commands from my meetup session Jan 2021
uptime #load avg
dmesg -T | tail #kernel msgs
vmstat -Sm 1 #mem in MB
vmstat -Sm 1 -d 1 #disk in MB
mpstat -P ALL 1 #cpus
pidstat -t 1 #procs with threads
iostat -xy 1 #disk queue length, etc
free -m #mem usage
sar -n DEV 1 #net interface stats
sar -n TCP,ETCP,UDP 1 #layer3
ps -eo pid,user,args,pcpu,pmem #simplified ps
watch -n 1 "ps -eo pid,user,args,pcpu,pmem --sort -pcpu | head -10" #like windows task manager
netstat -lp #listening procs
netstat -ap #all connections, including non established
netstat -r #routing table
strace -p $(pidof nginx) -f -t -e open #trace file open events for process (-p = pid, -f = also forked subprocs, -t = show time, -e = events)
tcpdump -ni eth0 "host 10.128.0.1 and port 8000" #packet capture with filter
cinf #list namespaces
cinf --pid $(pidof -s nginx) #list namespaces a proc belongs to
cat /proc/cgroups #list cgroup hierarchy ids
cinf --cgroup $(pidof -s nginx):<cgroup hierarchy id> #dig into cgroup for proc
cat /proc/$(pidof -s nginx)/cgroup #cgroup of proc
nsenter -a -t $(pidof -s nginx) #enter namespaces of proc
alias tracee='docker run --name tracee --rm -ti --privileged --pid=host -v /lib/modules/:/lib/modules/:ro -v /usr/src:/usr/src:ro -v /tmp/tracee:/tmp/tracee aquasec/tracee:latest' #needs kernel headers
tracee -l #list events
tracee --trace pid=$(pidof -s nginx) event=execve,open #trace file open and exec events for proc with tracee (ebpf)
lft yahoo.jp #layer4 traceroute
nc -z google.de 443 #open port test