Linux Terminal 101: How to View Processes

This week we are checking out processes. What are they and how do you view them?

Like any operating system, Linux can multitask. It does so with processes, an organizational tool used to decide what programs can use the CPU at what time. If a program isn't responding right, or you want to switch CPU power to another program, you can do so with the terminal. To get an idea of how this works, lets start with bootup.

You bootup your machine and the kernel starts some processes labeled as init scripts. These start other services that are called daemon programs. These programs hang out in the background just doing their thing with no interaction. Parent processes can in turn launch other programs called child processes. All processes are organized with a process ID (PID). init is always PID 1. Processes also have owners like files do.

To view processes, type 'ps'. All it shows is the processes associated with your current terminal, bash and ps. The PID is the process ID, TTY is the teletype or controlling terminal of the process. Time is how much time the CPU is consumed by that process. CMD is the current command, bash and ps.

Now type 'ps x'. This tells ps to show ALL processes, not just what's in the terminal. The '?' under TTY shows that there is no terminal associated with that process. This new column called STAT (short for state) is the status of the process. It can be R for running, S for sleeping, T for stopped, N for low priority, l means multithreaded, and so on.

You can also type 'ps aux' to see even more info. Using this you get the user ID, CPU usage, Memory usage, Virtual memory size, physical memory used (resident set size), and start, when the process was started. Use the man page to see all of the other options you can use with ps.

Do you want to see actual dynamic views of your machine's processes? Use 'top'. This continuously updates the process activity. To remember it, 'top' displays the 'top' processes. By default, the top section shows you an overview, and the columns are sorted by CPU activity. .

Lets look at the top section: top is the program, the numbers are the time of day, next is uptime, users, then load average (the processes waiting to run). This is listed first by the average for 1 minute, then 5, then 15. If it's under 1.0, the machine isn't loaded.

The second row shows us the number of processes, % of CPU used for user processes, % used for system, and % for 'nice' low priority processes. idle, and processes waiting for I/O. Mem shows the memory usage, and Swap shows the swap space. Hit h to see the help screen or q to quit.

What do you use to track your processes? There are other options out there. Make sure to email me tips@hak5.org with your thoughts. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.