<![CDATA[向东博客专注WEB应用构架之美 --- 构架之美，在于尽态极妍

<![CDATA[向东博客专注WEB应用构架之美 --- 构架之美，在于尽态极妍 | 应用之美，在于药到病除]]> http://jackxiang.com/index.php zh-cn http://jackxiang.com/post// <![CDATA[Linux下方便的socket读写查看器（socktop）]]> jack <xdy108@126.com> Thu, 19 May 2011 07:17:48 +0000 http://jackxiang.com/post//
晚上找个工具来调查下unix域套接字的发送和接受情况，比如说A程序是否送出，B程序是否接收到，他找了tcpdump ,wireshark什么的，貌似都不支持。

这时候还是伟大的systemtap来救助了。因为所有的socket通讯都是通过socket接口来的，任何family的通讯包括unix域套接都要走的，所以只要截获了socket 读写的几个syscall 就搞定了.

systemtap发行版本提供了个工具socktop，位于 /usr/share/doc/systemtap/examples/network/socktop, 是个非常方便的工具, 干这个事情最合适了。

socktop源码里面的版权和简单的功能介绍：

    # Socktop systemtap script
    # Copyright (C) 2006 IBM Corp.
    #
    # This file is part of systemtap, and is free software. You can
    # redistribute it and/or modify it under the terms of the GNU General
    # Public License (GPL); either version 2, or (at your option) any
    # later version.

    ###
    ### socktop – Combination shell/systemtap script to track reads and writes
    ### on sockets by process. Can be filtered by process IDs and
    ### names, protocols, protocol families, users and socket type.
    ###

$ uname -r
2.6.18-164.el5

$ rpm -i kernel-debuginfo-common-2.6.18-164.el5.x86_64.rpm
$ rpm -i kernel-debuginfo-2.6.18-164.el5.x86_64.rpm

#使用帮助
$ /usr/share/doc/systemtap/examples/network/socktop -h
USAGE: socktop [-d] [-i interval] [-N num] [-P protocol]... [-f family]...
               [-t stype]... [-n pname]... [-p pid]... [-u username]... [-h]
    -d           # print network device traffic (default: off)
    -i interval  # interval in seconds between printing (default: 5)
    -N num       # number of top processes and devices to print (default: 10)
    -f family    # this protocol family only (default: all)
    -P protocol  # this protocol only (default: all)
    -t stype     # this socket type only (default: all)
    -n pname     # this process name only (default: all)
    -p pid       # this process ID only (default: all)
    -u username  # this user only (default: all)
    -c count     # number of iteration
    -m mod_name  # generate instrumentation (but do not run)
    -h           # print this help text

Protocol Families:
    LOCAL, INET, INET6, IPX, NETLINK, X25, AX25, ATMPVC, APPLETALK, PACKET

Protocols:
    TCP, UDP, SCTP, IP, FC, ... (see /etc/protocols for complete list)

Socket Types:
    STREAM, DGRAM, RAW, RDM, SEQPACKET, DCCP, PACKET

上面的使用写的很明白了，我们要过滤的是unix套接字，每5秒报告下情况，还顺手把网络设备的流量打出来。
$sudo /usr/share/doc/systemtap/examples/network/socktop -f LOCAL -i 5 -d
======================= Thu Mar 31 21:23:03 2011 ========================
------------------------------- PROCESSES -------------------------------
PID   UID     #SEND   #RECV SEND_KB RECV_KB PROT FAMILY   COMMAND
24821 50453       1       0       0       0 IP   LOCAL    crond
3840  0           0       2       0       0 IP   LOCAL    syslog-ng

-------------------------------- DEVICES --------------------------------
DEV             #XMIT         #RECV         XMIT_KB         RECV_KB
eth0              457           250             102              38
bond0             457             0             102               0
lo                 24            24               2               2
eth1                0            10               0               0
=========================================================================

我们很清楚的看到了，crond在发，syslog-ng在收。

如果你想知道报文的内容的话，可以改改脚本把报文也dump出来。

玩得开心!

来源：http://blog.yufeng.info/archives/1280 ]]> http://jackxiang.com/post//#blogcomment <![CDATA[[评论] Linux下方便的socket读写查看器（socktop）]]> <user@domain.com> Thu, 01 Jan 1970 00:00:00 +0000 http://jackxiang.com/post//#blogcomment