Monday, September 25, 2023

How to Read and Understand the Linux free Command Output

 The free command is a valuable utility in the Linux arsenal, providing insights into your system's memory usage. It presents a snapshot of the memory utilization and helps you gauge the health of your system's RAM. In this article, we'll explore how to read and interpret the output of the free command to make informed decisions regarding your system's memory management.

The Basics of the free Command

Before diving into interpreting the free command output, let's understand how to use it. Open a terminal and simply type:

 

free

 

By default, this command displays memory statistics in kilobytes. To make the output more human-readable, you can use the -h flag to display the values in megabytes and gigabytes:

 

free -h

 

To display Memory in Gigabytes

 

free -g 

 

Sample output:

 

[root@node1 ~]# free -h
      total        used        free      shared  buff/cache   available
Mem:  15G          751M        1.2G        272M         13G         14G
Swap: 0B           0B          0B

 

Interpreting the free Command Output

The free command output is divided into several columns. Here's what each column represents:

  1. total: This column represents the total amount of physical RAM on your system. It's the sum of used and free memory.
  2. used: This column shows the total amount of RAM currently in use by the system.
  3. free: This column displays the amount of RAM that is currently unused or available for new processes.
  4. shared: Shared memory is memory that can be used by multiple processes. This column indicates how much memory is shared among processes.
  5. buffers: Buffers are memory blocks used to speed up data transfer between the RAM and hard drive. This column shows the amount of memory used for buffering.
  6. cached: Cached memory is memory used to store data from recently accessed files for faster access in the future. This column represents the amount of memory used for caching.
  7. available: This column is available starting from free version 3.3. It indicates the estimated amount of memory that is available for starting new applications, without swapping.

 

Key Points for Understanding Memory Usage

Now, let's delve into some key points to help you interpret the free command output effectively:

  1. Total Memory vs. Used Memory: Comparing the total and used columns gives you an immediate sense of how much memory your system is actively using. If used is close to total, your system might be experiencing high memory utilization.
  2. Free Memory: The free column shows the amount of memory that's currently not being used. This value fluctuates as applications and processes run and release memory. A low free memory value doesn't necessarily indicate a problem unless it's consistently low.
  3. Buffers and Cached Memory: The buffers and cached columns represent memory used for optimization purposes. This memory is typically released when needed by applications. It's normal for these values to be non-zero.
  4. Shared Memory: Shared memory is used by processes that need to communicate with each other quickly. It's typically a small fraction of the total memory.
  5. Available Memory: The available column, if available in your free output, provides a useful estimate of how much memory is readily available for new applications. It's particularly valuable to check if you're concerned about system responsiveness.
  6. Swap Space: Keep in mind that the free command output doesn't provide information about swap space. If you see consistently high memory usage and a significant amount of swapping (use swapon -s to check swap usage), you may need to consider adding more physical RAM to your system.

 

When to Take Action

Understanding the free command output helps you identify potential memory issues. Here are some scenarios when you might need to take action:

  1. Low Free Memory: If the free column consistently shows very little free memory, it may indicate that your system is running out of physical RAM. Consider adding more RAM or optimizing your software to reduce memory usage.
  2. High Swap Usage: Frequent and significant swapping can lead to a noticeable slowdown. Monitor your system's swap usage (swapon -s) and consider addressing the root cause, such as reducing memory-hungry processes or adding more RAM.
  3. Excessive Cached Memory: If the cached value is extremely high, it might suggest that your system is using a substantial portion of RAM for file caching. While this is generally beneficial, you might want to evaluate if it's impacting your application's performance.
  4. Available Memory Drops Significantly: If the available column suddenly drops to a very low value while running applications, it could indicate a memory bottleneck. Investigate which processes are consuming memory and optimize them if necessary.
  5. OOM kicks in: There are OutOfMemory-killer messages in the logs. You can check it with:

# grep -i kill /var/log/messages*

kernel: Out of memory: Kill process 8910 (mysqld) score 511 or sacrifice child

kernel: Killed process 8910, UID 27, (mysqld) total-vm:2457368kB, anon-rss:816780kB, file-rss:4kB

or

dmesg | grep oom-killer

 

Wednesday, September 20, 2023

SS command Cheat Sheet

ss Command Cheat Sheet

This cheat sheet provides an overview of the ss command and its commonly used options for examining socket statistics and network connections in Linux. Adjust the options as needed to match your specific requirements when working with ss.

 

1. Displaying Sockets:

  • ss: Display a summary of all sockets.
  • ss -t: Display TCP sockets.
  • ss -u: Display UDP sockets.
  • ss -w: Display raw sockets.
  • ss -x: Display UNIX domain sockets.

 

2. Filtering and Displaying Specific Sockets:

  • ss -tuln: Display all listening TCP and UDP sockets without resolving names.
  • ss -tul: Display all listening TCP and UDP sockets with name resolution.
  • ss -t4: Display IPv4 sockets.
  • ss -t6: Display IPv6 sockets.

 

3. Display Socket Statistics:

  • ss -s: Display socket statistics summary.
  • ss -t -s: Display TCP socket statistics.
  • ss -u -s: Display UDP socket statistics.
  • ss -w -s: Display raw socket statistics.
  • ss -x -s: Display UNIX domain socket statistics.

 

4. Display Extended Information:

  • ss -e: Display extended information, including socket UID and inode.
  • ss -t -a: Display all sockets (listening and non-listening).

 

5. Display Processes Associated with Sockets:

  • ss -t -p: Show the processes associated with each socket.
  • ss -t -t -p: Display TCP sockets along with their associated processes.

 

6. Display Socket Timers:

  • ss -o: Show socket timers (e.g., TCP retransmit timeout).
  • ss -t -o: Display TCP socket timers.
  • ss -u -o: Display UDP socket timers.

 

7. Show Header Information:

  • ss -H: Display header lines to label each column.
  • ss -i: Display information about network interfaces.

 

8. Filter by State:

  • ss state FIN-WAIT-1: Display sockets in a specific state (e.g., FIN-WAIT-1).
  • ss state connected: Show connected sockets.

 

9. Sort Output:

  • ss -t state established -o: Sort and display established TCP connections.
  • ss -n -o state established | sort -r -k 5: Sort established connections by data transfer rate.

 

10. Output in JSON Format:

  • ss -t -j: Display socket information in JSON format.

 

11. Display Help:

  • ss --help: Display the ss command's help and usage information.

 

12. Clear Timers and Counters:

  • ss -t -E: Clear socket timers.
  • ss -t -Z: Clear socket counters.

 

13. Show Reverse DNS Lookups:

  • ss -r: Show reverse DNS lookups in the output.

 

Tuesday, September 19, 2023

IP command Cheat Sheet

Several of the most used Linux commands/tools such as ifconfig, netstat, route is deprecated. It’s time to start using the versatile ip command line utility.

 

Ip command line utility provided by the ‘net-tools’ package is used for various network administration tasks on Linux nodes.

 

Syntax of the ip command line utility:

 

# ip [ OPTIONS ] OBJECT { COMMAND | help}

 

OPTIONS are used to define global parameters. Commonly used ones being:

-4 -> shows IPv4 specific details only.

-6 -> shows IPv6 specific details only.

-s -> shows statistics of the various network interfaces.

-t -> display current time when using monitor option.

 

 

OBJECTS are the items the command would action on.

Commonly used OBJECTS are the follows:

 

OBJECT

Abbreviation

Used for

address

a, addr

IP address on the device

link

l

Network device

route

r

Routing table entry

rule

ru

Rule in the routing policy database

neighbour

n, neigh

Manage ARP/NDSC cache entries

maddress

m, maddr

Multicast address

monitor

 

Watch netlink messages

 

 

This cheat sheet offers a concise overview of the ip command and its available options. It serves as a valuable resource for troubleshooting network and system issues."

 

NOTE: The commands have certain parameters mentioned in capital letters like ‘INTERFACE’, this needs to be changed depending on your use case.

1. Displaying Network Information:

  • ip address show or ip a : Show information about all network interfaces.
  • ip link show or ip l : Display link layer information.
  • ip route show or ip r : Display the routing table.

2. Managing Network Interfaces:

  • ip link set dev INTERFACE up/down : Enable or disable a network interface.
  • ip link set dev INTERFACE name NEW_NAME : Rename a network interface.
  • ip link set dev INTERFACE mtu MTU_VALUE : Set the Maximum Transmission Unit (MTU) for an interface.
  • ip link add link INTERFACE name NEW_INTERFACE type TYPE : Create a new virtual interface based on an existing one.

3. Configuring IP Addresses:

  • ip address add IP_ADDRESS/NETMASK dev INTERFACE : Assign an IP address to an interface.
  • ip address delete IP_ADDRESS/NETMASK dev INTERFACE : Remove an IP address from an interface.
  • ip address show dev INTERFACE : Display IP address information for a specific interface.

4. Managing Routes:

  • ip route add NETWORK via GATEWAY : Add a static route.
  • ip route delete NETWORK : Delete a static route.
  • ip route show : Display the routing table.
  • ip route flush cache : Clear the routing cache.

5. Managing ARP Cache:

  • ip neigh show : Display the ARP cache.
  • ip neigh add IP_ADDRESS lladdr MAC_ADDRESS dev INTERFACE : Add an ARP cache entry manually.
  • ip neigh delete IP_ADDRESS dev INTERFACE : Delete an entry from the ARP cache.

6. Managing VLANs (Virtual LANs):

  • ip link add link INTERFACE name VLAN_NAME type vlan id VLAN_ID : Create a VLAN interface.
  • ip link show VLAN_NAME : Display information about a VLAN interface.

7. Managing Bridge Interfaces:

  • ip link add name BRIDGE_NAME type bridge : Create a bridge interface.
  • ip link set dev INTERFACE master BRIDGE_NAME : Add an interface to a bridge.
  • ip link set dev INTERFACE nomaster : Remove an interface from a bridge.
  • ip link show BRIDGE_NAME : Display information about a bridge.

8. Managing Tunnels:

  • ip tunnel add TUNNEL_NAME mode MODE remote REMOTE_IP local LOCAL_IP : Create a tunnel interface.
  • ip tunnel delete TUNNEL_NAME : Delete a tunnel interface.
  • ip tunnel show : Display information about tunnel interfaces.

9. Managing QoS and Traffic Control:

  • ip link set dev INTERFACE qlen QUEUE_LENGTH : Set the length of the transmit queue.
  • ip link set dev INTERFACE txqueuelen QUEUE_LENGTH : Set the length of the transmit queue.
  • tc : Use the tc command for advanced traffic control and QoS configuration.

10. Managing Multicast:

  • ip maddr show : Display multicast group memberships.
  • ip maddr add IP_ADDRESS dev INTERFACE : This adds the INTERFACE to the membership of the multicast group with an  IPv4 address of IP_ADDRESS.
  • ip maddr delete IP_ADDRESS dev INTERFACE : Leave the INTERFACE from the multicast group with ip address IP_ADDRESS.

This ip command cheat sheet should provide you with a quick reference for managing network configurations and interfaces in Linux.

Remember to replace INTERFACE, IP_ADDRESS, NETMASK, NETWORK, GATEWAY, VLAN_NAME, BRIDGE_NAME, TUNNEL_NAME, REMOTE_IP, LOCAL_IP, QUEUE_LENGTH, and other placeholders with your specific values when using the commands.