In our work, we often need to check the real-time network card traffic of the server. Usually, we will check the real-time network card traffic of Linux server through these methods.
1. sar -n DEV 1 2
The sar command is included in the sysstat toolkit and provides many statistics of the system. There are some differences in commands on different systems. The sar provided by some systems supports data statistics based on network interface, and can also view the number of packets received and traffic on the device per second.
sar –n DEV 1 2
After the command, 1 and 2 mean: take the value once every second and take it twice.
DEV displays network interface information
In addition, the - n parameter is very useful. It has six different switches: DEV | EDEV | NFS | NFSD | SOCK | ALL, which represents the following meanings:
- DEV displays network interface information.
- EDEV displays statistics about network errors.
- NFS counts information about active NFS clients.
- NFSD counts the information of NFS server
- SOCK displays socket information
- ALL displays ALL 5 switches
[sre@CDVM-213017031 ~]$ sar -n DEV 1 2 Linux 2.6.32-431.el6.x86_64 (CDVM-213017031) 05/04/2017 _x86_64_ (4 CPU) 08:05:30 PM IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s 08:05:31 PM lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00 08:05:31 PM eth0 1788.00 1923.00 930.47 335.60 0.00 0.00 0.00 08:05:31 PM IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s 08:05:32 PM lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00 08:05:32 PM eth0 1387.00 1469.00 652.12 256.98 0.00 0.00 0.00 Average: IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s Average: lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Average: eth0 1587.50 1696.00 791.29 296.29 0.00 0.00 0.00
Parameter Description:
- IFACE: LAN interface
- rxpck/s: packets received per second
- txpck/s: packets sent every second
- rxbyt/s: number of bytes received per second
- txbyt/s: number of bytes sent per second
- rxcmp/s: compressed packets received per second
- txcmp/s: compressed packets sent every second
- rxmcst/s: multicast packets received per second
- rxerr/s: bad packets received per second
- txerr/s: bad packets sent every second
- coll/s: number of conflicts per second
- rxdrop/s: the number of received packets dropped per second because the buffer is full
- txdrop/s: the number of sent packets dropped per second because the buffer is full
- txcarr/s: number of carrier errors per second when sending packets
- rxfram/s: the number of frame alignment errors received per second
- rxfifo/s: the number of FIFO over speed errors per second of received packets
- txfifo/s: the number of FIFO over speed errors per second in packets sent
This method is simple, intuitive and recommended.
2. Real time monitoring script
#!/bin/bash ethn=$1 while true do RX_pre=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $2}') TX_pre=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $10}') sleep 1 RX_next=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $2}') TX_next=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $10}') clear echo -e "\t RX `date +%k:%M:%S` TX" RX=$((${RX_next}-${RX_pre})) TX=$((${TX_next}-${TX_pre})) if [[ $RX -lt 1024 ]];then RX="${RX}B/s" elif [[ $RX -gt 1048576 ]];then RX=$(echo $RX | awk '{print $1/1048576 "MB/s"}') else RX=$(echo $RX | awk '{print $1/1024 "KB/s"}') fi if [[ $TX -lt 1024 ]];then TX="${TX}B/s" elif [[ $TX -gt 1048576 ]];then TX=$(echo $TX | awk '{print $1/1048576 "MB/s"}') else TX=$(echo $TX | awk '{print $1/1024 "KB/s"}') fi echo -e "$ethn \t $RX $TX " done
This script does not need to install additional software, and can customize the interface to be viewed, accurate to decimal, and can flexibly display the unit according to the flow size. The default acquisition interval is 1 second.
Usage:
1. Save the script as an executable script file, such as net sh.
2,chmod +x ./net.sh changes the file to an executable script.
3,sh net.sh eth0 can start monitoring the interface eth0 traffic, and press ctrl+c to exit.
The script is obtained by reading the network real-time data in the runtime file system / proc/net/dev and simple calculation. For the directory / proc/net/dev, see below.
3. cat /proc/net/dev
The Linux kernel provides a mechanism to access the internal data structure of the kernel and change the kernel settings at runtime through the / proc file system. Proc file system is a pseudo file system, which only exists in memory and does not occupy external memory space. It provides an interface for accessing system kernel data in the form of file system. Users and applications can get the information of the system through proc, and can change some parameters of the kernel. Because the information of the system, such as the process, changes dynamically, when the user or application reads the proc file, the proc file system dynamically reads the required information from the system kernel and submits it/ The proc file system contains many directories, in which / proc/net/dev holds the network adapter and statistics.
[sre@CDVM-213017031 ~]$ cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo:137052296 108029 0 0 0 0 0 0 137052296 108029 0 0 0 0 0 0 eth0:13661574714188 31346790620 0 0 0 0 0 0 5097461049535 27671144304 0 0 0 0 0 0 The leftmost indicates the name of the interface, Receive Indicates packet receipt, Transmit Indicates the sending packet; bytes Indicates the number of bytes sent and received; packets Indicates the correct number of packets sent and received; errs Indicates the amount of packets sent and received incorrectly; drop Indicates the number of packets received and received and discarded;
In fact, many commands we often use to view the real-time traffic of the network card are obtained by reading the real-time traffic under the directory and simple calculation.
4. Use the watch command in combination with ifconfig, more /proc/net/dev and cat /proc/net/dev to monitor in real time. For example, execute watch -n 1 "ifconfig eth0"
Every 1.0s: ifconfig eth0 Thu May 4 20:26:45 2017 eth0 Link encap:Ethernet HWaddr FA:16:3E:7E:55:D1 inet addr:10.213.17.31 Bcast:10.213.23.255 Mask:255.255.248.0 inet6 addr: fe80::f816:3eff:fe7e:55d1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:31350149703 errors:0 dropped:0 overruns:0 frame:0 TX packets:27674701465 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:13663400883450 (12.4 TiB) TX bytes:5098104759633 (4.6 TiB)
Watch can help you monitor the running results of a command, saving you from running it manually over and over again. Under Linux, watch executes the next program periodically and displays the execution results in full screen.
Finally, in addition to the above, there are many ways to view the network card traffic of the current system. I won't repeat them one by one. If the above methods can't meet your needs, please google by yourself.
Methods 1 and 2 are highly recommended based on their ease of use and readability.
.