Another blog with nerdy solutions to nerdy problems

We didn’t come up with this one, but it’s a very handy reference guide. In good medieval monastery style, we’re copying it here in order to safeguard this information for future generations.

PS command:

The PS command is useful to check for performance problems:

1) Displaying top CPU-consuming processes:

ps aux | head -1; ps aux | sort -rn +2 | head -10

2) Displaying top 10 memory-consuming processes:

ps aux | head -1; ps aux | sort -rn +3 | head

3) Displaying process in order of being penalized:

ps -eakl | head -1; ps -eakl | sort -rn +5

4) Displaying process in order of priority:

ps -eakl | sort -n +6 | head

5) Displaying process in order of nice value

ps -eakl | sort -n +7

6) Displaying the process in order of time

ps vx | head -1;ps vx | grep -v PID | sort -rn +3 | head -10

7) Displaying the process in order of real memory use

ps vx | head -1; ps vx | grep -v PID | sort -rn +6 | head -10

8) Displaying the process in order of I/O

ps vx | head -1; ps vx | grep -v PID | sort -rn +4 | head -10

9) Displaying WLM classes

ps -a -o pid, user, class, pcpu, pmem, args

10) Determinimg process ID of wait processes:

ps vg | head -1; ps vg | grep -w wait

11) Wait process bound to CPU (replace PID with the actual process number)

ps -mo THREAD -p PID

lsof Command:

1) List all open files:

lsof

2) List all open Internet, x.25 (HP-UX), and UNIX domain files:

lsof -i -U

3) List all open IPv4 network files in use by the process whose PID is 1234:

lsof -i 4 -a -p 1234

4) List all files using any protocol on ports 513, 514, or 515 of host wonderland.cc.purdue.edu:

lsof -i @wonderland.cc.purdue.edu:513-515

5) List all files using any protocol on any port of mace.cc.purdue.edu (cc.purdue.edu is the default domain)::

lsof -i @mace

6) List all open files for login name “abe”, or user ID 1234, or process 456, or process 123, or process 789:

lsof -p 456,123,789 -u 1234,abe

7) List all open files on device /dev/hd4:

lsof /dev/hd4

8) Find the process that has /u/abe/foo open:

lsof /u/abe/foo

9) Send a SIGHUP to the processes that have /u/abe/bar open:

kill -HUP `lsof -t /u/abe/bar`

10) Find any open file, including an open UNIX domain socket file, with the name /dev/log:

lsof /dev/log

11) Find processes with open files on the NFS file system named /nfs/mount/point whose server is inaccessible, and presuming your mount table supplies the device number for /nfs/mount/point:

lsof -b /nfs/mount/point

12) Do the preceding search with warning messages suppressed:

lsof -bw /nfs/mount/point

13) Ignore the device cache file:

lsof -Di

14) Obtain PID and command name field output for each process, file descriptor, file device number, and file inode number for each file of each process:

lsof -FpcfDi

15) List the files at descriptors 1 and 3 of every process running the lsof command for login ID “abe” every 10 seconds:

lsof -c lsof -a -d 1 -d 3 -u abe -r10

16) List the current working directory of processes running a command that is exactly four characters long and has an `o` or `O` in character three with this regular expression form of the -c c option:

lsof -c /^..o.$/i -a -d cwd

17) Find an IP version 4 socket file by its associated numeric dot-form address:

lsof -i@128.210.15.17   

18) Display list of open ports:

lsof -i

19) List information about TCP sessions on your server (specifically SSH in this example):

lsof -i tcp@`hostname`:22

20) List information about all TCP session:

lsof -i tcp@`hostname`

21) List information about all sockets using port 53 (will display named information on UDP/TCP)

lsof -i @`hostname`:53

22) List information about all UDP sessions

lsof -i udp@`hostname`

23) List all open files with “ssh” in them:

lsof -c ssh

24) List everything but with UIDs insted of the UID name from /etc/passwd:

lsof -l

25) List all open files with “ssh” and only the UIDs:

lsof -l -c ssh

26) List all open files for the /tmp dir. Very slow, but good for finding that nasty process that’s holding a file open (although: fuser -m /tmp, will do the same thing):

lsof +D /tmp 

fuser and netstat Commands:

1) Kill all processes accessing the file system /home in any way:

fuser -km /home 

2) Invoke something if no other process is using /dev/ttyS1:

if fuser -s /dev/ttyS1; then :; else something; fi 

3) Some Important Command to find DDOS Attack:

fuser telnet/tcp shows all processes at the (local) TELNET port.

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

netstat -ntu | grep -v TIME_WAIT | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

netstat -an | grep :80 | awk '{print $5}' | cut -f1 -d":" | sort | uniq -c | sort -n

4) netstat command example:

netstat –listen

5) Display open ports and established TCP connections:

netstat -vatn

6) For UDP port try following command:

netstat -vaun

7) If you want to see FQDN then remove -n flag:

# netstat -vat