My top linux commands
I’ve mostly worked on linux/unix machines for the most part of my career. These are some of the linux commands that have been very useful to me in different situations on various projects, testing related or otherwise.
top
Find load on a box, get a list of different processes running (sortable by a number of fields), find number of processes running/sleeping/stopped/zombie etc.
Processes: 391 total, 2 running, 389 sleeping, 2075 threads 13:10:27
Load Avg: 1.27, 1.60, 1.62 CPU usage: 1.81% user, 3.3% sys, 95.15% idle SharedLibs: 167M resident, 45M data, 15M linkedit.
MemRegions: 102033 total, 8385M resident, 95M private, 1969M shared. PhysMem: 16G used (6735M wired), 434M unused.
VM: 4772G vsize, 627M framework vsize, 1139326(0) swapins, 1474170(0) swapouts. Networks: packets: 3366570/2891M in, 1601449/989M out.
Disks: 1253993/35G read, 1016117/34G written.
PID COMMAND %CPU TIME #TH #WQ #PORT MEM PURG CMPRS PGRP PPID STATE BOOSTS %CPU_ME %CPU_OTHRS UID FAULTS COW
33521 top 2.9 00:01.03 1/1 0 20 6772K 0B 0B 33521 21298 running *0[1] 0.00000 0.00000 0 9161+ 119
33353 vim 0.0 00:01.25 1 0 16 6240K 0B 0B 33353 30414 sleeping *0[1] 0.00000 0.00000 501 10682 674
33350 Google Chrom 0.0 00:20.28 18 2 119 82M 0B 0B 1173 1173 sleeping *0[1] 0.00000 0.00000 501 145905 1567
33290 mdworker 0.0 00:00.04 3 1 49 3184K 0B 0B 33290 1 sleeping *0[1] 0.00000 0.00000 501 5483 196
33289 mdworker 0.0 00:00.04 3 1 49 3160K 0B 0B 33289 1 sleeping *0[1] 0.00000 0.00000 501 5470 196
33288 mdworker 0.0 00:00.04 3 1 49 3272K 0B 0B 33288 1 sleeping *0[1] 0.00000 0.00000 501 5487 196
33282 mdworker 0.0 00:00.04 3 1 49 3284K 0B 0B 33282 1 sleeping *0[1] 0.00000 0.00000 501 5512 195
33281 mdworker 0.0 00:00.04 3 1 49 3352K 0B 0B 33281 1 sleeping *0[1] 0.00000 0.00000 501 5548 196
33280 mdworker 0.0 00:00.04 3 1 49 3292K 0B 0B 33280 1 sleeping *0[1] 0.00000 0.00000 501 5508 195
33279 mdworker 0.0 00:00.06 3 1 49 3356K 0B 0B 33279 1 sleeping *0[1] 0.00000 0.00000 501 5584 195
33277 ocspd 0.0 00:00.01 2 1 29 1284K 0B 0B 33277 1 sleeping *0[1] 0.00000 0.00000 0 3274 134
33003 quicklookd 0.0 00:00.10 4 1 86 4628K 32K 0B 33003 1 sleeping 0[0] 0.00000 0.00000 501 8351 246
33001 mdworker 0.0 00:00.03 3 1 43 3032K 0B 0B 33001 1 sleeping *0[1] 0.00000 0.00000 89 5112 185
33000 mdworker 0.0 00:00.04 3 1 43 3012K 0B 0B 33000 1 sleeping *0[1] 0.00000 0.00000 89 5087 185
31809 VTDecoderXPC 0.0 00:00.07 2 1 38 10M 0B 16K 31809 1 sleeping 0[21] 0.00000 0.00000 501 8641 195
31579 com.apple.sp 0.0 00:00.05 2 1 49 1100K 0B 1788K 31579 1 sleeping 0[0] 0.00000 0.00000 501 5102 160
31565 pivtoken 0.0 00:00.04 2 1 52 432K 0B 1416K 31565 1 sleeping 0[12] 0.00000 0.00000 501 5168 163
31562 applessdstat 0.0 00:00.01 2 1 32 700K 0B 0B 31562 1 sleeping *0[1] 0.00000 0.00000 0 2167 124
31138 fsevent_watc 0.0 00:00.01 2 1 27 252K 0B 524K 31137 31137 sleeping *0[1] 0.00000 0.00000 501 2259 140
31137 ruby 0.0 00:08.89 8 0 27 54M 0B 5756K 31137 29830 sleeping *0[1] 0.00000 0.00000 501 46066 300
30938 mdworker 0.0 00:00.07 3 1 43 760K 0B 2360K 30938 1 sleeping *0[1] 0.00000 0.00000 89 5653 186
30748 mdworker 0.0 00:02.53 5 2 55 25M 0B 3116K 30748 1 sleeping *0[1] 0.00000 0.00000 501 51503 196
30746 mdworker 0.0 00:02.13 5 2 55 25M 0B 2856K 30746 1 sleeping *0[1] 0.00000 0.00000 501 46224 199
30744 mdworker 0.0 00:01.50 5 2 48 17M 0B 3876K 30744 1 sleeping *0[1] 0.00000 0.00000 501 34791 187
30635 mdworker 0.0 00:02.51 5 2 56 24M 0B 2892K 30635 1 sleeping *0[1] 0.00000 0.00000 501 45616 200
30414 bash 0.0 00:00.38 1 0 16 2936K 0B 1596K 30414 30413 sleeping *0[1] 0.00000 0.00000 501 26843 7793
netstat
When I need to find out when anything is listening at a certain port, I use
netstat -aln | grep <port>
For example if I’m checking on port 80
netstat -aln | grep 8080
netstat can also give you a lot of packet level statistics. For example, the below command gives you a summary of packet level statistics about your network interfaces. You can see if you’re having packet loss, how many packets came in, how many got sent out etc.
netstat -s | grep packet
4324774 total packets received
0 incoming packets discarded
4324756 incoming packets delivered
3369 packets received
44 packets to unknown port received.
0 packet receive errors
1136526 packets sent
4285 packets directly queued to recvmsg prequeue.
413474 packets directly received from prequeue
1993168 packets header predicted
381 packets header predicted and directly queued to user
90 DSACKs sent for old packets
lsof
When I need to find out what process is listening at a certain port, I use
lsof -i :port
For example, if I’m checking on port 8080
lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 23951 root 28u IPv4 220407 0t0 TCP *:http (LISTEN)
nginx 24040 duo_www 28u IPv4 220407 0t0 TCP *:http (LISTEN)
find
When I need to find a file or directory that matches a certain criteria or search string, i use the find command.
find <path you want to search in> <how do you want to search> <search criteria>
For example, if I wanted to find all the files that have the .log extension in my current directory, I would do,
find . -name ‘*.log’
./test.log
./anothertest.log
./onemoretest.log
df
When I need to know file system utilization, I use the df command. For example, I suspect that one of my file systems is nearing 100% and I need to go clear it. How would I find out what the disk util is?
df -k <whichever directory/file system you want to know the utilization of>
Now, if I wanted to know how /home was doing, I’d do
df -k /home
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup-lv_root
17938864 5064080 11956872 30% /
That tells me the /home (mounted on /) is 30% used.
ifconfig
When I need to find out what interfaces are defined on a box or what IP addresses are assigned to a machine I am logged in on, I use ifconfig.
ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:9F:0A:01
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe9f:a01/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1225086 errors:0 dropped:0 overruns:0 frame:0
TX packets:269646 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1394615163 (1.2 GiB) TX bytes:26194169 (24.9 MiB)
eth1 Link encap:Ethernet HWaddr 08:00:27:01:63:D1
inet addr:10.50.0.2 Bcast:10.50.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe01:63d1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:49869 errors:0 dropped:0 overruns:0 frame:0
TX packets:155433 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7887126 (7.5 MiB) TX bytes:42488260 (40.5 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:3050889 errors:0 dropped:0 overruns:0 frame:0
TX packets:3050889 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1496552588 (1.3 GiB) TX bytes:1496552588 (1.3 GiB)
Based on this output, I know that there are three interfaces on my machine - eth0, eth1 and lo. I also know what IP addresses are assigned to each of them.
tee
I use the tee command when I need the output of stdout written into a file in addition to being displayed on the screen. For example, if you’re monitoring the output of a tail on a log file and you also want this content written into a separate log file for later reference, then tee is the tool for you.
tail -f logfile.log | tee test.log
In this case, you’d see the output of running tail -f on the logfile.log and you’ll also have those same contents written into the file name you provided as input to tee (test.log in this case).