统计
1、netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
2 ss -s
3 netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rn
4 netstat -an | grep TIME_WAIT | awk '{print $4}' | sort | uniq -c | sort -n -k1
5 netstat -an | grep TIME_WAIT | awk '{print $5}' | sort | uniq -c | sort -n -k1 | head -n 9
抓包
tcpdump tcp -i any -nn port 12345 | grep "1.1.1.5"
找到罪魁祸首后通过修改内核参数解决
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
vi /etc/sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse=1 #让TIME_WAIT状态可以重用,这样即使TIME_WAIT占满了所有端口,也不会拒绝新的请求造成障碍 默认是0
net.ipv4.tcp_tw_recycle=1 #让TIME_WAIT尽快回收 默认0
net.ipv4.tcp_fin_timeout=30
/sbin/sysctl -p 让修改生效
再查看,已经恢复正常
注意避坑
net.ipv4.tcp_tw_recycle = 1 (在NAT网络中不建议开启,要设置为0),并且开启net.ipv4.tcp_timestamps = 1以上两个参数才生产
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
TIME_WAIT 69
CLOSE_WAIT 4
FIN_WAIT2 15
ESTABLISHED 236
LAST_ACK 1