1,100.0.0.16 / 28 corresponding to the network gateway address, the broadcast address may be assigned an IP address range
32. 4 16. 8 64 128 2. 1
0. 1. 1. 1 0 0 0 0 00000000 00000000 0001 | 0000 (first 28 bits of the network address, the host can be represented by 4 bits)
0001
1111
Gateway Address: 100.0.0.16
broadcast address: 100.0. 0.31
assignable ip address range: 100.0.0.17 ~ 100.0.0.30
2, using the man page to learn to use tcpdump
tcpdump is a tool used to crawl content network packet information described, after the capture, reports the three count data:
captured: the number of packets received and processed tcpdump.
received by filter: filter expression is matched to the number of packets.
dropped by kernel: After the buffer is full, the number of packets discarded kernel (depending on the system will notify tcpdump).
用法:tcpdump [options] [expression]
Options:
-A: display in ASCII package content for crawling web pages very friendly.
-B cuffer_size: set the buffer size of the operating system.
-c count: Specifies the number of packets up to grab, default will always fetch.
-C file_size: -w use configuration, after the file exceeds file_size, automatic scrolling, the original file name with a numeric prefix, starting at 1. file_size unit is mb, is an integer unit (1000 1000 bytes), not a computer unit (1024 1024 bytes).
-d: converting code into a readable capture standard format.
-dd: Ethereal to convert a readable code into C-style code.
-D: lists the number of the current network interface and the capture system may be used.
-e: display link layer header information.
-E: Use spi @ ipaddr algo: secret for decrypting IPsec ESP packets. Available algorithms: des-cbc, 3des-cbc, blowfish-cbc, rc3-cbc, cast128-cbc, none, default is des-cbc.
-f: ipv4 address external display, using a digital format, instead of using name
-F file: read filter expression from a file, ignoring the command line filter expression.
-G rotate_seconds: Time output file scroll interval in seconds. Each rolling file, add the suffix, in the format of strftime (3) format generated. If you specify the -C option, file name format taken -C format.
-i: Specifies the listening network interface (available -D option to view the available interfaces). If not specified, the default will select the smallest number of non-local loopback interface. If you specify any interface will grab all the interfaces of the package, but can not open promiscuous mode.
-I: to enter the monitor mode (only for wifi device). After use -I, specified interface can not communicate with the network.
-j tstamp_type: modification timestamp format.
-J: list interface supports timestamp format.
--time-stamp-precision = tstamp_precision: Specifies the timestamp precision, accuracy depends on the specific hardware platform. Available units for the micro and nano, the default is micro.
-K: do not validate IP, TCP, UDP checksum.
-l: will output to standard output (default).
-L: lists the available types of the data link layer.
m module: load SMI MIB module from the module file may be specified more.
-M secret: If tcp packets specified TCP-MD5 digest, for verification using secret.
-n: Displays the host address in digital form.
-nn: Displays the port number in digital form.
-N: do not show the domain name.
-O: not optimize packet-matching.
-p: Disable promiscuous mode.
-Q / -P in | out | inout: Specifies the package which flows to capture.
-q: output only less protocol information.
-r file: file read from the package, available - indicates read from standard input.
-S: TCP sequence number of the absolute value of the output.
-s: Set fetch packet length, 0 represents the default value 65536bytes.
-T type: parsing packet using the specified type, the type is available aodv, cnfp, rpc, rtp, rtcp, snmp, tftp, vat, wb.
-t: no output timestamp.
-tt: timestamp unformatted.
-ttt: output a relative time stamp from the previous row.
-tttt: timestamp default output format.
-ttttt: a first output line representing a relative time stamp.
-u: output unencrypted NFS handles.
-U: with w used when writing to a file, written immediately, without the use of a buffer.
-v: verbose output.
-vv: more detail.
-vvv: more and more detailed.
-w file: write the results to a file instead of printing to standard output.
-W filecount: Specifies the maximum number of rolling papers, when using with -C, if more than the number, the file name from the beginning, before the file is overwritten; with -G use when, if more than the number of exits.
-x: print header information of each packet, and in hexadecimal format printing packet data.
-xx: -x in based on the link layer to the print head 16 hex.
-y dataliktype:设置datalinktype。
-z postrotate-command: -C or -G with the use, operation command to the specified file, for example, will use the -z gzip compressed with gzip files.
-Z user: Use specified user identity to run.
expression filter:
type: Specifies what type of network packet capture.
host: Specifies the host, the default value; The host foo.
net: specify the network segment; The net 128.3.
port: Specifies the port; The port 22.
portrange: specified port range; as portrange 6000-6008.
dir: Specifies which flows to packet capture.
src: src flows captured from the package; as src foo.
dst: dst captured packets flow; as dst net 128.3.
src or dst: dst capture flow or flows of packets from src; The src or dst port ftp-data.
src and dst: dst capture the flow of packets from src.
proto: package which protocol specified capture, do not specify a default packet capture all protocols.
ether
fddi
tr
wlan
ip
ip6
arp
rarp
decnet
tcp
udp
and, or, not: combinations of conditions.
Example:
Grab bag from magedu of: tcpdump host magedu.com
3, described in detail the reasons zombie processes and hazards arising
After the child process exits, it has not had time to be cleaning up the parent, or the parent does not call wait or waitpid wait for the child over, there is no explicit ignored SIGCHLD signal, this child process becomes a zombie process; if the parent process exits, the impasse process will It was taken over by the init process, after cleaning up its process information, to kill the zombie process; but if the parent has not quit (such as service process, httpd, nginx, etc.), zombie process has been in existence;
Although zombie process will not be scheduled for execution, but it still occupies a process ID, also in the process table on its own line resources, if the zombie process too much, it will cause a lot of waste of resources, and even cause system crashes.
4, a detailed description of the meaning of the output vmstat
procs: process-related information.
r: running or the amount of processes waiting to run.
b: the number of processes can not be interrupted blink.
memory: memory-related information.
swpd: Virtual memory usage.
free: the remaining amount of physical memory.
buff: the amount of memory buffer.
cache: the amount of cache memory.
swap: swap partition information.
si: the amount (kb / s) into the disk change.
so: the amount of swapped out to disk (kb / s).
io: io related information.
bi: the amount (blocks / s) read block device.
bo: write to Block device (blocks / s).
system: kernel-related information.
in: generating the number of interrupts per second
cs: number of context switches per second.
cpu: cpu time related information.
us: user space occupied by the percentage of time the cpu.
sy: kernel space occupied by the percentage of time the cpu.
id: percentage of idle time (before 2.5.41, further comprising a waiting time io).
wa: the percentage of time to wait for io in (before 2.5.41, is included in the id time).
st: time stolen virtual machine (only after 2.6.11)
Reproduced in: https: //blog.51cto.com/14387464/2410479