More Related Content Similar to Unix Monitoring Tools (20) More from SEA Tecnologia (20) Unix Monitoring Tools6. $ ps -A
PID TTY TIME CMD
1 ? 00:00:00 init
2 ? 00:00:00 ksoftirqd/0
3 ? 00:00:00 events/0
4 ? 00:00:00 khelper
5 ? 00:00:00 kthread
7 ? 00:00:00 kacpid
89 ? 00:00:00 kblockd/0
92 ? 00:00:00 khubd
138 ? 00:00:00 pdflush
139 ? 00:00:01 pdflush
141 ? 00:00:00 aio/0
140 ? 00:00:15 kswapd0
227 ? 00:00:00 kseriod
386 ? 00:00:00 kjournald
1303 ? 00:00:00 udevd
1756 ? 00:00:04 kjournald
1757 ? 00:00:00 kjournald
1758 ? 00:00:27 kjournald
1759 ? 00:00:02 kjournald
2488 ? 02:31:43 named
2547 ? 00:00:02 syslogd
2551 ? 00:00:00 klogd
2579 ? 00:00:00 portmap
2599 ? 00:00:00 rpc.statd
2637 ? 00:00:00 rpc.idmapd
2720 ? 00:00:02 nifd
2752 ? 00:00:00 mDNSResponder
2764 ? 00:00:00 smartd
2774 ? 00:00:00 acpid
2784 ? 00:00:01 sshd
(...)
6
7. $ ps -C httpd
PID TTY TIME CMD
29361 ? 00:00:13 httpd
30204 ? 00:01:39 httpd
31855 ? 00:00:00 httpd
31856 ? 00:00:00 httpd
31857 ? 00:00:00 httpd
31859 ? 00:00:00 httpd
31860 ? 00:00:00 httpd
31862 ? 00:00:00 httpd
31863 ? 00:00:02 httpd
31866 ? 00:00:00 httpd
31868 ? 00:00:11 httpd
31869 ? 00:00:00 httpd
31872 ? 00:00:00 httpd
31879 ? 00:00:02 httpd
31902 ? 00:00:00 httpd
31905 ? 00:00:02 httpd
31906 ? 00:00:00 httpd
32376 ? 00:00:00 httpd
32387 ? 00:00:00 httpd
32388 ? 00:00:00 httpd
32389 ? 00:00:00 httpd
32756 ? 00:00:00 httpd
7
8. $ ps -p 3078
PID TTY TIME CMD
3078 ? 01:09:10 java
$ ps -u alegomes
PID TTY TIME CMD
480 ? 00:00:00 sshd
481 pts/0 00:00:00 bash
707 pts/0 00:00:00 ps
8
11. $ top -h
top: procps version 3.2.3
usage: top -hv | -bcisS -d delay -n iterations [-u user | -U user] -p pid [,pid ...]
11
16. $ netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 atlantico.seatecnolog:45081 viewvc:ldap ESTABLISHED
tcp 0 0 localhost:53094 localhost:8009 ESTABLISHED
tcp 0 0 atlantico.seatecnolog:45888 viewvc:ldap ESTABLISHED
tcp 0 0 atlantico.seatecnolog:48511 viewvc:ldap ESTABLISHED
tcp 0 0 localhost:mysql localhost:33856 ESTABLISHED
tcp 0 0 localhost:mysql localhost:33857 ESTABLISHED
tcp 0 0 localhost:mysql localhost:32796 ESTABLISHED
tcp 0 0 localhost:mysql localhost:32793 ESTABLISHED
tcp 0 0 atlantico.seatecnolog:41514 viewvc:ldap ESTABLISHED
tcp 0 0 localhost:mysql localhost:35863 ESTABLISHED
tcp 0 0 localhost:44443 localhost:8009 ESTABLISHED
tcp 0 0 localhost:44442 localhost:8009 ESTABLISHED
tcp 0 0 localhost:44441 localhost:8009 ESTABLISHED
tcp 0 0 localhost:42265 localhost:8009 ESTABLISHED
tcp 0 0 localhost:42218 localhost:8009 ESTABLISHED
tcp 0 0 localhost:42223 localhost:8009 ESTABLISHED
tcp 0 0 localhost:47238 localhost:8009 ESTABLISHED
tcp 0 0 localhost:47236 localhost:8009 ESTABLISHED
tcp 0 0 localhost:47235 localhost:8009 ESTABLISHED
tcp 0 0 localhost:47232 localhost:8009 ESTABLISHED
tcp 0 0 localhost:47233 localhost:8009 ESTABLISHED
tcp 0 0 localhost:47230 localhost:8009 ESTABLISHED
tcp 0 0 localhost:47231 localhost:8009 ESTABLISHED
tcp 0 0 localhost:47228 localhost:8009 ESTABLISHED
tcp 0 0 localhost:47229 localhost:8009 ESTABLISHED
tcp 0 0 localhost:mysql localhost:33855 ESTABLISHED
tcp 0 0 atlantico.seatecnolog:54489 viewvc:http ESTABLISHED
tcp 0 0 atlantico.seatecnolog:49894 viewvc:ldap ESTABLISHED
tcp 0 0 atlantico.seatecnolog:44141 ::ffff:192.168.1.6:mysql ESTABLISHED
tcp 0 0 localhost:8009 localhost:44443 ESTABLISHED 16
17. $ netstat -an | grep -i list
tcp 0 0 0.0.0.0:2144 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9102 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.4:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 0 :::32804 :::* LISTEN
tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN
tcp 0 0 :::8009 :::* LISTEN
tcp 0 0 :::1099 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::8080 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
17
24. $ vmstat
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
0 0 56020 21864 21848 73660 0 0 5 11 2 10 3 0 97 0
$ vmstat 2
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
1 0 56020 17684 25224 74536 0 0 5 11 2 10 3 0 97 0
0 0 56020 17684 25232 74536 0 0 0 16 1015 330 0 0 100 0
0 0 56020 17684 25240 74536 0 0 0 12 1012 329 0 0 100 0
0 0 56020 17684 25248 74536 0 0 0 26 1015 328 0 0 100 0
0 0 56020 17684 25248 74536 0 0 0 0 1012 329 0 0 100 0
0 0 56020 17684 25256 74536 0 0 0 6 1015 225 63 0 37 0
0 0 56020 17560 25264 74536 0 0 0 10 1032 367 0 0 100 0
0 0 56020 17560 25264 74536 0 0 0 0 1013 321 0 0 100 0
0 0 56020 17560 25272 74536 0 0 0 14 1031 351 0 0 100 0
0 0 56020 17560 25272 74536 0 0 0 0 1012 321 0 0 100 0
24
27. $ lsof -?
lsof 4.77
latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
usage: [-?abhlnNoOPRstUvV] [+|-c c] [+|-d s] [+D D] [+|-f[cfgGn]]
[-F [f]] [-g [s]] [-i [i]] [-k k] [+|-L [l]] [-m m] [+|-M] [-o [o]]
[-p s] [+|-r [t]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]
Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.
-?|-h list help -a AND selections (OR) -b avoid kernel blocks
-c c cmd c, /c/[bix] +c w COMMAND width (9)
+d s dir s files -d s select by FD set +D D dir D tree *SLOW?*
-i select IPv[46] files -l list UID numbers
-n no host names -N select NFS files -o list file offset
-O avoid overhead *RISK -P no port names -R list paRent PID
-s list file size -t terse listing -T disable TCP/TPI info
-U select Unix socket -v list version info -V verbose search
+|-w Warnings (+) -- end option scan
+f|-f +filesystem or -file names +|-f[cfgGn] Ct Fstr flaGs Node
-F [f] select fields; -F? for help -k k kernel symbols (/mach_kernel)
+|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)
-m m kernel memory (/dev/kmem)
+|-M portMap registration (-) -o o o 0t offset digits (8)
-p s exclude(^)|select PIDs -S [t] t second stat timeout (15)
-T fqs TCP/TPI Fl,Q,St (s) info
-g [s] exclude(^)|select and print process group IDs
-i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]
+|-r [t] repeat every t seconds (15); + until no files, - forever
-u s exclude(^)|select login|UID set s
-x [fl] cross over +d|+D File systems or symbolic Links
names select named files or files on named file systems
Only root can list all files; /dev warnings enabled; kernel ID check disabled. 27
28. $ lsof
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ATSServer 173 alegomes cwd VDIR 14,2 1428 2 /
ATSServer 173 alegomes 0r VCHR 3,2 0t0 61137924 /dev/null
ATSServer 173 alegomes 1w VCHR 3,2 0t0 61137924 /dev/null
ATSServer 173 alegomes 2w VCHR 3,2 0t1428748 61137924 /dev/null
ATSServer 173 alegomes 3r 0x03a8a220 file struct, ty=0x3, op=0x384768
ATSServer 173 alegomes 4r 0x03a8a5a0 file struct, ty=0x3, op=0x384768
ATSServer 173 alegomes 5u VREG 14,2 225280 282757 /Library/Caches/com.apple.ATS/501/filetoken.db
ATSServer 173 alegomes 6u VREG 14,2 204800 282758 /Library/Caches/com.apple.ATS/501/fonts.db
ATSServer 173 alegomes 7u VREG 14,2 53248 282759 /Library/Caches/com.apple.ATS/501/qdfams.db
ATSServer 173 alegomes 8u VREG 14,2 57344 282760 /Library/Caches/com.apple.ATS/501/annex.db
ATSServer 173 alegomes 9u VREG 14,2 7445316 282761 /Library/Caches/com.apple.ATS/501/annex_aux
ATSServer 173 alegomes 10r VREG 14,2 1135530 261575 /System/Library/Frameworks/
ApplicationServices.framew
ork/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/SynthDB.rsrc
loginwind 176 alegomes cwd VDIR 14,2 2380 231123 /Users/alegomes
loginwind 176 alegomes 0u VCHR 3,2 0t0 61137924 /dev/null
loginwind 176 alegomes 1u VCHR 0,0 0t140 61140100 /dev/console
loginwind 176 alegomes 2u VCHR 0,0 0t140 61140100 /dev/console
loginwind 176 alegomes 3r 0x03a8aba0 file struct, ty=0x3, op=0x384768
loginwind 176 alegomes 4u unix 0x03a9adb0 0t0 ->0x03a9c7d0
loginwind 176 alegomes 5r 0x03a8ab50 file struct, ty=0x3, op=0x384768
28
31. $ iostat -h
iostat: illegal option -- h
usage: iostat [-CdIKoT?] [-c count] [-n devs]
[-w wait] [drives]
31
32. $ iostat
disk0 cpu
KB/t tps MB/s us sy id
20.11 3 0.06 42 17 41
$ iostat -c 10
disk0 cpu
KB/t tps MB/s us sy id
20.11 3 0.06 42 17 41
0.00 0 0.00 66 20 14
0.00 0 0.00 63 26 11
12.56 8 0.10 67 20 13
6.30 15 0.09 70 20 10
32
35. $ sar
sar: failed to open input file [-1][/var/log/sa/sa21]
/usr/bin/sar [-Adgpu] [-n { DEV | EDEV | PPP } ] [-o filename] t [n]
/usr/bin/sar [-Adgpu] [-n { DEV | EDEV | PPP }] [-e time] [-f filename] [-i sec] [-s time]
35
36. $ sar 5 10
18:16:10 %usr %sys %idle
18:16:15 66 21 14
18:16:20 74 17 10
18:16:25 66 21 13
18:16:30 70 18 12
18:16:35 69 17 14
18:16:40 69 17 14
18:16:45 64 20 16
18:16:50 70 16 14
18:16:55 70 18 11
18:17:00 68 18 14
Average: 68 18 13
36
39. $ nmap
Nmap 3.70 Usage: nmap [Scan Type(s)] [Options] <host or net list>
Some Common Scan Types ('*' options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sV Version scan probes open ports determining service & app names/versions
-sR RPC scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p <range> ports to scan. Example range: 1-1024,1080,6666,31337
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended. Use twice for greater effect.
-P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-6 scans via IPv6 rather than IPv4
-T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile>
-iL <inputfile> Get targets from file; Use '-' for stdin
* -S <your_IP>/-e <devicename> Specify source address or network interface
--interactive Go into interactive mode (then press h for help)
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
39
40. $ nmap 192.168.1.4
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2009-05-20 16:09 BRT
Interesting ports on atlantico.seatecnologia.com.br (192.168.1.4):
(The 1648 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
873/tcp open rsync
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy
Nmap run completed -- 1 IP address (1 host up) scanned in 0.436 seconds
40
43. $ tcpdump -?
tcpdump version 3.9.7
libpcap version 0.8.3
Usage: tcpdump [-aAdDefKlLnNOpqRStuUvxX] [-c count] [ -C file_size ]
[ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
[ -W filecount ] [ -y datalinktype ] [ -Z user ]
[ expression ]
43
44. $ sudo tcpdump
tcpdump: WARNING: en0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 96 bytes
44
45. $ sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...
45
46. $ sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
45
47. $ sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
45
48. $ sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
45
49. $ sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
45
50. $ sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
45
51. $ sudo tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27
16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28
16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30
16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40)
16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105)
16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41)
16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106)
16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40)
16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105)
16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40)
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
...
16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105)
45
54. ➊
Acompanhar, com comandos Unix, o
consumo de CPU, memória e tráfego
de rede durante testes de carga de
alguma aplicação Web.
48
Editor's Notes
KB/t - KB por transferencia
tps - transferencias por segundo (?)
MB/s - :-/
us - tempo % da CPU gasto em processos de usuarios
sy - tempo % da CPU gasto em processos de systema
id - tempo % da CPU em estado ocioso