转自:http://blog.yufeng.info/archives/1280
systemtap发行版本提供了个工具socktop, 位于 /usr/share/doc/systemtap/examples/network/socktop, 可以查看unix域套接字的发送和接受情况,比如说A程序是否送出,B程序是否接收到。
-
# Socktop systemtap script
-
# Copyright (C) 2006 IBM Corp.
-
#
-
# This file is part of systemtap, and is free software. You can
-
# redistribute it and/or modify it under the terms of the GNU General
-
# Public License (GPL); either version 2, or (at your option) any
-
# later version.
-
-
###
-
### socktop – Combination shell/systemtap script to track reads and writes
-
### on sockets by process. Can be filtered by process IDs and
-
### names, protocols, protocol families, users and socket type.
-
###
-
-
$ uname -r
-
2.6.18-164.el5
-
-
$ rpm -i kernel-debuginfo-common-2.6.18-164.el5.x86_64.rpm
-
$ rpm -i kernel-debuginfo-2.6.18-164.el5.x86_64.rpm
-
-
#使用帮助
-
$ /usr/share/doc/systemtap/examples/network/socktop -h
-
USAGE: socktop [-d] [-i interval] [-N num] [-P protocol]... [-f family]...
-
[-t stype]... [-n pname]... [-p pid]... [-u username]... [-h]
-
-d # print network device traffic (default: off)
-
-i interval # interval in seconds between printing (default: 5)
-
-N num # number of top processes and devices to print (default: 10)
-
-f family # this protocol family only (default: all)
-
-P protocol # this protocol only (default: all)
-
-t stype # this socket type only (default: all)
-
-n pname # this process name only (default: all)
-
-p pid # this process ID only (default: all)
-
-u username # this user only (default: all)
-
-c count # number of iteration
-
-m mod_name # generate instrumentation (but do not run)
-
-h # print this help text
-
-
Protocol Families:
-
LOCAL, INET, INET6, IPX, NETLINK, X25, AX25, ATMPVC, APPLETALK, PACKET
-
-
Protocols:
-
TCP, UDP, SCTP, IP, FC, ... (see /etc/protocols for complete list)
-
-
Socket Types:
-
STREAM, DGRAM, RAW, RDM, SEQPACKET, DCCP, PACKET
-
上面的使用写的很明白了,我们要过滤的是unix套接字, 每5秒报告下情况, 还顺手把网络设备的流量打出来。
-
-
view sourceprint?
-
$sudo /usr/share/doc/systemtap/examples/network/socktop -f LOCAL -i 5 -d
-
======================= Thu Mar 31 21:23:03 2011 ========================
-
------------------------------- PROCESSES -------------------------------
-
PID UID #SEND #RECV SEND_KB RECV_KB PROT FAMILY COMMAND
-
24821 50453 1 0 0 0 IP LOCAL crond
-
3840 0 0 2 0 0 IP LOCAL syslog-ng
-
-
-------------------------------- DEVICES --------------------------------
-
DEV #XMIT #RECV XMIT_KB RECV_KB
-
eth0 457 250 102 38
-
bond0 457 0 102 0
-
lo 24 24 2 2
-
eth1 0 10 0 0
-
=========================================================================
-
我们很清楚的看到了,crond在发,syslog-ng在收。
阅读(5112) | 评论(0) | 转发(0) |
