[root@vpser ~]# nethogs -h
usage: nethogs [-V] [-b] [-d seconds] [-t] [-p] [device [device [device …]]] //nethogs可以使用的参数
-V : prints version.//打印版本信息
-d : delay for update refresh rate in seconds. default is 1. //延迟刷新时间，单位秒，默认1秒
-t : tracemode. //跟踪模式
-b : bughunt mode – implies tracemode. //bughunt模式
-p : sniff in promiscious mode (not recommended). //混合模式下嗅探，不推荐
device : device(s) to monitor. default is eth0 //监听的设备，默认是eth0，也就是网卡设备名称，如果是openvz的vps一般都是venet0，具体可以ifconfig进行查看，lo为本地回环，用不到。多个网卡可以一块写上，空格隔开。
When nethogs is running, press: //nethogs运行是可以使用以下按键进行操作
q: quit //运行时，按 q 键退出
m: switch between total and kb/s mode //按 m 键，切换单位或显示进程占用速度或已统计使用的流量。切换顺序是KB/sec->KB->B->MB
r : Sort by received. //按received进行排序
s : Sort by sent. //按send进行排序
How to Install and Configure ‘Cache Only DNS Server’ with ‘Unbound’ in RHEL/CentOS 7
Caching name servers using ‘Unbound‘ ( is a validating, recursive, and caching DNS server software ), back in RHEL/CentOS 6.x (where x is version number), we used bind software to configure DNS servers.
Here in this article, we are going to use ‘unbound‘ caching software to install and configure a DNS Server in RHEL/CentOS 7 systems.
Setup Cahing DNS Server in RHEL/CentOS 7
DNS cache servers are used to resolve any DNS query they receive. If the server caches the query and in future the same queries requested by any clients the request will be delivered from DNS ‘unbound‘ cache, this can be done in milliseconds than the first time it resolved.
Caching will only act as a agent to resolve the query of client from any one of the forwarders. Using caching server, will reduce the loading time of webpages by keeping the cache database in unbound server.
My Server and Client Setup
For demonstration purpose, I will be using two systems. The first system will act as a Master(Primary) DNS server and the second system will act as a local DNS client.
Master DNS Server
Operating System : CentOS Linux release 7.0.1406 (Core)
IP Address : 192.168.0.50
Host-name : ns.tecmintlocal.com
Operating System : CentOS 6
IP Address : 192.168.0.100
Host-name : client.tecmintlocal.com
Step 1: Check System Hostname and IP
1. Before setting up a caching DNS server, make sure that you’ve added correct hostname and configured correct static IP address for your system, if not set the system static IP address.
2. After, setting correct hostname and static IP address, you can verify them with the help of following commands.
# ip addr show | grep inet
Step 2: Installing and Configuring Unbound
3. Before installing ‘Unbound’ package, we must update the our system to latest version, after that we can install the unbound package.
# yum update -y
# yum install unbound -y
4. After package has been installed, make a copy of the unbound configuration file before making any changes to original file.
8. Now it’s time to check our DNS cache, by doing a ‘drill’ (query) one ‘india.com‘ domain. At first the ‘drill‘ command results for ‘india.com‘ domain will take some milliseconds, and then do a second drill and have a note on Query time it takes for both drills.
drill india.com @192.168.0.50
Did you see in the above output, the first query taken almost 262 msec to resolve and the second query takes 0 msec to resolve domain (india.com).
That means, the first query gets cached in our DNS Cache, so when we run ‘drill’ second time the query served from our local DNS cache, this way we can improve loading speed of websites.
Step 4: Flush Iptables and Add Firewalld Rules
9. We can’t use both iptables and firewalld at same time on same machine, if we do both will conflict with each other, thus removing ipables rules will be a good idea. To remove or flush the iptables, use the following command.
# iptables -F
10. After removing iptables rules permanently, now add the DNS service to firewalld list permanently.
11. After adding DNS service rules, list the rules and confirm.
# firewall-cmd --list-all
Step 5: Managing and Troubleshooting Unbound
12. To get the current server status, use the following command.
# unbound-control status
Check Unbound DNS Status
Dumping DNS Cache
13. If in-case you would like to have a dump of a DNS cache information in a text file, you can redirect it to some file using below command for future use.
# unbound-control dump_cache > /tmp/DNS_cache.txt
Backup DNS Cache
14. To restore or import the cache from the dumped file, you can use following command.
# unbound-control dump_cache < /tmp/DNS_cache.txt
Restore DNS Cache
Flushing DNS Records
15. To check whether the specific address was resolved by our forwarders in unbound cache Server, use the below command.
# unbound-control lookup google.com
Check DNS Lookup
16. Some times if our DNS cache server will not reply our query, in mean time we can use to flush the cache to remove information such as A, AAA, NS, SO, CNAME, MX, PTR etc.. records from DNS cache. We can remove all information using flush_zone this will remove all informations.
17. To check which forwards are currently used to resolve.
# unbound-control list_forwards
Check Current DNS Forwards
Step 6: Client Side DNS Configuration
18. Here I’ve used a CentOS 6 server as my client machine, IP for this machine is 192.168.0.100 and I’m going to use my unbound DNS server IP (i.e Primary DNS) in it’s interface configuration.
Log-into the Client machine and set the Primary DNS server IP to our unbound server’s IP.
Run the setup command and choose network configuration from TUI network manager.
Then choose DNS configuration, insert the unbound DNS server’s IP as Primary DNS, but here i have used both in Primary and Secondary because I don’t have any other DNS server.
Primary DNS : 192.168.0.50
Secondary DNS : 192.168.0.50
Select Network Configuration
Select DNS Configuration
Enter DNS IP Address
Click OK –> Save&Quit –> Quit.
19. After adding Primary and Secondary DNS IP addresses, now it’s time to restart the network using following command.
# /etc/init.d/network restart
20. Now time to access any one of the website from client machine and check for the cache in unbound DNS server.
# elinks aol.com
# dig aol.com
Earlier we were used to setup DNS cache server using bind package in RHEL and CentOS systems. Now, we have seen how to setup a DNS cache server using unbound package. Hope this will resolve your query request quicker than the bind pacakge.
raised on watched item removing. Probably useless for you, prefer instead IN_DELETE*.
event occurred against directory. It is always piggybacked to an event. The Event structure automatically provide this information (via .is_dir)
to update a mask without overwriting the previous value (lk 2.6.14). Useful when updating a watch.
file was modified.
file/dir in a watched dir was moved from X. Can trace the full move of an item when IN_MOVED_TO is available too, in this case if the moved item is itself watched, its path will be updated (see IN_MOVE_SELF).
file/dir was moved to Y in a watched dir (see IN_MOVE_FROM).
only watch the path if it is a directory (lk 2.6.15). Usable when calling .add_watch.
file was opened.
event queued overflowed. This event doesn’t belongs to any particular watch.
This type of RAID array requires a partition using a GUID (Globally Unique Identifier) Partition Table (GPT) to work properly for Windows in UEFI BIOS mode. Windows Setup, however, does not support making a GPT partition in the standard setup dialogue. Diskpart from the Command Prompt must be used to create a GPT partition to allow setup to see the RAID partition and continue setup.
Start the install, and load the PERC H310 drivers via the OS “Load Diver” function. After the driver is loaded the RAID volume will appear in the install to device list (Figure 1).
Press Shift+F10 to bring up a Command Prompt window.
Type DISKPART and press Enter to enter the DISKPART tool. Enter the commands in the following steps as shown in bold and press enter.
DETAIL DISK – This shows a list of volumes seen by the system. Make note of the Volume number for the RAID array.
SELECT DISK=X – X will be the Volume number of the RAID shown in the detail disk report.
CLEAN – Clears the partition information.
CONVERT GPT – Sets the partition to GPT.
EXIT – Exits DISKPART.
Exit the Command Prompt window.
The full RAID volume should show in the device list.
Complete the remainder of the installation process normally. The RAID volume should show as “Windows Boot Manager” in UEFI.
If this was completed correctly, the system should boot normally in UEFI BIOS mode, and allow Windows to install.
By default IIS will listen for connections on port 80 for any IP
bound to the server. This happens even if there are no host headers or
bindings set for a specific IP. This can be a problem when trying to run
multiple web servers on port 80.
To set IIS to listen on specific IPs follow the instructions below.
Windows Server 2003/IIS 6:
1. This requires the Server 2003 support tools. If this is not already installed it can be downloaded here.
2. Once installed open a command prompt and navigate to the support
tools installation folder (default is C:\Program Files\Support Tools). cd C:\Program Files\Support Tools
3. Stop http. net stop http /y
4. Use this command to display the current list of IPs: httpcfg query iplisten
5. By default it will listen on all IPs (0.0.0.0) so we can remove this. httpcfg delete iplisten -i 0.0.0.0
6. Specify the IP(s) that IIS should listen on. Make sure to update
127.0.0.1 to the desired IP and run the command for each IP IIS should
listen on. httpcfg set iplisten -i 127.0.0.1
7. Start http and test out your sites. net start http
Windows Server 2008/IIS 7:
1. Open a command prompt and type “netsh”. netsh
2. Type “http”. http
3. Enter the following command to display the current list of IPs to
listen on. Note if no IPs are displayed like in the below image, IIS
will listen on all IPs (default). show iplisten
4. Use the command below to set IIS to listen on a specific IP. Make
sure to replace 127.0.0.1 with the correct IP and run the command again
for any additional addresses. add iplisten ipaddress=127.0.0.1
5. In case you need to delete an IP from this list, use the following command. delete iplisten ipaddress=127.0.0.1
“I have two sites (siteV1.mysite.com and sitev2.mysite.com). They
listen on the same IP address and port. We generated a certificate for
siteV1.mysite.com and SSL is working properly. The problem is that some
of our customers use siteV2.mysite.com and they are getting certificate
errors. What’s the problem?”
Here is the issue:
There are three pieces of data to uniquely identify an IIS site:
The IP address
The Host name which HTTP 1.1 clients send as an HTTP request header.
This IP:Port:Hostname triplet is called a binding. The binding “192.168.1.192:80:myserver” for example represents a site that listens on IP address 192.168.1.192, port 80, host-header myserver.
The very first things IIS (HTTP.SYS to be more precise) does when a
request comes in is to read the site’s configuration. Connection limits
and timeouts are examples of site configuration. The site binding is
used to find the right site configuration. The SSL certificate seems to
be another great example of site configuration – the SSL certificate is
needed to decrypt the encrypted SSL data coming from the client.
And the IIS User Interface certainly makes it appear as if the SSL
certificate would be site configuration, too – doesn’t it? In reality
however you can’t bind a SSL certificate to a site. The IIS UI is
fooling you. But why?
It’s a chicken and egg problem: The host name is encrypted in the SSL
blob that the client sends. Because the host name is part of the
binding IIS needs the host name to lookup the right certificate. Without
the host name IIS can’t lookup the right site because the binding is
incomplete. Without the certificate IIS can’t decrypt the SSL blob that
contains the host name. Game over – we are turning in circles.
What IIS does under the covers is to ignore the host name. IIS binds
the certificate to IP:Port and warns you when you try to bind a
certificate to the same IP:Port combo with different host names.
But there is a way if you need two different sites on the same
IP:Port. You can accomplish this by getting a certificate that contains
both common names, i.e. sitev1.mysite.com and sitev2.mysitem.com. Cert
Authorities usually allow more than one so called “common names” in a
certificate. By binding the certificate to one of the two sites you
won’t not get certificate errors anymore. The client is happy if one of
the names in the certificate matches.
But there is another caveat: you can’t use the IIS7 User Interface to
add a host header to an SSL site binding. You have to use command-line
tools, do it programmatically or edit applicationhost.config directly.
Here is an example and a link how you can it via command-line:
appcmd set site /site.name:”MySite V2″ /+bindings.[protocol=’https’,bindingInformation=’*:443:sitev2.mysite.com’]
And last but not least: with IIS7 you can use the following command
to figure out what certificate is bound to a particular IP:Port
combination: netsh http show sslcert
This command will show the IP:Port binding but also some other SSL settings.
(2)SmokePing的特点 SmokePing keeps track of your network latency: Best of breed latency visualisation.（最佳图形展示功能，延时丢包等可以很直观的可视化展现） Interactive graph explorer.（交互式浏览器图表） Wide range of latency measurement plugins.（丰富的网络状况测量插件） Master/Slave System for distributed measurement.（支持主从的分布式部署模式） Highly configurable alerting system.（自定义报警功能） Live Latency Charts with the most ‘interesting’ graphs.（漂亮、免费、开源） Free and OpenSource Software written in Perl written by Tobi Oetiker, the creator of MRTG and RRDtool
错误：Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host=’pypi.org’, port=443): Max retries exceeded with url: /simple/pip/ (Caused by S