netstat Recv-Q和Send-Q判断包在哪端

通过netstat -anp可以查看机器的当前连接状态:

 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8139            0.0.0.0:*               LISTEN      -               
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      -               
tcp        0      0 0.0.0.0:26837           0.0.0.0:*               LISTEN      -               
tcp        0      0 0.0.0.0:1046            0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -               
tcp6       0    910 10.100.83.145:57142     10.100.83.140:80        ESTABLISHED 7072/java       
tcp6       0      0 10.100.83.145:57114     10.100.83.140:80        ESTABLISHED 7072/java       
tcp6       0    914 10.100.83.145:57117     10.100.83.140:80        ESTABLISHED 7072/java       
tcp6       0    910 10.100.83.145:57126     10.100.83.140:80        ESTABLISHED 7072/java       
tcp6       0      0 10.100.83.145:57159     10.100.83.140:80        ESTABLISHED 7072/java       
tcp6       0      0 10.100.83.145:57128     10.100.83.140:80        ESTABLISHED 7072/java 
 
对proto,localAddress等都比较好理解,其中Recv-Q Send-Q具体是什么含义呢?为什么Send-Q时长不为0呢?不为0是不是表示网络出口阻塞了呢?针对这个问题查了下相关资料。
 
一个较详细的解释是:
What It Means
"Proto" is short for protocol, which is either TCP or UDP. "Recv-Q" and "Send-Q" mean receiving queue and sending queue. These should always be zero; if they're not you might have a problem. Packets should not be piling up in either queue, except briefly, as this example shows: 
tcp 0 593 192.168.1.5:34321 venus.euao.com:smtp ESTABLISHED 
That happened when I hit the "check mail" button in KMail; a brief queuing of outgoing packets is normal behavior. If the receiving queue is consistently jamming up, you might be experiencing a denial-of-service attack. If the sending queue does not clear quickly, you might have an application that is sending them out too fast, or the receiver cannot accept them quickly enough. 
"Local address" is either your IP and port number, or IP and the name of a service. "Foreign address" is the hostname and service you are connected to. The asterisk is a placeholder for IP addresses, which of course cannot be known until a remote host connects. "State" is the current status of the connection. Any TCP state can be displayed here, but these three are the ones you want to see。
 
大致的意思是:
Recv-Q Send-Q分别表示网络接收队列,发送队列。Q是Queue的缩写。

这两个值通常应该为0,如果不为0可能是有问题的。packets在两个队列里都不应该有堆积状态。可接受短暂的非0情况。如文中的示例,短暂的Send-Q队列发送pakets非0是正常状态。

如果接收队列Recv-Q一直处于阻塞状态,可能是遭受了拒绝服务 denial-of-service 攻击。
如果发送队列Send-Q不能很快的清零,可能是有应用向外发送数据包过快,或者是对方接收数据包不够快。

 

Recv-Q:表示收到的数据已经在本地接收缓冲,但是还有多少没有被进程取走,recv()

Send-Q:对方没有收到的数据或者说没有Ack的,还是本地缓冲区.

通过netstat的这两个值就可以简单判断程序收不到包到底是包没到还是包没有被进程recv。

 

转自:https://www.cnblogs.com/felixzh/p/8980688.html

posted @ 2019-12-05 16:48  寒冰宇若  阅读(797)  评论(0编辑  收藏  举报