Commands by d34dh0r53 (5)

  • Prints the top 10 memory consuming processes (with children and instances aggregated) sorted by total RSS and calculates the percentage of total RAM each uses. Please note that since RSS can include shared libraries it is possible for the percentages to add up to more that the total amount of RAM, but this still gives you a pretty good idea. Also note that this does not work with the mawk version of awk, but it works fine with GNU Awk which is on most Linux systems. It also does not work on OS X. Show Sample Output

    TR=`free|grep Mem:|awk '{print $2}'`;ps axo rss,comm,pid|awk -v tr=$TR '{proc_list[$2]+=$1;} END {for (proc in proc_list) {proc_pct=(proc_list[proc]/tr)*100; printf("%d\t%-16s\t%0.2f%\n",proc_list[proc],proc,proc_pct);}}'|sort -n |tail -n 10
    d34dh0r53 · 2010-03-27 01:34:50 6
  • This command loops over all of the processes in a system and creates an associative array in awk with the process name as the key and the sum of the RSS as the value. The associative array has the effect of summing a parent process and all of it's children. It then prints the top ten processes sorted by size. Show Sample Output

    ps axo rss,comm,pid | awk '{ proc_list[$2]++; proc_list[$2 "," 1] += $1; } END { for (proc in proc_list) { printf("%d\t%s\n", proc_list[proc "," 1],proc); }}' | sort -n | tail -n 10
    d34dh0r53 · 2010-03-03 16:41:05 4
  • I prefer the ip command to ifconfig as ifconfig is supposedly going to be deprecated. Certain IP address aliases can only be seen with the ip command (such as the ones applied by RHCS).

    ip link show
    d34dh0r53 · 2010-03-01 20:10:27 2
  • Change the name of the process and what is echoed to suit your needs. The brackets around the h in the grep statement cause grep to skip over "grep httpd", it is the equivalent of grep -v grep although more elegant. Show Sample Output

    TOTAL_RAM=`free | head -n 2 | tail -n 1 | awk '{ print $2 }'`; PROC_RSS=`ps axo rss,comm | grep [h]ttpd | awk '{ TOTAL += $1 } END { print TOTAL }'`; PROC_PCT=`echo "scale=4; ( $PROC_RSS/$TOTAL_RAM ) * 100" | bc`; echo "RAM Used by HTTP: $PROC_PCT%"
    d34dh0r53 · 2010-02-26 20:29:45 5
  • Provides numerically sorted human readable du output. I so wish there was just a du flag for this. Show Sample Output

    du -x --max-depth=1 | sort -n | awk '{ print $2 }' | xargs du -hx --max-depth=0
    d34dh0r53 · 2010-02-18 19:46:47 4

What's this? is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Detect illegal access to kernel space, potentially useful for Meltdown detection
Based on capsule8 agent examples, not rigorously tested

find unreadable file

Write comments to your history.
A null operation with the name 'comment', allowing comments to be written to HISTFILE. Prepending '#' to a command will *not* write the command to the history file, although it will be available for the current session, thus '#' is not useful for keeping track of comments past the current session.

list files recursively by size

check open ports without netstat or lsof

Diff two directories by finding and comparing the md5 checksums of their contents.
Compute the md5 checksums for the contents of two mirrored directories, then sort and diff the results. If everything matches, nothing is returned. Otherwise, any checksums which do not match, or which exist in one tree but not the other, are returned. As you might imagine, the output is useful only if no errors are found, because only the checksums, not filenames, are returned. I hope to address this, or that someone else will!

Create a single-use TCP proxy with copy to stdout
USAGE: gate listening_port host port Creates listening socket and connects to remote device at host:port. It uses pipes for connection between two sockets. Traffic which goes through pipes is wrote to stdout. I use it for debug network scripts.

List alive hosts in specific subnet
Works on any machine with nmap installed. Previous version does not work on machines without "seq". Also works on subnets of any size.

Compose 2 images to 1
Compose 2 images (foreground.jpg with background.jpg) into 1 (image.jpg), the numeric parameters stablish the size of the foreground.jpg image (96x96) and the position x,y (+250+70) relative to the background.jpg image. Images can be any format, jpg, png, bmp, etc...

Set RGB gamma of secondary monitor
This command first determines whether a second screen is connected. If this is the case, it sets the screen's RGB gamma via xrandr. Useful for cheap or slightly defective monitors with a tint. In this example a yellowing/champagne color deviation is compensated for by decreasing the red and the green portion of the image.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.


Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: