Pages: 1 2 3 4

NETSTAT
Netstat is an extensive network traffic diagnostic utility printing local/foreign IP addresses port and other connections within and from outside to your workstation. The most common I use is ‘netstat -apntee‘ which prints information as below:

$ netstat -apntee
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 6535 2076/portmap
tcp 0 0 127.0.0.1:50000 0.0.0.0:* LISTEN 0 6965 2228/hpiod
tcp 0 0 127.0.0.1:50002 0.0.0.0:* LISTEN 0 6997 2233/python
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 0 7112 2277/vsftpd
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 25 6500 2058/named
tcp 0 0 192.168.0.4:53 0.0.0.0:* LISTEN 25 6498 2058/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 6496 2058/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 7019 2244/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 7204 2306/sendmail: acce
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 6503 2058/named
tcp 68 0 192.168.0.4:55890 74.208.30.232:21 CLOSE_WAIT 0 10234 2883/gftp-gtk
tcp 0 0 :::80 :::* LISTEN 0 7286 2328/httpd
tcp 0 0 :::22 :::* LISTEN 0 7054 2256/sshd
$

Here is the brakedown of what the values mean (You can get more detailed meaning form using ‘netstatp –help‘ or ‘man netstat‘)

‘-n‘ This means print entries in numeric format (IP addresses instead of host numbers)
‘-a‘ Show listening and non listening sockets.
‘-p‘ Show program name and PID of process owning the connection.
‘-t‘ Do not trim long addresses (Do NOT truncate on output).
‘-e‘ Print additional detailed information. Use ‘-ee‘ for maximum detail.

The ‘-c‘ option with ‘netstat‘ is also useful if you want to display the information on the screen and have it refreshed periodically. An alternative is to use ‘watch -n 5 “netstat -apntee”‘ instead which will refresh output and run ‘netstat -apntee‘ every 5 seconds per the ‘-n‘ option. This utility is very useful if you want to scan your system for connections coming into your system and coming out. This is a very useful command to use in the hosting industry.

PS
This is probably one of the more usefull and powerfull UNIX commands available and virtually combines many most common and useful features of other Linux commands.  However, it's power is often overlooked, and only simple variants of this command are used. This command checks the process table on a Unix host and prints information on it. The command can show you everything running on a host and often what is going on with a process, how it started, with what commands it started with and from where to list just a few of the details it can produce on a process running on a UNIX / Linux os. The best way to see what it can do is to actually view a few examples of the command:

‘ps -axfwweo pid,user,cmd=‘ Print ALL processes (-a), processes without controlling tty’s (-x), show parent-child relationship (-f), print extended information (wide format) (-w), show environment (-e) and define/customize output as follows:
‘pid‘ Process PID.
‘user‘ User that ran the process.
‘cmd=‘ Command used to run process with.

Here are a few more variations you may find usefull.

‘ps -axfeo pid,user,pcpu,pmem,ppid,psr,etime,cputime,cp,nice,rtprio,state,vsz,size,cmd=‘

The new options to ‘-o‘ for above command include:

‘pmem‘ Percent of memory used by a process.
‘pcpu‘ Percent of CPU used by a process.
‘ppid‘ Parent process ID that started/spawned this process.
‘psr‘ Processor the process is running on.
‘etime‘ Elapsed time since process was running.
‘cputime‘ Cumulative CPU time.
‘cp‘ Per millisecond CPU usage.
‘nice‘ Priority with which the process is running.
‘rtprio‘ Real time priority.
‘state‘ The state the process is in (From ‘man‘ pages):

D Uninterruptible sleep (usually IO)
R Running or runnable (on run queue)
S Interruptible sleep (waiting for an event to complete)
T Stopped, either by a job control signal or because it is being traced.
W paging (not valid since the 2.6.xx kernel)
X dead (should never be seen)
Z Defunct (”zombie”) process, terminated but not reaped by its parent.

‘vsz‘ Virtual memory size of process in KiB (In multiples of 1024)
‘size‘ Memory size in KiB (In multiples of 1024) NOTE: This number is an estimate and is very rough and therefore not exact.

‘ps‘ has an extensive man page (Type ‘man ps’ for a full list of options possible). An example from the man pages is:

‘ps -eo euser,ruser,suser,fuser,f,comm,label‘

which returns the security level of running processes. The ‘ps‘ utility is one of the utilities you can use to drill down or get very detailed information on a system problem short of doing a memory dump on a process that may be causing you issues.

TOP
In it’s simplest form ‘top‘ ran without parameters, will give you process information and top system resource users for your system. A parametarized version is ‘top -cbn1‘ which will print a single snapshot of a top output can be used if you do not need to see constantly updated information. Once in ‘top’ press ‘?’ to get a list of commands you can use with ‘top’ while it is running. Use ‘man top‘ for command line option list or ‘top –help‘ for a brief list of options.

UPTIME
This command, unlike the above, has only one option, -V to get version, and is usually ran without options on a command line to get a health report of a Unix system in the form of a ‘load average’ number. The command is usefull for early and quick reporting of system health on systems either too busy or when other utilities fail to run sufficiently quickly.

HDPARM
Show/set drive information/settings respectively. To get read statistics on a drive to find out how busy it is, use ‘hdparm -tT <DEVICE>‘. To get drive information including to check ‘udma‘ settings use ‘hdparm -i <DEVICE>‘. To set or change a ‘udma‘ setting you can use something like this ‘hdparm -Xudma5 -d1 <DEVICE>‘. <DEVICE> stands in for ‘/dev/hda‘, ‘/dev/hdb‘ etc. or the actual hard drive you wish to check on on your system.

HDDTEMP
Show/report drive temperature (if drive has sensor for temperature to begin with). Example run without parameters:

$ hddtemp /dev/hdb
/dev/hdb: WDC WD1200JB-00GVA0: 42°C
$

Use ‘hddtemp –help‘ for more available options.

Pages: 1 2 3 4