🖥️ps
➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the ps command with important options and switches using examples.
8 minute read
▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁
# ██████╗ ███████╗
# ██╔══██╗██╔════╝
# ██████╔╝███████╗
# ██╔═══╝ ╚════██║
# ██║ ███████║
# ╚═╝ ╚══════╝
# To list every process on the system:
ps aux
# To list a process tree
ps axjf
# To list every process owned by foouser:
ps -aufoouser
# To list every process with a user-defined format:
ps -eo pid,user,command
# Exclude grep from your grepped output of ps.
# Add [] to the first letter. Ex: sshd -> [s]shd
ps aux | grep '[h]ttpd'
#==============================#
# CMD PS
#==============================##==============================#
ps -o pid,lstart,command ax
# When Apr01 just won not do, show the (long) format start time for all processes on a Linux system.
ps auxww | grep "[h]ttpd"
# Show only the processes matching httpd, ignoring the line of the grep process itself (regex trick).
ps xaw -eo pid,args,cgroup
ps k-%cpu
ps aux|sort -n -k6 -r |head
ps -LF -u user_name
# The below command outputs processes and threads of a user. The option “L” (list threads) and “-F” (Full Format Listing).
ps aux |grep ssh |grep -v grep |awk ?{print $2}? |xargs kill -9
# and even better - setup public/private keys and you could use "-i ~/.ssh/public_key" as ssh parameter, to avoid password prompt ==> then could have everything in a shell script
ps auxw | grep "[h]ttpd" | wc -l
# Count the number of web server processes running. Or use (pgrep -c httpd)
ps auxww | grep "[h]ttpd" | wc -l
# Count the number of web server processes running.
ps auxwf | grep -B8 "[g]zip"
# Show the process in a tree format, search for gzip and show 8 lines of pre-match context to see its family.
ps auxwwf | sed -n -r -e '/^.{64} \//h;/\\/H' -e '/^.{14} [8-9][0-9]\.[0-9]/{x;p}'
# Print the high CPU process's family tree.
ps auxww | tee output.log
# Use the 'tee' command to save a copy and see the output of a program at the same time.
ps -o pid,lstart,command ax
# When Apr01 just won not do, show the (long) format start time for all processes on a Linux system.
ps ax -o state -o ppid | awk '$1=="Z"{print $2}' | xargs kill -9
# Kill all #zombies on the system.
ps wu -U someuser
# An easy way of selecting the processes owned by someuser.
ps aux | awk '{if ($8=="Z") { print $2 }}'
# On Linux, print out a list of the process IDs that are in the zombie state.
ps aux|tail -n+2 |sort -nrk4 |head -$(($(tput lines)-1)) |cut -c 1-$(tput cols)
# Display top RAM using processes. Browser is probably
ps -ef | grep [p]mon | awk '{print $2}' | xargs -I {} ps eww {} | awk '{print $1 " " $5 " " $6 " " $0}' | sed 's/\(S*\) \(S*\) .*ORACLE_HOME/\1 \2/g' | cut -f1,2,3 -d" "
# the executable that started the currently running oracle databases and the ORACLE_HOME relative to each
# Show the executable that spawned the process and show the PID and ORACLE_HOME relative to the environment within which the process is running.
ps aux | awk '{if ($8 ~ "D") print $0}'
# List process in unkillable state D (iowait)
# On Linux, print the processes that are in the zombie state. Hopefully there are none.
ps auxww | awk '$8=="Z"'
ps auxwf | grep -B8 " [2]533 "
# Display process table in Linux with parent/child relationships, searching for process id 2533 and displaying the 8 lines before the matched line. The [2] part is so the grep doesn't match it's own process line.
ps aux | sort -rk 3,3 | head -n 10
# Sort processes by CPU Usage Short list about top 10 processes, sorted by CPU usage This is sample output
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 9878 2.4 0.0 944296 7588 ? Ssl Sep03 2010:47 dad
admbd 1282 1.0 0.0 64212 3984 pts/46 S+ 17:01 0:00 ssh frutillar
root 1279 0.4 0.0 64208 3984 pts/77 S+ 17:01 0:00 ssh desacloud522
root 1278 0.4 0.0 64208 3976 pts/129 S+ 17:01 0:00 ssh f1cloud4099
root 1281 0.3 0.0 82488 4524 ? S 17:01 0:00 /usr/sbin/packagekitd
root 10238 0.3 0.0 55048 8992 ? Ssl Sep03 244:21 /opt/CA/SystemEDGE/bin/sysedge -b
root 11321 0.2 0.1 278880 25168 ? Sl Sep03 170:44 splunkd -p 8089 start
root 10086 0.1 0.0 165280 12364 ? Ssl Sep03 102:49 /usr/sbin/adclient
appdyn 514 0.1 0.0 112432 2736 ? S 16:58 0:00 sshd: appdyn@pts/130
ps aux | grep ssh | grep -v grep | grep -v sshd | awk {'print $2'} | xargs -r kill -9
# Kill any lingering ssh processes - Also ignoring "sshd" server is necessary since you should not kill ssh server processes.
# Hide's the name of a process listed in the `ps` output -> The classical 'ps aux | grep' can do this with one more parameter, the '-v', with means 'NOT' to grep.
ps aux | grep -v name_you_want_to_hide
# Memory Verbrauch addiert nach Prozessname - Mithilfe folgender Codewurst kann der Memoryverbrauch nach Prozessnamen addiert aufgelistet werden:
ps -e -o comm,rss --no-heading|awk '{arr[$1]+=$2} END {for (i in arr) {printf("%15s ", i); printf("%6s \n", arr[i]);}}'|grep -v ' 0'|sort -nr -k2
# Kleine Variante - wenn wir die Hauptverbraucher ohnehin schon kennen, konzentrieren wir uns auf die:
ps -C amavisd-new,clamd,apache2,mysqld -o comm,rss --no-heading|awk '{arr[$1]+=$2} END {for (i in arr) {printf("%15s ", i); printf("%6s \n", arr[i]);}}'|grep -v ' 0'|sort -nr -k2
# Welches Kommando macht was?
ps listet die rss (resident set size) und den Namen des Prozesses
awk addiert die Felder nach Namen und formatiert die Ausgabe
grep verwirft die Einträge mit rss=0
sort sortiert absteigend nach Verbrauch
# Linux shell processes discovery - what processes doing right now
ps -e -o pid,comm,wchan=WIDE-WCHAN-COLUMN
ps ax -o state -o ppid | awk '$1=="Z"{print $2}' | xargs kill -9
# Kill all #zombies on the system.
ps auxww | tee output.log
# Use the 'tee' command to save a copy and see the output of a program at the same time.
ps aux | awk '{if ($8=="Z") { print $2 }}'
# On Linux, print out a list of the process IDs that are in the zombie state.
# List open processes ordered by it is number of open files
# Explanation: Combines ps, lsof, and sort in the ways you might expect to produce the intended outcome.
ps -ef |awk '{ print $2 }' \ |tail -n +2 \ |while read pid; do echo "$pid $(lsof -p $pid |wc -l)"; done \ |sort -r -n -k 2 \ |while read pid count; do echo "$pid $count $(ps -o command= -p $pid)"; done
# Top 10 Memory Processes (reduced output to applications and %usage only)
# sort bei User
ps jax --sort=uid,-ppid,+pid
# output sort by memory (RAM)
ps aux --sort -rss
ps aux | sort -rk 4,4 | head -n 10 | awk '{print $4,$11}'
# Sample output
# savage@mastervoid~> ps aux | sort -rk 4,4 | head -n 10 | awk '{print $4,$11}'
# %MEM COMMAND
# 4.8 /usr/lib/firefox-esr/firefox-esr
# 4.8 firefox-esr
# 3.0 /usr/lib/firefox-esr/firefox-esr
# 2.8 /usr/lib/firefox-esr/firefox-esr
# 2.8 /usr/lib/firefox-esr/firefox-esr
# 2.1 /app/extra/share/spotify/spotify
# 1.5 /app/extra/share/spotify/spotify
# 1.2 /usr/share/atom/atom
# 0.9 /usr/share/atom/atom
# Top 10 Memory Processes - It displays the top 10 processes sorted by memory usage
ps aux | sort -rk 4,4 | head -n 10
# Sample output
# USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
# r00t 31878 24.1 3.3 3138164 546484 ? Sl 11:45 24:06 pmdtm -PR -gmh alsea -gmp 6015 -guid 6b122687-8aeb-481a-a33f-867a59c14fee -rst 180 -s ...
# r00t 2639 0.0 3.2 1626772 531944 ? Sl Jun20 44:22 /u01/home/app/r00t/Informatica/9.5.1/java/bin/java -Dfile.encoding=UTF-8 -d64 -Xmx512M ...
# r00t 27794 9.0 2.1 2809284 344388 ? Sl 10:43 14:34 pmdtm -PR -gmh alsea -gmp 6015 -guid 6b122687-8aeb-481a-a33f-867a59c14fee -rst 180 -s ...
# r00t 13796 0.2 2.1 3406808 349972 ? Sl Jun19 337:10 /u01/home/app/r00t/Informatica/9.5.1/java/bin/java -ea -Djava.awt.headless=true ... -Xmx2048m ...
# r00t 32222 101 19.9 4805632 3262688 ? Sl 11:55 90:33 pmdtm -PR -gmh alsea -gmp 6015 -guid 6b122687-8aeb-481a-a33f-867a59c14fee -rst 180 -s ...
# r00t 14036 0.3 1.6 2841340 269712 ? Sl Jun19 449:57 /u01/home/app/r00t/Informatica/9.5.1/server/bin/pmrepagent - RG9tYWluX0RFVlRFU1Q= RGVzYXJyb2xsbw== ...
# ctmagent 6176 0.0 1.6 4804504 276240 ? Sl Mar29 165:32 ./JRE/bin/java -classpath exe/ctminf.jar com.bmc.ctm.cminf.Start start 4
# r00t 14218 0.1 1.5 1927368 260112 ? Sl Jun19 181:00 /u01/home/app/r00t/Informatica/9.5.1/server/bin/pmserver RG9tYWluX0RFVlRFU1Q= SVNfRGVzYXJyb2xsbw== ...
# r00t 13963 0.1 1.1 1356460 195172 ? Sl Jun19 168:50 /u01/home/app/r00t/Informatica/9.5.1/java/bin/java -XX:GCTimeRatio=9 -XX:MaxPermSize=128m -Xmx512M ...
# you can monitor a process on Linux - example:
while ps -p`pidof vim` &>/dev/null; do command1; done ; command2
# command1: do something while vim is running
# command2: do something after vim has exited
# Beendet Prozesse
sudo ps S | awk '{ print $ 1; }' | grep -E '[0-9]' | sort -R | sed -n 'p;n' | xargs kill -9
#==============================##==============================#
# CMD PS
#==============================##==============================#
Cheatsheets are an excellent complement to other information sources like Linux man-pages, Linux help, or How-To’s and tutorials, as they provide compact and easily accessible information. While man-pages and detailed tutorials often contain comprehensive explanations and extensive guides, cheatsheets summarize the most important options forthe command ps in a clear format. This allows users to quickly access the needed information for ps without having to sift through lengthy texts. Especially in stressful situations or for recurring tasks, cheatsheets for ps are a valuable resource to work efficiently and purposefully.
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
█║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌
██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗███████╗██████╗
████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
╚██╔═██╔╝██║ ██║██║ ██║ ╚███╔╝ █████╗ ██║ ██║
████████╗██║ ██║██║ ██║ ██╔██╗ ██╔══╝ ██║ ██║
╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═════╝
█║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.