List Process on Linux: Essential Commands for Listing Processes | Discover Now!
Introduction
When working with Linux systems, it is essential to have a good understanding of the processes running on your machine. Being able to list and manage processes is crucial for system administrators, developers, and anyone working with Linux. In this article, we will explore a comprehensive list of essential commands that can be used to list processes on Linux.
1. ps
The ps command is one of the most commonly used commands for listing processes on Linux. It provides a snapshot of the current processes running on the system. By default, it displays a list of processes associated with the current terminal session. However, it can also be used to list all processes on the system.
To list all processes, you can use the ps aux command. This will display detailed information about each process, including the process ID (PID), CPU and memory usage, and the command that started the process.
For example:
$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.2 168924 9764 ? Ss Jan01 0:02 /sbin/init
root 2 0.0 0.0 0 0 ? S Jan01 0:00 [kthreadd]
...
The ps command provides a wide range of options to customize the output. You can use flags like -e to list all processes, -f to display full-format listing, and -l to show long format output.
2. top
The top command is a powerful utility for monitoring processes in real-time. It provides a dynamic view of the system’s processes, sorted by various criteria such as CPU usage, memory usage, and more. The top command continuously updates the displayed information, allowing you to monitor the system’s performance and identify any resource-intensive processes.
To launch top, simply type top in the terminal. The default view shows a summary of system information at the top, followed by a list of processes sorted by CPU usage. The most resource-intensive processes are displayed at the top of the list.
Here’s an example of the top command output:
$ top
top - 10:47:30 up 1:23, 2 users, load average: 0.00, 0.01, 0.05
Tasks: 201 total, 1 running, 200 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 3947.2 total, 1001.2 free, 1507.6 used, 1438.4 buff/cache
MiB Swap: 2048.0 total, 2048.0 free, 0.0 used. 2017.6 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1234 user 20 0 123456 78910 12345 S 0.0 2.0 0:00.00 process1
5678 user 20 0 234567 91011 23456 S 0.0 2.3 0:00.00 process2
...
While top is running, you can interact with it using various commands. For example, you can press q to quit, k to kill a process, and 1 to toggle between single and multiple CPU views.
3. htop
htop is an interactive process viewer and system monitor that provides a more user-friendly and feature-rich alternative to the traditional top command. It offers a colorful and intuitive interface with real-time updates and the ability to easily navigate and manage processes.
To launch htop, simply type htop in the terminal. The htop interface is divided into several sections, including a summary at the top, a list of processes, and various system information.
Here’s an example of the htop interface:
$ htop
1 [|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||100.0%] Tasks: 201, 1 running
2 [|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||100.0%] Load average: 0.00 0.01 0.05
Mem[|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||2.39G/3.91G]
Swp[|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||0.00B/2.00G]
PID USER PRI NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1234 user 20 0 123M 78M 12M S 0.0 2.0 0:00.00 process1
5678 user 20 0 234M 91M 23M S 0.0 2.3 0:00.00 process2
...
Similar to top, htop allows you to interact with the displayed information using keyboard shortcuts. For example, you can press F9 to send a signal to a selected process, F10 to quit, and F2 to customize the display settings.
4. pstree
The pstree command displays a tree-like representation of processes on the system. It shows the parent-child relationships between processes, making it easier to understand the process hierarchy.
To use pstree, simply type pstree in the terminal. By default, it displays the process tree for the current terminal session. However, you can also specify a process ID to view the tree for a specific process.
Here’s an example of the pstree command output:
$ pstree
init─┬─systemd─┬─(sd-pam)
│ ├─systemd-journal
│ ├─systemd-udevd
│ └─systemd-timesyncd
├─cron
├─dbus-daemon
├─dockerd─┬─docker-containe─┬─{docker-containe}
│ │ └─{docker-containe}
│ └─{dockerd}
├─rsyslogd─┬─{in:imklog}
│ ├─{in:imuxsock}
│ └─{rs:main Q:Reg}
├─sshd─┬─sshd───sshd───bash───pstree
│ └─sshd───sshd───bash
├─systemd-logind
├─systemd-network
├─systemd-resolve
├─systemd-udevd
├─systemd─┬─(sd-pam)
│ ├─systemd-journal
│ ├─systemd-udevd
│ └─systemd-timesyncd
├─systemd─┬─(sd-pam)
│ ├─systemd-journal
│ ├─systemd-udevd
│ └─systemd-timesyncd
...
The pstree command provides a visual representation of the process hierarchy, making it easier to understand the relationships between processes.
5. pgrep
The pgrep command allows you to search for processes based on their names or other attributes and retrieve their process IDs. It is a useful command when you want to find the PID of a specific process without manually searching through the ps output.
To use pgrep, you can simply type pgrep followed by the name of the process you want to search for. For example, to find the PID of a process named “apache2”, you can use the following command:
$ pgrep apache2
1234
The pgrep command returns the PID of the matching process. If there are multiple processes with the same name, it will return all their PIDs, each on a separate line.
You can also use various options with pgrep to refine your search. For example, the -u option allows you to search for processes owned by a specific user, and the -f option allows you to search for processes based on their full command line.
6. pkill
The pkill command is used to send signals to processes based on their names or other attributes. It is similar to the kill command but provides a more convenient way to kill processes without having to manually retrieve their PIDs.
To use pkill, you can simply type pkill followed by the name of the process you want to kill. For example, to kill all processes named “apache2”, you can use the following command:
$ pkill apache2
The pkill command sends the default signal (SIGTERM) to the matching processes, causing them to terminate. If you want to send a different signal, you can use the –
$ pkill -9 apache2
It is important to note that pkill can potentially kill multiple processes if there are multiple processes with the same name. Therefore, it is recommended to use it with caution and double-check the processes you are targeting.
7. pidof
The pidof command is similar to pgrep but provides a simpler way to retrieve the PID of a process based on its name. It returns the PID of the first process found with the specified name.
To use pidof, simply type pidof followed by the name of the process you want to search for. For example, to find the PID of a process named “apache2”, you can use the following command:
$ pidof apache2
1234
The pidof command returns the PID of the matching process. If no process is found with the specified name, it does not return any output.
Unlike pgrep, pidof does not provide options to refine the search or retrieve multiple PIDs. It is a simple and straightforward command to quickly retrieve the PID of a process.
8. kill
The kill command is used to send signals to processes, allowing you to control their behavior. It is commonly used to terminate processes, but it can also be used to send other signals for specific purposes.
To use kill, you need to specify the PID of the process you want to send a signal to. For example, to terminate a process with PID 1234, you can use the following command:
$ kill 1234
By default, kill sends the SIGTERM signal to the specified process, which is a request for termination. If the process does not respond to the SIGTERM signal, you can use the -9 option to send the SIGKILL signal, which forcefully terminates the process.
Here’s an example of using kill with the SIGKILL signal:
$ kill -9 1234
It is important to note that sending the SIGKILL signal should be used as a last resort, as it does not allow the process to perform any cleanup operations before termination.
9. killall
The killall command is similar to pkill but provides a more convenient way to send signals to processes based on their names. It allows you to kill multiple processes with the same name without having to manually retrieve their PIDs.
To use killall, you can simply type killall followed by the name of the process you want to kill. For example, to kill all processes named “apache2”, you can use the following command:
$ killall apache2
By default, killall sends the SIGTERM signal to the matching processes, causing them to terminate. If you want to send a different signal, you can use the –
Similar to pkill, killall can potentially kill multiple processes if there are multiple processes with the same name. Therefore, it is recommended to use it with caution and double-check the processes you are targeting.
10. systemctl
The systemctl command is used to manage system services in Linux. It allows you to start, stop, restart, enable, disable, and check the status of services. Services are background processes that run continuously and provide specific functionality to the system.
To list all running services, you can use the following command:
$ systemctl list-units --type=service --state=running
This will display a list of all running services on your system, along with their status and other information.
You can also use systemctl to manage individual services. For example, to start a service, you can use the following command:
$ systemctl start
Replace
Here’s an example of using systemctl to start the Apache web server:
$ systemctl start apache2
The systemctl command provides a powerful and convenient way to manage services on your Linux system.
11. lsof
The lsof command stands for “list open files” and is used to list all open files and the processes that have them open. It provides detailed information about files, directories, network sockets, and other resources that are currently being accessed by processes.
To use lsof, simply type lsof in the terminal. By default, it lists all open files on the system. However, you can also specify a specific file, directory, or process ID to narrow down the output.
Here’s an example of the lsof command output:
$ lsof
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
init 1 root cwd DIR 8,1 4096 2 /
init 1 root rtd DIR 8,1 4096 2 /
init 1 root txt REG 8,1 1689248 524288 /sbin/init
...
The lsof command provides a wide range of options to customize the output. For example, you can use the -i option to list only network connections, the -u option to list files opened by a specific user, and the -c option to list files opened by a specific command.
12. fuser
The fuser command is used to identify processes that are using specific files or directories. It can be used to determine which processes are preventing a file or directory from being unmounted or deleted.
To use fuser, simply type fuser followed by the file or directory you want to check. For example, to find processes using the “/var/www/html” directory, you can use the following command:
$ fuser /var/www/html
The fuser command will display the PIDs of the processes that are using the specified file or directory. You can also use options like -k to send a signal to the processes, -m to specify a mount point, and -v to display additional information.
13. netstat
The netstat command is used to display network connections, routing tables, and network interface statistics. It provides detailed information about the network connections established by processes on the system.
To list all network connections, you can use the following command:
$ netstat -a
This will display a list of all active network connections, along with their local and remote addresses, state, and other information.
You can also use netstat with various options to filter the output and display specific information. For example, you can use the -t option to list only TCP connections, the -u option to list only UDP connections, and the -p option to display the process ID and name associated with each connection.
14. ss
The ss command is a modern replacement for the netstat command. It provides similar functionality but with a more efficient and streamlined output format.
To list all network connections, you can use the following command:
$ ss -a
This will display a list of all active network connections, similar to the netstat -a command.
Like netstat, ss provides various options to filter the output and display specific information. For example, you can use the -t option to list only TCP connections, the -u option to list only UDP connections, and the -p option to display the process ID and name associated with each connection.
15. nmap
The nmap command is a powerful network scanning tool used to discover hosts and services on a network. It allows you to scan a range of IP addresses or specific hosts to determine which ports are open and which services are running.
To perform a basic port scan on a host, you can use the following command:
$ nmap
Replace
You can also use various options with nmap to customize the scan. For example, the -p option allows you to specify a specific port or range of ports to scan, the -sV option enables version detection, and the -A option enables aggressive scanning.
16. lscpu
The lscpu command is used to display information about the CPU architecture and its capabilities. It provides detailed information about the processor, such as the number of cores, cache sizes, and CPU flags.
To use lscpu, simply type lscpu in the terminal. It will display information about the CPU on your system, including the architecture, model name, vendor, and other details.
Here’s an example of the lscpu command output:
$ lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 2
Core(s) per socket: 2
Socket(s): 1
...
The lscpu command provides a comprehensive overview of the CPU architecture and can be useful for system administrators and developers.
17. free
The free command is used to display information about the system’s memory usage. It provides detailed information about the total, used, and free memory, as well as the memory used for buffers and cache.
To use free, simply type free in the terminal. It will display information about the memory on your system, including the total, used, and free memory in kilobytes.
Here’s an example of the free command output:
$ free
total used free shared buff/cache available
Mem: 3947000 1507600 1001200 12340 1434320 2017600
Swap: 2048000 0 2048000
The free command provides a quick overview of the system’s memory usage and can be useful for monitoring memory usage and identifying potential issues.
18. vmstat
The vmstat command is used to display information about the system’s virtual memory, including memory usage, paging, and CPU activity. It provides real-time statistics about the system’s performance.
To use vmstat, simply type vmstat in the terminal. It will display information about the system’s virtual memory, including the number of processes, memory usage, paging activity, and CPU activity.
Here’s an example of the vmstat command output:
$ vmstat
procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
r b swpd free buff cache si so bi bo in cs us sy id wa st
0 0 0 1001200 12340 1434320 0 0 0 0 0 0 0 0 100 0 0
The vmstat command provides a detailed overview of the system’s virtual memory and can be useful for monitoring system performance and identifying potential bottlenecks.
19. iostat
The iostat command is used to display information about the system’s input/output (I/O) activity, including disk usage, CPU utilization, and I/O wait time. It provides real-time statistics about the system’s I/O performance.
To use iostat, simply type iostat in the terminal. It will display information about the system’s I/O activity, including the disk utilization, CPU utilization, and I/O wait time.
Here’s an example of the iostat command output:
$ iostat
Linux 5.4.0-91-generic (hostname) 01/01/22 _x86_64_ (4 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.0 0.0 0.0 0.0 0.0 100.0
Device tps kB_read/s kB_wrtn/s kB_read kB_wrtn
sda 0.00 0.00 0.00 0 0
...
The iostat command provides valuable insights into the system’s I/O performance and can be useful for monitoring disk usage and identifying potential performance issues.
20. sar
The sar command is used to collect, report, and analyze system activity information. It provides historical data about system performance, including CPU usage, memory usage, disk activity, and network activity.
To use sar, you need to have the sysstat package installed on your system. Once installed, you can use the sar command followed by the desired options to collect and display system activity information.
Here’s an example of the sar command to display CPU usage:
$ sar -u
Linux 5.4.0-91-generic (hostname) 01/01/22 _x86_64_ (4 CPU)
12:00:01 AM CPU %user %nice %system %iowait %steal %idle
12:10:01 AM all 0.00 0.00 0.00 0.00 0.00 100.00
...
The sar command provides a wealth of historical data about system performance, allowing you to analyze trends and identify performance bottlenecks.
21. mpstat
The mpstat command is used to display information about CPU usage and statistics for each processor in a multi-processor system. It provides real-time statistics about CPU utilization, idle time, and other metrics.
To use mpstat, simply type mpstat in the terminal. It will display information about each processor in the system, including the CPU utilization, idle time, and other metrics.
Here’s an example of the mpstat command output:
$ mpstat
Linux 5.4.0-91-generic (hostname) 01/01/22 _x86_64_ (4 CPU)
12:00:01 AM CPU %usr %nice %sys %iowait %irq %soft %steal %guest %gnice %idle
12:10:01 AM all 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 100.00
...
The mpstat command provides detailed information about CPU usage and can be useful for monitoring system performance and identifying potential bottlenecks in multi-processor systems.
22. uptime
The uptime command is used to display the system’s uptime and load average. It provides information about how long the system has been running and the average number of processes in the run queue over the last 1, 5, and 15 minutes.
To use uptime, simply type uptime in the terminal. It will display the system’s uptime, the number of users currently logged in, and the load average.
Here’s an example of the uptime command output:
$ uptime
10:47:30 up 1:23, 2 users, load average: 0.00, 0.01, 0.05
The load average represents the average number of processes in the run queue over the last 1, 5, and 15 minutes. A high load average indicates that the system is under heavy load, while a low load average indicates that the system is idle.
23. w
The w command is used to display information about currently logged-in users and their activities. It provides detailed information about each user, including their username, terminal, login time, and current activity.
To use w, simply type w in the terminal. It will display a list of currently logged-in users, along with their login time, idle time, and the command they are currently running.
Here’s an example of the w command output:
$ w
10:47:30 up 1:23, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user tty1 - 09:24 1:23m 0.01s 0.01s -bash
user pts/0 192.168.0.1 10:00 0.00s 0.10s 0.01s w
The w command provides a comprehensive overview of currently logged-in users and their activities, making it useful for system administrators and monitoring user sessions.
24. who
The who command is used to display information about currently logged-in users. It provides a list of users currently logged in, along with their login time and the terminal they are using.
To use who, simply type who in the terminal. It will display a list of currently logged-in users, along with their login time and the terminal they are using.
Here’s an example of the who command output:
$ who
user tty1 2022-01-01 09:24
user pts/0 2022-01-01 10:00 (192.168.0.1)
The who command provides a simple and concise overview of currently logged-in users, making it useful for quickly checking user sessions.
25. last
The last command is used to display information about previous logins on the system. It provides a list of recent login sessions, including the username, terminal, login time, and logout time.
To use last, simply type last in the terminal. It will display a list of recent login sessions, along with the username, terminal, login time, and logout time.
Here’s an example of the last command output:
$ last
user tty1 Fri Jan 1 09:24 still logged in
user pts/0 Fri Jan 1 10:00 still logged in (192.168.0.1)
...
The last command provides a historical overview of previous logins on the system, making it useful for auditing and monitoring user activity.
26. watch
The watch command is used to execute a command repeatedly and display its output in real-time. It allows you to monitor the output of a command at regular intervals without having to manually run the command each time.
To use watch, simply type watch followed by the command you want to monitor. For example, to monitor the output of the ps aux command every 2 seconds, you can use the following command:
$ watch -n 2 ps aux
The watch command will execute the specified command every 2 seconds and display its output in the terminal. This can be useful for monitoring the status of processes or system resources in real-time.
27. strace
The strace command is used to trace system calls and signals made by a process. It allows you to monitor the interactions between a process and the operating system, providing detailed information about the system calls and signals being executed.
To use strace, simply type strace followed by the command you want to trace. For example, to trace the system calls made by the ls command, you can use the following command:
$ strace ls
The strace command will execute the specified command and display the system calls and signals made by the process in the terminal. This can be useful for debugging and understanding the behavior of a process.
28. ltrace
The ltrace command is used to trace library calls made by a process. It allows you to monitor the interactions between a process and the shared libraries it uses, providing detailed information about the library calls being executed.
To use ltrace, simply type ltrace followed by the command you want to trace. For example, to trace the library calls made by the ls command, you can use the following command:
$ ltrace ls
The ltrace command will execute the specified command and display the library calls made by the process in the terminal. This can be useful for understanding how a process interacts with shared libraries and diagnosing issues related to library dependencies.
29. gdb
The gdb command is a powerful debugger for C, C++, and other programming languages. It allows you to analyze and debug running processes, set breakpoints, inspect variables, and trace the execution of a program.
To use gdb, you need to have the debugging symbols installed for the program you want to debug. Once installed, you can use the gdb command followed by the name of the program to start the debugger.
Here’s an example of using gdb to debug a program:
$ gdb myprogram
(gdb) break main
(gdb) run
(gdb) print variable
(gdb) step
(gdb) quit
The gdb command provides a wide range of features and commands for debugging programs, making it an essential tool for developers and system administrators.
30. dmesg
The dmesg command is used to display the kernel ring buffer, which contains messages from the kernel about system events and hardware initialization. It provides valuable information about the system’s boot process, hardware detection, and kernel-level events.
To use dmesg, simply type dmesg in the terminal. It will display the contents of the kernel ring buffer, including messages from the kernel about various events.
Here’s an example of the dmesg command output:
$ dmesg
[ 0.000000] Linux version 5.4.0-91-generic (buildd@lgw01-amd64-036) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021 (Ubuntu 5.4.0-91.102-generic 5.4.154)
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.4.0-91-generic root=UUID=1234-5678 ro quiet splash
...
The dmesg command provides valuable insights into the system’s boot process and kernel-level events, making it useful for troubleshooting hardware issues and diagnosing kernel-related problems.
Conclusion
Listing and managing processes on Linux is an essential skill for system administrators, developers, and anyone working with Linux systems. The commands covered in this article provide a comprehensive set of tools for listing, monitoring, and managing processes on Linux. Whether you need to view detailed information about running processes, monitor system performance, or debug a program, these commands will help you get the job done efficiently and effectively.
FAQs
1. How can I list all processes running on Linux?
To list all processes running on Linux, you can use the ps aux command. This will display detailed information about each process, including the process ID (PID), CPU and memory usage, and the command that started the process.
2. How can I monitor system performance in real-time on Linux?
You can use commands like top and htop to monitor system performance in real-time on Linux. These commands provide a dynamic view of the system’s processes, sorted by various criteria such as CPU usage, memory usage, and more.
3. How can I kill a process on Linux?
To kill a process on Linux, you can use the kill command followed by the process ID (PID) of the process you want to kill. By default, kill sends the SIGTERM signal to the process, which is a request for termination. If the process does not respond to the SIGTERM signal, you can use the -9 option to send the SIGKILL signal, which forcefully terminates the process.