Linux下方便的socket读写查看器（socktop）

Linux下方便的socket读写查看器（socktop） | Erlang非业余研究

Linux下方便的socket读写查看器（socktop）

March 31st, 2011 Yu Feng Leave a comment Go to comments

原创文章，转载请注明： 转载自Erlang非业余研究

本文链接地址: Linux下方便的socket读写查看器（socktop）

晚上 雕梁 说要找个工具来调查下unix域套接字的发送和接受情况，比如说A程序是否送出，B程序是否接收到，他找了tcpdump ,wireshark什么的，貌似都不支持。

这时候还是伟大的systemtap来救助了。 因为所有的socket通讯都是通过socket接口来的，任何family的通讯包括unix域套接都要走的，所以只要截获了socket 读写的几个syscall 就搞定了.

systemtap发行版本提供了个工具socktop， 位于 /usr/share/doc/systemtap/examples/network/socktop, 是个非常方便的工具, 干这个事情最合适了。
 
socktop源码里面的版权和简单的功能介绍：

# Socktop systemtap script
# Copyright (C) 2006 IBM Corp.
#
# This file is part of systemtap, and is free software. You can
# redistribute it and/or modify it under the terms of the GNU General
# Public License (GPL); either version 2, or (at your option) any
# later version.

###
### socktop – Combination shell/systemtap script to track reads and writes
### on sockets by process. Can be filtered by process IDs and
### names, protocols, protocol families, users and socket type.
###

view source

print?

$ uname -r

2.6.18-164.el5

$ rpm -i kernel-debuginfo-common-2.6.18-164.el5.x86_64.rpm

$ rpm -i kernel-debuginfo-2.6.18-164.el5.x86_64.rpm 

#使用帮助

$ /usr/share/doc/systemtap/examples/network/socktop -h

USAGE: socktop [-d] [-i interval] [-N num] [-P protocol]... [-f family]...

               [-t stype]... [-n pname]... [-p pid]... [-u username]... [-h]

    -d           # print network device traffic (default: off)

    -i interval  # interval in seconds between printing (default: 5)

    -N num       # number of top processes and devices to print (default: 10)

    -f family    # this protocol family only (default: all)

    -P protocol  # this protocol only (default: all)

    -t stype     # this socket type only (default: all)

    -n pname     # this process name only (default: all)

    -p pid       # this process ID only (default: all)

    -u username  # this user only (default: all)

    -c count     # number of iteration

    -m mod_name  # generate instrumentation (but do not run)

    -h           # print this help text

Protocol Families:

    LOCAL, INET, INET6, IPX, NETLINK, X25, AX25, ATMPVC, APPLETALK, PACKET

Protocols:

    TCP, UDP, SCTP, IP, FC, ... (see /etc/protocols for complete list)

Socket Types:

    STREAM, DGRAM, RAW, RDM, SEQPACKET, DCCP, PACKET

上面的使用写的很明白了，我们要过滤的是unix套接字， 每5秒报告下情况， 还顺手把网络设备的流量打出来。

view source

print?

$sudo /usr/share/doc/systemtap/examples/network/socktop -f LOCAL -i 5 -d

======================= Thu Mar 31 21:23:03 2011 ========================

------------------------------- PROCESSES -------------------------------

PID   UID     #SEND   #RECV SEND_KB RECV_KB PROT FAMILY   COMMAND       

24821 50453       1       0       0       0 IP   LOCAL    crond         

3840  0           0       2       0       0 IP   LOCAL    syslog-ng     

-------------------------------- DEVICES --------------------------------

DEV             #XMIT         #RECV         XMIT_KB         RECV_KB

eth0              457           250             102              38

bond0             457             0             102               0

lo                 24            24               2               2

eth1                0            10               0               0

=========================================================================

我们很清楚的看到了，crond在发，syslog-ng在收。

如果你想知道报文的内容的话，可以改改脚本把报文也dump出来。

玩得开心!