🐧如何在Linux上显示网络接口的丢包

如何从命令行显示Linux操作系统上每个接口的丢弃数据包?

如何确定Linux服务器为何丢弃数据包?

我们可以使用ip命令,netstat命令或ethtool命令来显示Linux上每个网络接口的丢弃数据包统计信息。

让我们看看如何使用这两个命令列出每个接口的丢弃数据包。

使用netstat显示Linux上每个接口的丢弃数据包

现在不建议使用netstat命令。

ss和ip命令替代了netstat。

但是,netstat在较旧的Linux发行版上仍然可用。

因此,我将从netstat开始,但如果可能,请使用ip / ss工具。

句法:

netstat -i
netstat --interfaces

要显示每个协议的摘要统计信息,请运行:

netstat -s
netstat --statistics

结论:

Ip:
    Forwarding: 1
    101759568 total packets received
    70289211 forwarded
    0 incoming packets discarded
    31287093 incoming packets delivered
    136164545 requests sent out
    22 outgoing packets dropped
    220 reassemblies required
    110 packets reassembled ok
    2364 fragments received ok
    3345 fragments failed
    4728 fragments created
Icmp:
    295517 ICMP messages received
    6 input ICMP message failed
    ICMP input histogram:
        destination unreachable: 145
        timeout in transit: 187
        echo requests: 289750
        echo replies: 5435
    298725 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 3408
        echo requests: 5567
        echo replies: 289750
IcmpMsg:
        InType0: 5435
        InType3: 145
        InType8: 289750
        InType11: 187
        OutType0: 289750
        OutType3: 3408
        OutType8: 5567
Tcp:
    19006 active connection openings
    14619 passive connection openings
    2268 failed connection attempts
    393 connection resets received
    1 connections established
    2215735 segments received
    2511500 segments sent out
    6067 segments retransmitted
    182 bad segments received
    13173 resets sent
Udp:
    28543977 packets received
    63 packets to unknown port received
    287687 packet receive errors
    22106848 packets sent
    287687 receive buffer errors
    0 send buffer errors
UdpLite:
TcpExt:
    10 invalid SYN cookies received
    2264 resets received for embryonic SYN_RECV sockets
    42 packets pruned from receive queue because of socket buffer overrun
    14095 TCP sockets finished time wait in fast timer
    21 packetes rejected in established connections because of timestamp
    16908 delayed acks sent
    13 delayed acks further delayed because of locked socket
    Quick ack mode was activated 4346 times
    756194 packet headers predicted
    441344 acknowledgments not containing data payload received
    618096 predicted acknowledgments
    TCPSackRecovery: 87
    Detected reordering 418 times using SACK
    TCPDSACKUndo: 1
    14 congestion windows recovered without slow start after partial ack
    TCPLostRetransmit: 3994
    TCPSackFailures: 1
    121 fast retransmits
    8 retransmits in slow start
    TCPTimeouts: 5158
    TCPLossProbes: 789
    TCPLossProbeRecovery: 66
    TCPSackRecoveryFail: 3
    TCPBacklogCoalesce: 8617
    TCPDSACKOldSent: 4359
    TCPDSACKOfoSent: 1
    TCPDSACKRecv: 127
    3870 connections reset due to unexpected data
    244 connections reset due to early user close
    487 connections aborted due to timeout
    TCPDSACKIgnoredNoUndo: 33
    TCPSackShifted: 37
    TCPSackMerged: 115
    TCPSackShiftFallback: 731
    TCPRcvCoalesce: 225465
    TCPOFOQueue: 29252
    TCPOFOMerge: 1
    TCPChallengeACK: 193
    TCPSYNChallenge: 186
    TCPAutoCorking: 26574
    TCPFromZeroWindowAdv: 8
    TCPToZeroWindowAdv: 8
    TCPWantZeroWindowAdv: 37
    TCPSynRetrans: 647
    TCPOrigDataSent: 1526711
    TCPACKSkippedSynRecv: 153
    TCPKeepAlive: 53
    TCPDelivered: 1539034
    TCPAckCompressed: 2559
IpExt:
    InNoRoutes: 16
    InBcastPkts: 4
    InOctets: 92596603587
    OutOctets: 263001759492
    InBcastOctets: 310
    InNoECTPkts: 121775194
    InECT1Pkts: 1
    InECT0Pkts: 51506
    InCEPkts: 25

显示TCP统计信息

netstat --statistics --tcp
netstat -s -t

让我们展示udp统计信息

netstat --statistics --udp
netstat -s -u

在Linux中使用IP在网络接口上显示丢弃的数据包统计信息让我们看看如何使用ip命令查看网络设备的统计信息。 句法:

ip -s link
ip -s link show {interface}
ip -s link show eth0

🐧如何在Linux上显示网络接口的丢包

此示例显示wg0接口的统计信息:

ip -s link show wg0

4: wg0: <pointopoint,noarp,up,lower_up> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/none 
    RX: bytes  packets  errors  dropped overrun mcast   
    1889086196 11451163 8413    62869   0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    56342032204 41609374 0       5685    0       0       
</pointopoint,noarp,up,lower_up>

显然,TX正在发送而RX正在接收。 wg0接口创建了Wireguard,因此Wireguard或防火墙根据策略丢弃了数据包。

使用ethtool查询指定的网络设备以获取网络适配器和驱动程序统计信息

传递-S或–statistics参数以显示统计信息。 同样,语法很简单:

ethtool -S {device}
ethtool -S eth0

NIC statistics:
     rx_queue_0_packets: 94804582
     rx_queue_0_bytes: 92123064799
     rx_queue_0_drops: 0
     rx_queue_0_xdp_packets: 0
     rx_queue_0_xdp_tx: 0
     rx_queue_0_xdp_redirects: 0
     rx_queue_0_xdp_drops: 0
     rx_queue_0_kicks: 1499
     tx_queue_0_packets: 94616365
     tx_queue_0_bytes: 93565559918
     tx_queue_0_xdp_tx: 0
     tx_queue_0_xdp_tx_drops: 0
     tx_queue_0_kicks: 40246533
🐧如何在Linux上显示网络接口的丢包

另一种选择是使用cat命令或column命令直接查询/ proc / net / dev文件:

cat /proc/net/dev
column -t /proc/net/dev

这就是我们将看到的:

Inter-|  Receive      |         Transmit
face     |bytes       packets   errs      drop   fifo  frame  compressed  multicast|bytes  packets      errs      drop  fifo    colls  carrier  compressed
eth0:    92123116754  94805122  0         0      0     0      0           0                93565689124  94617058  0     0       0      0        0           0
wg0:     1889086196   11451163  8413      62869  0     8413   0           0                56342032204  41609374  0     5685    0      0        0           0
lo:      52141452     150908    0         0      0     0      0           0                52141452     150908    0     0       0      0        0           0
tun0:    1650631998   16914416  0         0      0     0      0           0                30143956312  22000354  0     660246  0      0        0           0

🐧如何在Linux上显示网络接口的丢包

如何找出Linux服务器丢弃数据包的原因

我们可以使用dropwatch:

该项目可帮助开发人员和系统管理员诊断Linux网络堆栈中的问题,尤其是诊断数据包丢失位置的能力。

构建dropwatch

在Ubuntu或Debian Linux上安装必要的工具,库和gcc编译器集合:

sudo apt-get install libpcap-dev libnl-3-dev libnl-genl-3-dev
binutils-dev libreadline6-dev autoconf libtool pkg-config
build-essential

然后克隆存储库,然后编译它:

git clone https://github.com/nhorman/dropwatch
cd dropwatch
./autogen.sh
./configure
make
make install

输出:

Making install in src
make[1]: Entering directory '/tmp/dropwatch/src'
make[2]: Entering directory '/tmp/dropwatch/src'
 /usr/bin/mkdir -p '/usr/local/bin'
  /bin/bash ../libtool   --mode=install /usr/bin/install -c dropwatch dwdump '/usr/local/bin'
libtool: install: /usr/bin/install -c dropwatch /usr/local/bin/dropwatch
libtool: install: /usr/bin/install -c dwdump /usr/local/bin/dwdump
make[2]: Nothing to be done for 'install-data-am'.
make[2]: Leaving directory '/tmp/dropwatch/src'
make[1]: Leaving directory '/tmp/dropwatch/src'
Making install in doc
make[1]: Entering directory '/tmp/dropwatch/doc'
make[2]: Entering directory '/tmp/dropwatch/doc'
make[2]: Nothing to be done for 'install-exec-am'.
 /usr/bin/mkdir -p '/usr/local/share/man/man1'
 /usr/bin/install -c -m 644 dropwatch.1 '/usr/local/share/man/man1'
make[2]: Leaving directory '/tmp/dropwatch/doc'
make[1]: Leaving directory '/tmp/dropwatch/doc'
Making install in tests
make[1]: Entering directory '/tmp/dropwatch/tests'
make[2]: Entering directory '/tmp/dropwatch/tests'
make[2]: Nothing to be done for 'install-exec-am'.
make[2]: Nothing to be done for 'install-data-am'.
make[2]: Leaving directory '/tmp/dropwatch/tests'
make[1]: Leaving directory '/tmp/dropwatch/tests'
make[1]: Entering directory '/tmp/dropwatch'
make[2]: Entering directory '/tmp/dropwatch'
make[2]: Nothing to be done for 'install-exec-am'.
make[2]: Nothing to be done for 'install-data-am'.
make[2]: Leaving directory '/tmp/dropwatch'
make[1]: Leaving directory '/tmp/dropwatch'

像这样运行它:

# dropwatch -l kas

有关更多信息,请参见dropwatch手册页和源代码:

man dropwatch

我还建议尝试使用tcpdump查看网络接口上的丢弃流量。 它通常会提供有关数据包的提示,并且易于在wireshark中进行解析:

man tcpdump

结论

您了解了各种Linux命令,以查看每个Linux接口上的数据包丢失,包括出色的工具(如dropwatch)。

Sidebar