bin

sudo install -o bin -g bin -m 444 nicstat.1 /usr/local/share/man/man1/nicstat.1

install: cannot create regular file `/usr/local/share/man/man1/nicstat.1': No such file or directory

make: *** [install_man] Error 1

4，MAKE INSTALL时报错了，根据提示为系统/usr/local/share/man/目录下没有man1那个目录，所以我们要先建这个目录，这也说明安装这个

工具说顺便安装了他的man手册，而且是man1就是默认的手册

# cd /usr/local/share/man/

# mkdir man1

# ls

man1

# make install #再安装时就没有错误了

sudo install -o root -g root -m 4511 `./nicstat.sh --bin-name` /usr/local/bin/nicstat

sudo install -o bin -g bin -m 555 enicstat /usr/local/bin

sudo install -o bin -g bin -m 444 nicstat.1 /usr/local/share/man/man1/nicstat.1

5，首先看看help，里面有工具用法的简单介绍

# nicstat -h

USAGE: nicstat [-hvnsxpztual] [-i int[,int...]]

[-S int:mbps[,int:mbps...]] [interval [count]]

-h # help

-v # show version (1.92)

-i interface # track interface only

-n # show non-local interfaces only (exclude lo0)

-s # summary output

-x # extended output

-p # parseable output

-z # skip zero value lines

-t # show TCP statistics

-u # show UDP statistics

-a # equivalent to "-x -u -t"

-l # list interface(s)

-M # output in Mbits/sec

-S int:mbps[fd|hd] # tell nicstat the interface

# speed (Mbits/sec) and duplex

eg,

nicstat # print summary since boot only

nicstat 1 # print every 1 second

nicstat 1 5 # print 5 times only

nicstat -z 1 # print every 1 second, skip zero lines

nicstat -i hme0 1 # print hme0 only every 1 second

6，尝试一下命令的用法

# nicstat -i eth0

Time Int rKB/s wKB/s rPk/s wPk/s rAvs wAvs %Util Sat

18:17:51 eth0 0.15 0.05 1.20 0.14 131.0 336.2 0.00 0.01

# nicstat -u

18:18:10 InDG OutDG InErr OutErr

UDP 0.00 0.00 0.00 0.00

# nicstat -a

18:19:14 InKB OutKB InSeg OutSeg Reset AttF %ReTX InConn OutCon Drops

TCP 0.00 0.00 0.15 0.14 0.00 0.00 0.000 0.00 0.00 0.00

18:19:14 InDG OutDG InErr OutErr

UDP 0.00 0.00 0.00 0.00

18:19:14 RdKB WrKB RdPkt WrPkt IErr OErr Coll NoCP Defer %Util

lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

eth0 0.15 0.05 1.20 0.14 0.00 0.00 0.00 0.00 0.00 0.00

7，如果要详细了解可以拜读他的man手册

# man nicstat

nicstat(1) nicstat(1)

NAME

nicstat, enicstat - print network traffic statistics

SYNOPSIS

nicstat [-hvnsxpztualkM] [-iinterface] [-Sint:mbps[fd|hd]] [interval [count]]

enicstat <same options & operands>

DESCRIPTION

nicstat prints out network statistics for all network cards (NICs), including packets, kilobytes per second, aver鈥?

age packet sizes and more.

OPTIONS

-h Display brief usage information (help).

-v Display nicstat version (and additional fields when combined with '-l')

-n Show statistics for non-local (i.e. non-loopback) interfaces only.

-s Display summary output - just the amount of data received (read) and transmitted (written).

-x Display extended output. See OUTPUT section for details.

-M Display interface throughput statistics in Mbps (megabits per second), instead of the default KB/s

(kilobytes per second).

NOTE - interface statistics are reported to operating systems in bytes. nicstat does not know if Ether鈥?

net or other hardware overheads are included in the statistic on each platform.

-p Display output in parseable format. This outputs one line per interface, in the following formats

(which correspond to the default, -x, -t and -u options; respectively):

time:In:rKB/s:wKB/s:rPk/s:wPk/s:%Util:Sat

time:In:rKB/s:wKB/s:rPk/s:wPk/s:%Util:Sat:IErr:OErr:Coll:NoCP:Defer time:TCP:InKB:OutKB:InSeg:Out鈥?

Seg:Reset:AttF:%ReTX:InConn:OutCon:Drops time:UDP:InDG:OutDG:InErr:OutErr

where time is the number of seconds since midnight, Jan 1 1970 (UST) and the other fields are as

described in the OUTPUT section below.

NOTE - throughput statistics are always in KB/s (kilbytes per second) for parseable formats, even if the

"-M" flag has been specified.

-z Skip interfaces for which there was zero traffic for the sample period.

-t Show TCP statistics.

Manual page nicstat(1) line 1 (press h for help or q to quit)

-u Show UDP statistics.

-a Equvalent to '-x -t -u'.

-l Just list interfaces.

-iinterface[,interface...]

Show statistics for only the interface(s) listed. Multiple interfaces can be listed, separated by com鈥?

mas (,).

-Sint:speed[fd|hd]

(Linux only). Specify the speed (and optionally duplex mode) of one or more interfaces. The given

speed(s) are in megabits/second. The duplex mode will default to "full" unless a suffix beginning with

"h" or "H" is specified. Speed and duplex mode are obtained automatically on Solaris using the

"ifspeed" and "link_duplex" kstat values.

-k (Solaris only). Search for active network interfaces by looking for kstat "link_state" statistics with

a value of 1. This is only of value on systems running Solaris 10 (or early releases of Solaris 11

Express), with Exclusive IP Zones, where the interfaces given to an Exclusive IP Zone are not otherwise

visible. If you are running Solaris 9 (or earlier), or Solaris 11 (or later) you do not need this

option.

OPERANDS

interval Specifies the number of seconds between samples.

count Specifies the number of times that the statistics are repeated. If no count is specified, nicstat will

repeat statistics indefinitely.

OUTPUT

The fields of nicstat's display are:

Time The time corresponding to the end of the sample shown, in HH:MM:SS format (24-hour clock).

Int The interface name.

rKB/s, InKB

Kilobytes/second read (received).

wKB/s, OutKB

Kilobytes/second written (transmitted).

rMbps, RdMbps

Megabits/second read (received).

wMbps, WrMbps

Megabits/second written (transmitted).

rPk/s, InSeg, InDG

Packets (TCP Segments, UDP Datagrams)/second read (received).

Manual page nicstat(1) line 55 (press h for help or q to quit) wPk/s, OutSeg, OutDG

Packets (TCP Segments, UDP Datagrams)/second written (transmitted).

rAvs Average size of packets read (received).

wAvs Average size of packets written (transmitted).

%Util Percentage utilization of the interface. For full-duplex interfaces, this is the greater of rKB/s or

wKB/s as a percentage of the interface speed. For half-duplex interfaces, rKB/s and wKB/s are summed.

Sat Saturation. This the number of errors/second seen for the interface - an indicator the interface may be

approaching saturation. This statistic is combined from a number of kernel statistics. It is recom鈥?

mended to use the '-x' option to see more individual statistics (those mentioned below) when attempting

to diagnose a network issue.

IErr Packets received that could not be processed because they contained errors

OErr Packets that were not successfully transmitted because of errors

Coll Ethernet collisions during transmit.

NoCP No-can-puts. This is when an incoming packet can not be put to the process reading the socket. This

suggests the local process is unable to process incoming packets in a timely manner.

Defer Defer Transmits. Packets without collisions where first transmit attempt was delayed because the medium

was busy.

Reset tcpEstabResets. The number of times TCP connections have made a direct transition to the CLOSED state

from either the ESTABLISHED state or the CLOSE-WAIT state.

AttF tcpAttemptFails - The number of times that TCP connections have made a direct transition to the CLOSED

state from either the SYN-SENT state or the SYN-RCVD state, plus the number of times TCP connections

have made a direct transition to the LISTEN state from the SYN-RCVD state.

%ReTX Percentage of TCP segments retransmitted - that is, the number of TCP segments transmitted containing

one or more previously transmitted octets.

InConn tcpPassiveOpens - The number of times that TCP connections have made a direct transition to the SYN-RCVD

state from the LISTEN state.

OutCon tcpActiveOpens - The number of times that TCP connections have made a direct transition to the SYN-SENT

state from the CLOSED state.

Drops tcpHalfOpenDrop + tcpListenDrop + tcpListenDropQ0.

tcpListenDrop and tcpListenDropQ0 - Number of connections dropped from the completed connection queue and incom鈥?

plete connection queue, respectively. tcpHalfOpenDrops - Number of connections dropped after the initial SYN

packet was received.

Manual page nicstat(1) line 107 (press h for help or q to quit) The first set of statistics printed are averages since system boot. If no interval operand is specified, or a

count value of "1" is specified, this will be the only sample printed.

EXAMPLES

Print average statistics from boot time to now only:

$ nicstat

Print statistics for all interfaces, every 3 seconds:

$ nicstat 3

Print statistics for all interfaces, every 5 seconds, finishing after 10 samples:

$ nicstat 5 10

Print statistics every 3 seconds, only for interfaces "hme0" and "hme1":

$ nicstat -i hme0,hme1 3

Print statistics for non-local interfaces, setting speed of "eth0" and "eth1" to 10mbps/half-duplex and

1000mbps/full-duplex, respectively:

$ nicstat -n -S eth0:10h,eth1:1000 5

介绍一个监控网卡及网络流量的好工具NICSTAT

介绍一个监控网卡及网络流量的好工具NICSTAT

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐