UNIT-II

Linux Administrative Commands

Basic Linux commands, shell commands, File System and Management, Networking
Commands, System

Diagnostics/Monitor Performance.

Linux Basic Directory Commands

pwd Command

The pwd command is used to display the location of the current working directory.

Syntax:

1. pwd

Output:

mkdir Command

The mkdir command is used to create a new directory under any directory.

Syntax:

1. mkdir <directory name>

Output:

rmdir Command

The rmdir command is used to delete a directory.

Syntax:

1. rmdir <directory name>

Output:

ls Command
The ls command is used to display a list of content of a directory.

Syntax:

1. ls

Output:

cd Command

The cd command is used to change the current directory.

Syntax:

1. cd <directory name>

Output:

Linux File commands

touch Command

The touch command is used to create empty files. We can create multiple empty files by
executing it once.

Syntax:

1. touch <file name>

2. touch <file1> <file2> ....

Output:

cat Command
The cat command is a multi-purpose utility in the Linux system. It can be used to create a file,
display content of the file, copy the content of one file to another file, and more.

Syntax:

1. cat <fileName>

Example:

1. cat jtp.txt

In the above snapshot, file 'jtp.txt' is displayed with the help of command "cat jtp.txt".

Note: To display the content of multiple files at once, type file names in one single line like
"cat file1 file2 file3... fileN.

Linux cat command usage

Option Function

cat > [fileName] To create a file.

cat [oldfile] > [newfile] To copy content from older to new file.

cat [file1 file2 and so on] > [new file name] To concatenate contents of multiple files into one.
cat -n/cat -b [fileName] To display line numbers.

cat -e [fileName] To display $ character at the end of each line.

cat [fileName] <<EOF Used as page end marker.

Linux cat command (to create a file)

The 'cat' command can be used to create a new file with greater than sign (>).

Syntax:

1. cat > <file name>

Example:

1. cat > javatpoint

In the above snapshot, we have created a new file called "javatpoint". Now let's see how to
create it.

Type the command "cat >javatpoint" and press 'enter'. You will be directed to the next line.

Press 'enter' after every line and you will be directed to the next line. To save your file, go to
the next line, press 'ctrl+d' and your file will be saved.

To Append the Content of A File

The 'cat' command with double greater than sign (>>) append (add something in the last of a
file) something in your already existing file.

Syntax:

1. cat >> (file name)

Example:

1. cat >> javatpoint

Look at the above snapshot, a new line at the end is added in the file 'javatpoint'. After passing
"cat >> javatpoint" command, type the lines as much as you want to add. To save the file
press 'ctrl + d'.

Linux cat command (to copy file)

The 'cat' command can be used to copy the content of a file into another file.

Syntax:

1. cat (older file name) > (newer file name)

Example:

1. cat combo > combo2

In the above snapshot, we have copied the content of file 'combo' into the file 'combo2' with
the command "cat combo > combo2".
Linux cat command (to concatenate files)

The 'cat' command can be used to concatenate the contents of multiple files in a single new file.

Syntax:

1. cat <filename1> <filename2>.... > <newFilename>

Example:

1. cat file1 file2 file3 > combo

Look at the above snapshot, we have combined three files "file1, file2, and file3" into a single
file "combo" with the command "cat file1 file2 file3 >combo".

Notice the content of three separate files and then the content of a new concatenated file that is
"combo".

To Insert A New Line

A new line will be inserted while concatenating multiple files by using a hyphen (-).

syntax:

1. cat - <filename1> <filename2>.... > <new filename>

Example:

1. cat - file1 file2 file3 >combo

In the above snapshot, we have inserted a new line at the beginning while concatenating file1,
file2 and file3 with the command "cat - file1 file2 file3 >combo".

Note: Line will be inserted at the beginning of the file only.

Linux cat -n command (to display line numbers)

The 'cat -n' option displays line numbers in front of each line in a file.

Syntax:

1. cat -n <fileName>

Example:

1. cat -n jtp.txt
Look at the above snapshot; the file 'jtp.txt' has a line number in front of every line by passing
the command "cat -n jtp.txt".

cat -b (file name)

The 'cat -b' option removes the empty lines.

Syntax:

1. cat -b (file name)

Example:

1. cat -b jtp.txt
In the previous snapshot, after line 19, line number 20 has also been marked but it is an empty
line.

In the above snapshot, line 20 is removed with the help of command "cat -b jtp.txt".

Linux cat -e command (to display $)

The 'cat-e' option displays a '$' sign at the end of every line.

Syntax:

1. cat -e <fileName>

Example:

1. cat -e program
Look at the above snapshot; some lines include spaces also. A user won't be able to recognize
whitespace at the end of each line. The "cat -e program" command will put the $ sign at the
end of every line including spaces.

Linux cat command (as an end marker)

The 'cat << EOF ' option displays an end marker at the end of a file. It is called here directive
and file content will be saved at the given end marker.

The file can be saved with the help of 'ctrl + d ' keys also. It works like the end marker.

Note: Any word other than 'EOF' can be used for the end marker.

Syntax:

1. cat << EOF

Example:

1. cat > exm.txt << EOF

In the above snapshot, we have created 'exm.txt' file with 'EOF' as the end marker by passing
the command "cat > exm.txt << EOF".

n Linux, all files are recognized by their path, which describes their location inside the file
system. The path of a file includes the directory hierarchy heading to the file, pursued by its
name. For instance, the /home/user/documents/text1.txt path shows that the text1.txt is placed
inside the directory of the document, which is in the user directory.

Rename

Basic syntax:

1. rename 's/old-name/new-name/' files

This ('s/old-name/new-name/') is the PCRE (perl compatible regular expression) which denotes
files to rename and how.

Let's see an example of basic rename command:

In the example below we have converted all the files ending with '.txt' into files ending with
'.pdf'.

head Command

The head command is used to display the content of a file. It displays the first 10 lines of a file.

Syntax:

1. head <file name>

Output:

13. tail Command

The tail command is similar to the head command. The difference between both commands is
that it displays the last ten lines of the file content. It is useful for reading the error message.

Syntax:

1. tail <file name>

Output:

14. tac Command

The tac command is the reverse of cat command, as its name specified. It displays the file
content in reverse order (from the last line).

Syntax:

1. tac <file name>

Output:

more command

The more command is quite similar to the cat command, as it is used to display the file content
in the same way that the cat command does. The only difference between both commands is
that, in case of larger files, the more command displays screenful output at a time.

In more command, the following keys are used to scroll the page:

ENTER key: To scroll down page by line.

Space bar: To move to the next page.

b key: To move to the previous page.

/ key: To search the string.

 Syntax:

1. more <file name>

Output:

less Command

The less command is similar to the more command. It also includes some extra features such as
'adjustment in width and height of the terminal.' Comparatively, the more command cuts the
output in the width of the terminal.

Syntax:

1. less <file name>

Output:
 Linux User Commands

su Command

The su command provides administrative access to another user. In other words, it allows
access of the Linux shell to another user.

Syntax:

1. su <user name>
Output:

18. id Command

The id command is used to display the user ID (UID) and group ID (GID).

Syntax:
1. id

Note:
The Linux sudo command stands for Super User Do. Generally, it is applied as a prefix of a
few commands that superuser is allowed to execute.

If we prefix the command along with other commands, it would execute that command with high
privileges. In other words, it will permit user along with proper authorization eating a command
as other users like the superuser.

It is equal to the option "run as administrator" in Windows. The sudo option allows us to have
more than one administrator. The users who can apply the sudo command require to have the
entry inside the file sudoers positioned at "/etc/sudoers/".

Output:

useradd Command

The useradd command is used to add or remove a user on a Linux server.

Syntax:

1. useradd username
Output:

passwd Command

The passwd command is used to create and change the password for a user.

Syntax:

passwd <username>

Output:
groupadd Command

The groupadd command is used to create a user group.

Syntax:

groupadd <group name>

cut Command

The cut command is used to select a specific column of a file. The '-d' option is used as a
delimiter, and it can be a space (' '), a slash (/), a hyphen (-), or anything else. And, the '-f' option
is used to specify a column number.

Syntax:

cut -d(delimiter) -f(columnNumber) <fileName>

Output:

grep Command
 The grep is the most powerful and used filter in a Linux system. The 'grep' stands for "global
regular expression print." It is useful for searching the content from a file. Generally, it is
used with the pipe.

Syntax:

1. command | grep <searchWord>

Output:

comm Command

The 'comm' command is used to compare two files or streams. By default, it displays three
columns, first displays non-matching items of the first file, second indicates the non-matching
item of the second file, and the third column displays the matching items of both files.

Syntax:

1. comm <file1> <file2>

Output:

sed command

The sed command is also known as stream editor. It is used to edit files using a regular
expression. It does not permanently edit files; instead, the edited content remains only on
display. It does not affect the actual file.

Syntax:

1. command | sed 's/<oldWord>/<newWord>/'

 Output:

tee command
The tee command is quite similar to the cat command. The only difference between both filters
is that it puts standard input on standard output and also write them into a file.

Syntax:

1. cat <fileName> | tee <newFile> | cat or tac |.....

Output:

tr Command

The tr command is used to translate the file content like from lower case to upper case.

Syntax:

1. command | tr <'old'> <'new'>

Output:

uniq Command

The uniq command is used to form a sorted list in which every word will occur only once.
 Syntax:

1. command <fileName> | uniq

Output:

wc Command

The wc command is used to count the lines, words, and characters in a file.

Syntax:

1. wc <file name>
Output:

od Command

The od command is used to display the content of a file in different s, such as hexadecimal,
octal, and ASCII characters.

Syntax:

1. od -b <fileName> // Octal format

2. od -t x1 <fileName> // Hexa decimal format
3. od -c <fileName> // ASCII character format
Output:
 sort Command

The sort command is used to sort files in alphabetical order.

Syntax:

1. sort <file name>

Output:

gzip Command

The gzip command is used to truncate the file size. It is a compressing tool. It replaces the
original file by the compressed file having '.gz' extension.

Syntax:

1. gzip <file1> <file2> <file3>...

Output:
 gunzip Command

The gunzip command is used to decompress a file. It is a reverse operation of gzip command.

Syntax:

1. gunzip <file1> <file2> <file3>. .

Output:

Linux Utility Commands

find Command

The find command is used to find a particular file within a directory. It also supports various
options to find a file such as byname, by type, by date, and more.

The following symbols are used after the find command:

(.) : For current directory name

(/) : For root

Syntax:

1. find . -name "*.pdf"

Output:
 locate Command

The locate command is used to search a file by file name. It is quite similar to find command;
the difference is that it is a background process. It searches the file in the database, whereas the
find command searches in the file system. It is faster than the find command. To find the file
with the locates command, keep your database updated.

Syntax:

1. locate <file name>

Output:

date Command

The date command is used to display date, time, time zone, and more.

Syntax:

1. date
Output:
 cal Command

The cal command is used to display the current month's calendar with the current date
highlighted.

Syntax:

1. cal<
Output:

sleep Command

The sleep command is used to hold the terminal by the specified amount of time. By default, it
takes time in seconds.

Syntax:

1. sleep <time>
Output:

time Command

The time command is used to display the time to execute a command.

Syntax:

1. time
Output:

zcat Command

The zcat command is used to display the compressed files.

 Syntax:

1. zcat <file name>

Output:

df Command

The df command is used to display the disk space used in the file system. It displays the output
as in the number of used blocks, available blocks, and the mounted directory.

Syntax:

1. df
Output:

mount Command

The mount command is used to connect an external device file system to the system's file
system.

Syntax:
1. mount -t type <device> <directory>
Output:

exit Command

Linux exit command is used to exit from the current shell. It takes a parameter as a number and
exits the shell with a return of status number.

Syntax:

1. exit
Output:

After pressing the ENTER key, it will exit the terminal.

45. clear Command

Linux clear command is used to clear the terminal screen.

Syntax:

1. clear
Output:

After pressing the ENTER key, it will clear the terminal screen.
 Linux Networking Commands

ip Command

Linux ip command is an updated version of the ipconfig command. It is used to assign an IP

address, initialize an interface, disable an interface.

Syntax:

1. ip a or ip addr
Output:

ssh Command

Linux ssh command is used to create a remote connection through the ssh protocol.

Syntax:

1. ssh user_name@host(IP/Domain_name)</p>
mail Command

The mail command is used to send emails from the command line.

Syntax:

1. mail -s "Subject" <recipient address>

Output:
 ping Command

The ping command is used to check the connectivity between two nodes, that is whether the
server is connected. It is a short form of "Packet Internet Groper."

Syntax:

1. ping <destination>
Output:

host Command
The host command is used to display the IP address for a given domain name and vice versa. It
performs the DNS lookups for the DNS Query.

Syntax:

1. host <domain name> or <ip address>

Output:

What is Bash?
• BASH is an acronym for Bourne Again Shell, a punning name, which is a tribute to
Bourne Shell (i.e., invented by Steven Bourne).
• Bash is a shell program written by Brian Fox as an upgraded version of Bourne Shell
program 'sh'. It is an open source GNU project. It was released in 1989 as one of the
most popular shell distribution of GNU/Linux operating systems. It provides functional
improvements over Bourne Shell for both programming and interactive uses. It includes
command line editing, key bindings, command history with unlimited size, etc.
• In basic terms, Bash is a command line interpreter that typically runs in a text window
where user can interpret commands to carry out various actions. The combination of
these commands as a series within a file is known as a Shell Script. Bash can read and
execute the commands from a Shell Script.
• Bash is the default login shell for most Linux distributions and Apple's mac OS. It is
also accessible for Windows 10 with a version and default user shell in Solaris 11.
Command shortcuts
• similar in other shells, but be aware there could be subtle differences.
• 1. Tab
Tab is my ultimate friend - it never lets me down. It is the handiest shortcut and time saver ever
developed. It autocompletes commands, file names, or directory names for you. Simply start
typing a command, file name, or directory name, and then press the Tab key. The system will
either complete the string or display all available options to you.
• 2. Ctrl+C
Ctrl+C is a well-known shortcut that I use all the time. It cleanly aborts most programs by
sending the SIGINT signal to the program that I want to interrupt and abort. Most programs
correctly catch it and exit cleanly. If the program does not specify how to handle SIGINT, the
underlying processes are then self-terminated. Yes, it's safe to use.
• 3. Ctrl+R/O/G
I find this combination (reverse-i-search) very useful when searching through my command
history. I can bring up commands that I used previously, navigate through them, and repeat the
command I need. This is very helpful with long and chained commands.
Ctrl+R: Recall the last command matching the characters you provide.
Ctrl+R (again): Navigate through the matching commands.
Ctrl+O: Send the command back to your terminal or select Enter to execute the command from
the search mode.
Ctrl+G: Leave the history search mode without running a command.
• Ctrl+L
This shortcut is equivalent to the clear command. It clears your terminal screen.
• 5. Ctrl+D
This shortcut will effectively log you out of any terminal and close it, or get you back to the
original user when used after su or sudo commands. It sends an EOF (End-of-file) marker to
bash. Bash exits when it receives this marker. This shortcut is similar to running
the exit command.
• 6. Ctrl+Alt+D
This shortcut will minimize all terminals/windows and show your desktop. Repeat it to revert
your windows back in the same order.
• 7. Ctrl+U
This shortcut erases everything from the current cursor position to the beginning of the line. I
find this useful when I mistype a command or see a syntax error and prefer to start over. It's a
very handy shortcut.
• 8. Ctrl+Z
This shortcut is useful if you need to get the terminal back while working on something. It sends
the SIGTSTP signal to the foreground process. For example, you are working in a text editor
and need to break out to find some data. You can use this shortcut to suspend and send the
editor to the background, do your other task, and then run fg to get back into your application.
• 9. Ctrl+A
Move the cursor to the beginning of the line. Very handy when you need that little flag added
to the beginning of your 200 characters chained-command. I use this instead of the arrow keys
to save time.
• 10. Ctrl+E
This shortcut does the opposite of Ctrl+A. It moves the cursor to the end of the line. I always
use the Ctrl+A and Ctrl+E shortcuts to quickly move my cursor around the current line while
typing long or chained commands.

Difference Between Linux Commands and Shell Commands

In general, the terms "Linux commands" and "shell commands" are often used
interchangeably, but there is a subtle difference:

1. Linux Commands: These are programs or binaries stored in the filesystem (e.g., /bin,
/usr/bin). They are external programs that the shell executes when a user types them.
o Example: ls, cp, mv, grep, find, tar, wget, etc.
2. Shell Commands: These are built into the shell itself (e.g., Bash, Zsh, etc.). They do
not require an external binary file to run.
o Example: cd, echo, export, alias, history, pwd, set, unset, exit, etc.

shell commands

1. cd (Change Directory)

Description: Changes the current working directory.

$ cd /home/user/Documents
$ pwd
/home/user/Documents

2. echo (Print Text or Variables)

Description: Displays text or variable values.

$ echo "Hello, Linux!"

Hello, Linux!
Prints "Hello, Linux!" to the terminal.

3. export (Set Environment Variables)

Description: Sets an environment variable for the current session.

$ export MY_VAR="Shell Scripting"

$ echo $MY_VAR
Shell Scripting
The variable MY_VAR is now accessible in the shell.

4.alias (Create Shortcuts for Commands)

Description: Defines an alias (shortcut) for a command.

$ alias ll="ls -la"

$ ll

(total files and directories are listed in long format)

ll now runs ls -la.

5. history (Show Command History)

Description: Displays previously executed commands.

$ history | tail -5

95 ls -l

96 cd /home/user

97 echo "Hello"

98 history

99 history | tail -5

Shows the last 5 executed commands.

6. unset (Remove a Variable or Alias)

Description: Deletes an environment variable or alias.

$ unset MY_VAR

$ echo $MY_VAR

(Empty output)

MY_VAR is removed.
7. exit (Close the Terminal Session)

Description: Exits the shell.

$ exit

Closes the terminal session.

8. set (Show or Modify Shell Options and Variables)

Description: Displays shell variables or sets options.

$ set | grep SHELL

SHELL=/bin/bash

Shows the shell being used.

9.source (Execute a Script in the Current Shell)

Description: Runs a script in the current shell session instead of a new one.

$ source myscript.sh

Executes myscript.sh without creating a new shell.

10. pwd (Print Working Directory)

Description: Displays the current directory path.

$ pwd

/home/user/Documents

Shows the full path of the current directory.

***************************************************************************

File Management in Linux

In Linux, most of the operations are performed on files. And to handle these files Linux has
directories also known as folders which are maintained in a tree-like structure. Though, these
directories are also a type of file themselves. Linux has 3 types of files:

1. Regular Files: It is the common file type in Linux. it includes files like – text files,
images, binary files, etc. Such files can be created using the touch command. They
consist of the majority of files in the Linux/UNIX system. The regular file contains
 ASCII or Human Readable text, executable program binaries, program data and much
more.
2. Directories: Windows call these directories as folders. These are the files that store the
list of file names and the related information. The root directory(/) is the base of the
system, /home/ is the default location for user’s home directories, /bin for Essential User
Binaries, /boot – Static Boot Files, etc. We could create new directories with mkdir
command.
3. Special Files: Represents a real physical device such as a printer which is used for IO
operations. Device or special files are used for device Input/Output(I/O) on UNIX and
Linux systems. You can see them in a file system like an ordinary directory or file.

In Unix systems, there are two types of special files for each device, i.e. character special files
and block special files. For more details, read the article Unix file system.

Attributes of a File
Following are some of the attributes of a file:
 Name . It is the only information which is in human-readable form.
 Identifier. The file is identified by a unique tag(number) within file system.
 Type. It is needed for systems that support different types of files.
 Location. Pointer to file location on device.
 Size. The current size of the file.
 Protection. This controls and assigns the power of reading, writing, executing.
 Time, date, and user identification. This is the data for protection, security, and usage
monitoring.
File Operations
The operating system must do to perform basic file operations given below.
 Creating a file: Two steps are necessary to create a file. First, space in the file system
must be found for the file. Second, an entry for the new file must be made in the directory.
 Writing a file: To write a file, we make a system call specifying both the name of the
file and the information to be written to the file. Given the name of the file, the system
searches the directory to find the file's location. The system must keep a write pointer to
the location in the file where the next write is to take place. The write pointer must be
updated whenever a write occurs.
 Reading a file: To read from a file, we use a system call that specifies the name of the
file and where (in memory) the next block of the file should be put. Again, the directory
is searched for the associated entry, and the system needs to keep a read pointer to the
location in the file where the next read is to take place. Once the read has taken place,
the read pointer is updated.
 Repositioning within a file: The directory is searched for the appropriate entry, and the
current-file-position pointer is repositioned to a given value. Repositioning within a file
need not involve any actual I/O. This file operation is also known as a file seek.
 Deleting a file. To delete a file, we search the directory for the named file. Having
found the associated directory entry, we release all file space, so that it can be reused
bv other files, and erase the directory entry.
  Protection: Access-control information determines who can do reading, writing,
executing, and so on.
 Truncating a file: The user may want to erase the contents of a file but keep its
attributes. Rather than forcing the user to delete the file and then recreate it, this function
allows all attributes to remain unchanged—except for file length—but lets the tile be
reset to length zero and its file space released.
In brief

File Types
File System Structure
A File Structure should be according to a required format that the operating system can
understand.
 A file has a certain defined structure according to its type.
 A text file is a sequence of characters organized into lines.
 A source file is a sequence of procedures and functions.
 An object file is a sequence of bytes organized into blocks that are understandable by
the machine.
 When operating system defines different file structures, it also contains the code to
support these file structure. Unix, MS-DOS support minimum number of file structure.
Files can be structured in several ways in which three common structures are given in this
tutorial with their short description one by one.

File Structure 1
 Here, as you can see from the figure 1, the file is an unstructured sequence of bytes.
 Therefore, the OS doesn't care about what is in the file, as all it sees are bytes.
File Structure 2
 Now, as you can see from the figure 2 that shows the second structure of a file, where
a file is a sequence of fixed-length records where each with some internal structure.
 Central to the idea about a file being a sequence of records is the idea that read
operation returns a record and write operation just appends a record.
File Structure 3
 Now in the last structure of a file that you can see in the figure 3, a file basically consists
of a tree of records, not necessarily all the same length, each containing a key field in a
fixed position in the record. The tree is stored on the field, just to allow the rapid
searching for a specific key.

Fig.1 Fig.2 Fig.3

6.2 File Access method
File access mechanism refers to the manner in which the records of a file may be accessed.
There are several ways to access files −
 Sequential access
  Direct/Random access
 Indexed sequential access
1. Sequential Access
 A sequential access is that in which the records are accessed in some sequence, i.e., the
information in the file is processed in order, one record after the other. This access
method is the most primitive one.
 The idea of Sequential access is based on the tape model which is a sequential access
device.
 The Sequential access method is best because most of the records in a file are to be
processed. For example, transaction files.
 Example: Compilers usually access files in this fashion.

In Brief:
 Data is accessed one record right after another is an order.
 Read command cause a pointer to be moved ahead by one.
 Write command allocate space for the record and move the pointer to the new End of
File.
 Such a method is reasonable for tape.
Advantages of sequential access
 It is simple to program and easy to design.
 Sequential file is best use if storage space.

Disadvantages of sequential access

 Sequential file is time consuming process.
 It has high data redundancy.
 Random searching is not possible.

2. Direct Access
 Sometimes it is not necessary to process every record in a file.
 It is not necessary to process all the records in the order in which they are present in the
memory. In all such cases, direct access is used.
 The disk is a direct access device which gives us the reliability to random access of any
file block.
 In the file, there is a collection of physical blocks and the records of that blocks.
 Example: Databases are often of this type since they allow query processing that
involves immediate access to large amounts of information. All reservation systems fall
into this category.
In brief:
 This method is useful for disks.
 The file is viewed as a numbered sequence of blocks or records.
 There are no restrictions on which blocks are read/written, it can be dobe in any order.
 User now says "read n" rather than "read next".
 "n" is a number relative to the beginning of file, not relative to an absolute physical
disk location.
Advantages:
 Direct access file helps in online transaction processing system (OLTP) like online
railway reservation system.
 In direct access file, sorting of the records are not required.
 It accesses the desired records immediately.
 It updates several files quickly.
 It has better control over record allocation.

Disadvantages:
 Direct access file does not provide backup facility.
 It is expensive.
 It has less storage space as compared to sequential file.

3. Indexed Sequential Access

 The index sequential access method is a modification of the direct access method.
 Basically, it is kind of combination of both the sequential access as well as direct access.
 The main idea of this method is to first access the file directly and then it accesses
sequentially.
 In this access method, it is necessary for maintaining an index.
 The index is nothing but a pointer to a block.
 The direct access of the index is made to access a record in a file.
 The information which is obtained from this access is used to access the file.
Sometimes the indexes are very big.
 So to maintain all these hierarchies of indexes are built in which one direct access of an
index leads to information of another index access.
 It is built on top of Sequential access.
 It uses an Index to control the pointer while accessing files.
Advantages:
 In indexed sequential access file, sequential file and random file access is possible.
 It accesses the records very fast if the index table is properly organized.
 The records can be inserted in the middle of the file.
 It provides quick access for sequential and direct processing.
 It reduces the degree of the sequential search.

Disadvantages:
 Indexed sequential access file requires unique keys and periodic reorganization.
 Indexed sequential access file takes longer time to search the index for the data access
or retrieval.
 It requires more storage space.
 It is expensive because it requires special software.
 It is less efficient in the use of storage space as compared to other file
organizations.

File System Commands

1. Files Listing
To perform Files listings or to list files and directories ls command is used

$ls

All your files and directories in the current directory would be listed and each type of file would
be displayed with a different color. Like in the output directories are displayed with dark blue
color.

$ls -l

It returns the detailed listing of the files and directories in the current directory. The command
gives os the owner of the file and even which file could be managed by which user or group
and which user/group has the right to access or execute which file.

2. Creating Files

touch command can be used to create a new file. It will create and open a new blank file if the
file with a filename does not exist. And in case the file already exists then the file will not be
affected.
$touch filename

3. Displaying File Contents

cat command can be used to display the contents of a file. This command will display the
contents of the ‘filename’ file. And if the output is very large then we could use more or less
to fit the output on the terminal screen otherwise the content of the whole file is displayed at
once.

$cat filename

4. Copying a File

cp command could be used to create the copy of a file. It will create the new file in destination
with the same name and content as that of the file ‘filename’.

$cp source/filename destination/

5. Moving a File

mv command could be used to move a file from source to destination. It will remove the file
filename from the source folder and would be creating a file with the same name and content
in the destination folder.

$mv source/filename destination/

6. Renaming a File

mv command could be used to rename a file. It will rename the filename to new_filename or
in other words, it will remove the filename file and would be creating a new file with the
new_filename with the same content and name as that of the filename file.

$mv filename new_filename

7. Deleting a File

rm command could be used to delete a file. It will remove the filename file from the directory.

$rm filename

cd

NAME cd – Change the local working directory

SYNTAX

cd file

ARGUMENTS
  file - [required] - A local directory to change to

NAME mkdir – Create a directory in local file system

SYNTAX

mkdir file

ARGUMENTS

 file - [required] - The directory path to create

NAME popd – Pop working directory

SYNTAX

popd
pushd

NAME pushd – Push a new local working directory

SYNTAX

pushd file

ARGUMENTS

 file - [required] - A local directory to push

 [required] - A local directory to push

pwd

NAME pwd – Print the local working directory

SYNTAX

pwd [options]

OPTIONS

 -s - [flag] - Use this flag to show the working directory stack

rm

NAME rm – Remove a file or directory

SYNTAX
rm [options] file

OPTIONS

 -r - [flag] - Recursive remove directories

ARGUMENTS

 file - [required] - The directory or file to delete

touch

NAME touch – Touch a file

SYNTAX

touch file

ARGUMENTS

 file - [required] - The file to touch

*********************************************************************

Networking Commands

Ip

The ip command is a unified networking tool for Linux systems. The ip command helps view
and configure routing, interfaces, network devices, and tunnels.

The command is part of the iproute2 package and replaces many older networking tools, such
as the route, ifconfig, and netstat commands.

Syntax

The syntax for the ip command is:

ip [options] object [command]

Each part of the command does the following:

 [options] are the command-line parameters that modify the command's behavior.
 object represents the available objects for configuration.
 [command] is a subcommand, an action performed on an object. The available
commands differ depending on the object.

Example
The ip command shows the help menu when used without any options, objects, or commands:

ip

Add the -V option to see the current version:

ip -V

The output prints the package and library version for the ip utility.

ip addr

The ip addr command manages and shows network interface IP addresses. The command
aliases are ip address or ip a.

Syntax

The syntax for the ip addr command is:

ip addr [subcommand]

The available subcommands on the object are:

 add - Adds a new address.

 show - Shows protocol addresses.
 del - Removes an address.
 flush - Flushes addresses based on specified criteria.

Every subcommand has additional options and keywords to perform specific tasks for the
network interface addresses.

Example

The ip addr command without any subcommands shows the network interface information,
including the associated IP addresses:
ip addr

The output for ip addr show is identical.

To show a specific network interface, use the ip addr show subcommand and add the interface
name. For example:

ip addr show [interface]

The command filters the ip addr output and shows only information relevant to the specified
interface.

ip link

The ip link command manages and shows network interface information. It allows viewing,
changing, enabling, and disabling network interfaces.

Syntax

The syntax for the command is:

ip link [subcommand] [options] [interfaces]

The subcommands enable the following actions:

 show - Prints network interface information.

 set - Changes or adds information to a network interface.
 add - Adds a new network interface.
 del - Deletes a network interface.

Subcommands have additional options and allow targeting specific interfaces.

Example
The ip link command without any additional subcommands and options shows all network
interface link information:

ip link

The ip link show command provides the same output.

To turn off an interface, use the following syntax as a superuser:

sudo ip link set [interface] down

The interface shows the state as DOWN after executing the command.

Similarly, to disable an interface, use the up keyword:

sudo ip link set [interface] up

The interface state changes to UP.

ip route

The ip route command shows and configures the IP routing table. The command allows users
to adjust the routing table and perform other crucial networking tasks with the routing table.

Syntax

The command follows a specific syntax, as shown below:

ip route [subcommand] [options] [destination]

The following actions are available as subcommands:

 show - Shows the routing table.

 add - Adds a new route to the table.
 del - Deletes a route from the table.
 change - Modifies an existing route.
The [destination] parameter determines where the network traffic is directed. Additional
options help control the traffic flow further.

Example

To view the routing table, run the following command:

ip route show

Each line in the output represents individual routes in the table.

Note: For additional options on managing network interfaces, read about ifdown command.

ifconfig

The ifconfig (interface configuration) command manages and shows network interface
information on a system. The command is part of the net-tools package.

Although the command has limited functions compared to the ip command, the ifconfig
command is still commonly used for configuring network interfaces.

Syntax

The syntax for the command is:

ifconfig [interface] [options]

The syntax breaks down into the following:

 [interface] - The network interface to configure or show information for. The parameter
is optional, and not specifying an interface shows the status of all active interfaces.
 [options] - Command-line options to perform specific actions or configure certain
parameters. The parameter is also optional.

Example

To display the summary of all active network interfaces, run:

ifconfig -s

The command prints a shortlist with crucial information about active interfaces.
Note: See our guide on using ifconfig on CentOS.

dig

The dig command queries Domain Name Systems (DNS) and finds information for DNS
records. The command collects domain name information and associated records.

Use dig to troubleshoot DNS issues and to verify DNS configuration on a Linux system. It is
suitable for creating scripts and automating tasks related to network troubleshooting. The
robust command is so prevalent in network troubleshooting that a Windows version of dig is
available.

Syntax

The dig command syntax is as follows:

dig [options] [domain] [record type] [DNS server]

The components of the command are:

 [options] - Parameters that modify the behavior of the command.

 [domain] - The domain name to query.
 [record type] - The DNS record type to query. Defaults to A records.
 [DNS server] - A specified DNS server for the query.

All parameters are optional. The command shows the default DNS resolver information and
query statistics without additional options.

Example

To perform a simple DNS lookup, run the command with a domain name:

dig google.com
Alternatively, provide the IP address and the -x option to perform a reverse DNS lookup. For
example:

dig -x 8.8.8.8

The ANSWER SECTION in the output shows the requested domain name.

Note: Excessive DNS lookups impact website performance. Reducing DNS lookups lowers
server load and network latency.

nslookup

The nslookup command is similar to the dig command. The main difference between the two
commands is that nslookup features an interactive mode. It enables diagnosing and querying
DNS servers, which is helpful for network troubleshooting and DNS tasks.

The command is available for most Unix-like and Windows operating systems.

Syntax

The general syntax for the nslookup command is:

nslookup [domain] [DNS server]

The command components are:

 [domain] - The domain name to look up. Not specifying a name enables querying
multiple domains in interactive mode.
 [DNS server] - The DNS server to use for the lookup. Defaults to the system DNS
server when left out.

The query performs A record domain lookups by default.

Example

The following example shows how to perform a DNS lookup for a domain:

nslookup google.com

The output shows the DNS resolution information for the provided domain.

netstat

The netstat command (network statistics) is a networking utility that shows various networking
statistics. The command provides statistics for network ports and shows port availability.

The command is part of the net-tools package and is considered obsolete. The recommended
replacement is the ss command, which is part of iproute2. Other functionalities of the netstat
command are available with the ip command.

Syntax

The syntax for the netstat command is simple:

netstat [options]

The command allows combining various options to customize the output and to show specific
network information types. The command lists open sockets for all configured address families
without any options.

Example

For example, to list all TCP ports with the netstat command, use the -at options:

netstat -at

The output shows all active TCP connections on the system.

traceroute
The traceroute command is a networking diagnostics tool available for Linux, macOS, and
Windows. The command tracks the route that packets take to reach a destination on a TCP/IP
network.

Use the command to discover routing issues and bottlenecks by showing a packet's
intermediate hops while traveling from source to destination.

The default trace is 30 hops with a packet size of 60 bytes for IPv4 (80 bytes for IPv6).

Note: See our head-to-head comparison of IPv4 vs. IPv6.

Syntax

The syntax for the traceroute command is:

traceroute [options] [hostname/IP]

The [hostname/IP] parameter is required, while additional options control whether to perform
DNS lookups, the TTL parameter, and the packet type.

Example

To trace a packet route using the TCP protocol, run the traceroute command as an
administrator with the -T option. For example:

sudo traceroute -T 184.95.56.34

The output shows the sequential route from source to destination.

tracepath

The tracepath command is similar to the traceroute command. The command identifies paths
and latencies from source to destination, mapping the router and network hops.

Although traceroute is a well-known command with comprehensive options, the tracepath

command is a simple network mapping tool available on most Linux systems. For more details,
see the comparison between tracepath and traceroute.

Syntax

The syntax for the tracepath command is:

tracepath [options] [hostname/IP]

The additional [options] control the query behavior, such as the number of hops and whether
to perform a reverse DNS lookup for the addresses. The [hostname/IP] field is required and
represents the destination.

Example

Run the tracepath command without any options to perform a simple trace from destination
to host:

tracepath [hostname/IP]

The output shows the hop number, IP address or resolved hostname, and the round-trip time
(RTT) for each hop.

host

The host command is a simple tool for performing DNS lookups. The command resolves IP
addresses into domain names and vice versa.

Use the command to perform a query for DNS records and basic DNS troubleshooting.

Syntax

The syntax for the host command is:

host [options] [hostname/IP]

The various [options] control the command's behavior, such as the query type or the start of
authority (SOA) for the provided domain.

Example
To perform a simple DNS lookup, use the host command and provide a hostname or IP address.
For example:

host google.com

The output shows the resolved IPv4 and IPv6 addresses for the provided hostname.

hostname

The hostname command helps display and change a system's hostname and domain and
identifies devices within a network environment.

Use the command to display, change, or search for hostnames.

Syntax

The syntax for the hostname command is:

hostname [options] [name]

The [options] parameter control what the command displays, while the [name] parameter
temporarily sets the hostname to the provided name.

Example

To temporarily change the system hostname, run the command without any options and provide
a name:

sudo hostname [name]

The command does not produce an output. Check the current hostname by running:

hostname

The current hostname prints to the screen.

Note: To permanently change the hostname, follow one of our distribution-specific guidelines:

ping
The ping command is a network utility for testing whether a host is reachable. The command
sends ICMP requests to a host (a computer or server) and measures the round-trip time (RTT).

Pinging helps determine the network latency between two nodes and whether a network is
reachable.

Syntax

The syntax for the ping command is:

ping [options] [hostname/IP]

State the [hostname/IP] of the host to ping. Add options to control the command's behavior,
such as the ping request number, intervals, or packet size.

Example

An example ping command request looks like the following:

ping -c 5 google.com

The command sends five ICMP packets to the provided host and prints the statistics.

ss

The ss command is a CLI tool for displaying network statistics. The tool is part of the iproute2
package and is a faster alternative to the netstat command.

Use the ss command to examine network sockets and view various network-related data.

Syntax

The basic syntax for the command is:

ss [options] [filter]

The [options] parameter allows filtering sockets by protocol, while the [filter] parameter helps
queue sockets by state to narrow down the result view.

Example
For example, to show all listening TCP sockets using the ss command, add the -lt options:

ss -lt

The output shows all TCP sockets in the LISTEN state waiting for incoming connections.

route

The route command in Linux is a specialized command for displaying and configuring the
routing table. The command modifies the kernel's IP routing tables and helps set up static routes
to specific hosts or networks.

Use the command after configuring a network interface with a tool such as the ifconfig
command.

Note: The preferable alternative to the route command is the ip route command.

Syntax

The syntax for the route command is:

route [options] [subcommand] [arguments]

It contains the following components:

 [options] - Optional command-line parameters that control the output view, address
family, and IP protocol.
 [subcommand] - An action to perform, such as add or delete.
 [arguments] - Additional arguments that differ depending on the subcommand.

Example

To view the current routing table, use the route command without any options:

route

Use the following format to add a default gateway:

sudo route add default gw [gateway]

The command adds a default route, which is used when no other routes match. The provided
gateway must be a directly reachable route.

arp

The arp command shows and configures the Address Resolution Protocol (ARP) cache. The
ARP protocol maps IP addresses to physical Media Access Control (MAC) addresses in a local
network. The cache stores these mappings for all devices on the local network.

Syntax

The syntax for the arp command is in the following format:

arp [options] [hostname/IP]

 The [options] parameter modifies the command's behavior, such as setting up and
deleting actions, or controlling the output.

 The [hostname/IP] parameter is an optional identifier for a remote system for which to
resolve a MAC address. If unprovided, the command checks the local ARP cache.

Example

To display the ARP cache, run the arp command without any additional parameters:

arp

The output shows the ARP cache (IP and MAC addresses) in a table.

iwconfig

The iwconfig command shows and configures wireless network interface information. The
command comes in handy for troubleshooting wireless network issues.

Use the command to view or change a wireless network's name, power management settings,
and other wireless configurations.

Syntax
The syntax for the iwconfig command is:

iwconfig [interface] [options]

The [interface] parameter filters the wireless network interface by name, whereas the [options]
parameter controls various settings, such as the operation mode, rate limits, and the wireless
encryption key.

Example

To view the available wireless interfaces on the system and the current setup, run the command
without any parameters:

iwconfig

The command shows all information on wireless interfaces on the system.

curl or wget

The wget and curl commands are command-line tools for downloading files from the internet.
The two tools are similar, but there are slight differences in how they work and the options they
offer:

 The wget command downloads files from the web using HTTP, HTTPS, or FTP
protocols. The tool is simple to use for file downloads.
 The curl command is versatile and supports various network protocols, such as SCP,
IMAP POP3, SMTP, etc. The tool also sends HTTP requests and interacts with web
services.

Use curl or wget to test network download speeds.

Syntax

The syntaxes for the wget and curl commands are similar:

wget [options] [URL]

curl [options] [URL]

The [options] parameter controls the various download and output options, while the [URL]
parameter is a file's download URL. The curl command features many advanced options and
usage patterns compared to the wget command.

Example

To download a file using the wget command, use the following format:
wget -O [file name] [URL]

Alternatively, to use curl to achieve the same task, run:

curl -o [file name] [URL]

The file downloads from the specified URL and saves the contents to the provided file name.

mtr

The mtr command (my traceroute) is a diagnostics tool that combines elements from the ping
and traceroute commands. The command sends real-time insights into network quality,
making it an excellent tool for troubleshooting high latency and packet loss.

Syntax

The syntax for the mtr command is:

mtr [options] [hostname/IP]

The [options] parameter controls the packet number and size, while the [hostname/IP]
parameter contains the destination.

Example

The mtr command, without any parameters, starts a trace session to the provided host. For
example:

mtr google.com

To exit the window, press q.

whois

The whois command queries information about domain names, IP addresses, and other
network-related information. Use the command to fetch domain ownership details, such as the
domain's ownership details, registration date, and expiration date.
Syntax

The syntax for the whois command is:

whois [options] [query]

 The [options] parameter allows setting a specific WHOIS server to query, changing the
protocol, and adding additional query parameters.
 The [query] parameter is the domain name, IP address, or Autonomous System
Number (ASN) to look up.

Example

Run the command without any options to perform a simple query for a given domain name.
For example:

whois google.com

The output shows the results of the basic WHOIS lookup for the provided domain name.

iftop

The iftop command is a network monitoring utility. Use the command to view network
connections and bandwidth usage in real time.

Syntax

The syntax for the iftop command is:

iftop [options]
The [options] parameter controls the display information. The command also requires
sufficient privileges to monitor all traffic on the network interface.

Example

The primary usage of iftop is without any additional options:

sudo iftop

The command opens a new monitoring screen, which changes as data transfers via the network
interface.

The interface allows controlling the display from the monitoring screen, such as toggling the
source (s) or destination (d) views. To exit the screen, press q.

tcpdump

The tcpdump command is a packet sniffer and network security tool that captures real-time
network packet information. Use the command to analyze traffic, troubleshoot issues, and
monitor network security.

Syntax

The syntax for the tcpdump command is:

tcpdump [options] [filter]

The [options] parameter handles various display options, controls the packet number, and
enables working with files. Use the [filter] parameter to enter the criteria for packet capturing.

Example

To capture packets on a specific port, use the following format:

sudo tcpdump port 80

The filter port 80 captures packets on the specified port to monitor HTTP traffic.

ifplugstatus

The ifplugstatus command is a simple utility to check the network interface status. The
command helps determine whether an ethernet cable is connected to an interface.

Use ifplugstatus to check a network's physical link, especially after changes to the network
interface.

Syntax

The syntax for the ifplugstatus command is:

ifplugstatus [options] [interface]

The [options] parameter allows setting a specific configuration file or running in batch mode
for scripting. State the [interface] parameter to check the status of the specified interface.

Example

To list the statu

If the output states link beat detected, the interface has an active physical link.

***************************************************************
Diagnostic /Monitor Performance

Being a System or Network administrator tasked with monitoring and debugging Linux system
performance problems on a daily basis is an immensely challenging responsibility.
It demands unwavering dedication, a profound understanding of Linux systems, and a constant
commitment to ensuring optimal performance and reliability.

After dedicating a decade to working as a Linux Administrator in the IT industry, I have come
to truly appreciate the arduous task of monitoring and ensuring the continuous operation of
systems.

In light of this, we have curated a comprehensive list of the Top 20 frequently used command-
line monitoring tools. These invaluable tools can prove indispensable for every Linux/Unix
System Administrator, empowering them to efficiently monitor, diagnose, and maintain the
health and performance of their systems.

These monitoring tools are available under all flavors of Linux and can be useful to monitor
and find the actual causes of performance problems. This list of commands shown here is very
enough for you to pick the one that is suitable for your monitoring scenario.

1. Top – Linux Process Monitoring

Linux top command is a performance monitoring program that is used frequently by many
system administrators to monitor Linux performance and it is available under
many Linux/Unix-like operating systems.

The top command is used to display all the running and active real-time processes in an ordered
list and updates it regularly. It displays CPU usage, Memory usage, Swap Memory, Cache
Size, Buffer Size, Process PID, User, Commands, and much more.

It also shows high memory and cpu utilization of running processes. The top command is much
useful for system administrators to monitor and take corrective action when required. Let’s see
the top command in action.

# top
Check Linux Running Processes
[ For more usage, read: 16 Top Command Examples in Linux [Monitor Linux Processes] ]
2. VmStat – Virtual Memory Statistics

Linux VmStat command is used to display statistics of virtual memory, kernel

threads, disks, system processes, I/O blocks, interrupts, CPU activity, and much more.

Install VmStat on Linux

By default vmstat command is not available under Linux systems you need to install a package
called sysstat (a powerful monitoring tool) that includes a vmstat program.

$ sudo yum install sysstat [On Older CentOS/RHEL & Fedora]

$ sudo dnf install sysstat [On CentOS/RHEL/Fedora/Rocky Linux & AlmaLinux]

$ sudo apt-get install sysstat [On Debian/Ubuntu & Mint]

$ sudo pacman -S sysstat [On Arch Linux]

The common usage of the vmstat command format is.

# vmstat

procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----

r b swpd free buff cache si so bi bo in cs us sy id wa st

1 0 43008 275212 1152 561208 4 16 100 105 65 113 0 1 96 3 0

Vmstat System Monitoring Tool

[ For more usage, read: 16 Top Command Examples in Linux [Monitor Linux Processes] ]
3. Lsof – List Open Files

The lsof command is used in many Linux/Unix-like systems to display a list of all the open
files and processes. The open files included are disk files, network
sockets, pipes, devices, and processes.

One of the main reasons for using this command is when a disk cannot be unmounted and
displays the error that files are being used or opened. With this command, you can easily
identify which files are in use.

The most common format for lsof command is.

# lsof

COMMAND PID TID TASKCMD USER FD TYPE DEVICE SIZE/OFF

NODE NAME
systemd 1 root cwd DIR 8,2 224 128 /

systemd 1 root rtd DIR 8,2 224 128 /

systemd 1 root txt REG 8,2 1567768 134930842

/usr/lib/systemd/systemd

systemd 1 root mem REG 8,2 2714928 134261052

/usr/lib64/libm-2.28.so

systemd 1 root mem REG 8,2 628592 134910905

/usr/lib64/libudev.so.1.6.11

systemd 1 root mem REG 8,2 969832 134261204

/usr/lib64/libsepol.so.1

systemd 1 root mem REG 8,2 1805368 134275205

/usr/lib64/libunistring.so.2.1.0

systemd 1 root mem REG 8,2 355456 134275293

/usr/lib64/libpcap.so.1.9.0

systemd 1 root mem REG 8,2 145984 134261219

/usr/lib64/libgpg-error.so.0.24.2

systemd 1 root mem REG 8,2 71528 134270542

/usr/lib64/libjson-c.so.4.0.0

systemd 1 root mem REG 8,2 371736 134910992

/usr/lib64/libdevmapper.so.1.02

systemd 1 root mem REG 8,2 26704 134275177

/usr/lib64/libattr.so.1.1.2448

systemd 1 root mem REG 8,2 3058736 134919279

/usr/lib64/libcrypto.so.1.1.1c

...
4. Tcpdump – Network Packet Analyzer

The tcpdump command is one of the most widely used command-line network packet
analyzer or packet sniffer programs that is used to capture or filter TCP/IP packets that are
received or transferred on a specific interface over a network.

It also provides an option to save captured packages in a file for later analysis. tcpdump is
almost available in all major Linux distributions.

# tcpdump -i enp0s3

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes

10:19:34.635893 IP tecmint.ssh > 192.168.0.124.45611: Flags [P.], seq

2840044824:2840045032, ack 4007244093

10:19:34.636289 IP 192.168.0.124.45611 > tecmint.ssh: Flags [.], ack 208, win 11768, options

10:19:34.873060 IP _gateway.57682 > tecmint.netbios-ns: NBT UDP PACKET(137):

QUERY; REQUEST; UNICAST

10:19:34.873104 IP tecmint > _gateway: ICMP tecmint udp port netbios-ns unreachable,
length 86
10:19:34.895453 IP _gateway.48953 > tecmint.netbios-ns: NBT UDP PACKET(137):
QUERY; REQUEST; UNICAST

10:19:34.895501 IP tecmint > _gateway: ICMP tecmint udp port netbios-ns unreachable,
length 86

10:19:34.992693 IP 142.250.4.189.https > 192.168.0.124.38874: UDP, length 45

10:19:35.010127 IP 192.168.0.124.38874 > 142.250.4.189.https: UDP, length 33

10:19:35.135578 IP _gateway.39383 > 192.168.0.124.netbios-ns: NBT UDP PACKET(137):

QUERY; REQUEST; UNICAST

10:19:35.135586 IP 192.168.0.124 > _gateway: ICMP 192.168.0.124 udp port netbios-ns

unreachable, length 86

10:19:35.155827 IP _gateway.57429 > 192.168.0.124.netbios-ns: NBT UDP PACKET(137):

QUERY; REQUEST; UNICAST

10:19:35.155835 IP 192.168.0.124 > _gateway: ICMP 192.168.0.124 udp port netbios-ns

unreachable, length 86

...

5. Netstat – Network Statistics

The netstat is a command-line tool for monitoring incoming and outgoing network packet
statistics as well as interface statistics. It is a very useful tool for every system administrator to
monitor network performance and troubleshoot network-related problems.

# netstat -a | more

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN

tcp 0 0 tecmint:domain 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN

tcp 0 0 localhost:postgres 0.0.0.0:* LISTEN

tcp 0 0 tecmint:ssh 192.168.0.124:45611 ESTABLISHED

tcp6 0 0 [::]:sunrpc [::]:* LISTEN

tcp6 0 0 [::]:ssh [::]:* LISTEN

tcp6 0 0 localhost:postgres [::]:* LISTEN

udp 0 0 0.0.0.0:mdns 0.0.0.0:*

udp 0 0 localhost:323 0.0.0.0:*

udp 0 0 tecmint:domain 0.0.0.0:*

udp 0 0 0.0.0.0:bootps 0.0.0.0:*

udp 0 0 tecmint:bootpc _gateway:bootps ESTABLISHED

...

Netstat – Monitor Linux Network Connections

[ For more usage, read: 20 Netstat Commands for Linux Network Management ]
While in present-day netstat has been deprecated in favor of the ss command, you may still
discover netstat in your networking toolkit.

6. Htop – Linux Process Monitoring

htop is a much advanced interactive and real-time Linux process monitoring tool, which is
much similar to Linux top command but it has some rich features like a user-friendly
interface to manage processes, shortcut keys, vertical and horizontal views of the
processes, and much more.

# htop
Htop – Linux System Process Viewer
htop is a third-party tool, which doesn’t come with Linux systems, you need to install it using
your system package manager tool.

For more information on htop installation read our article – Install Htop (Linux Process
Monitoring) in Linux.

7. Iotop – Monitor Linux Disk I/O

iotop is also much similar to the top command and htop program, but it has an accounting
function to monitor and display real-time Disk I/O and processes.

iotop tool is much useful for finding the exact process and highly used disk read/writes of the
processes.

Install Iotop on Linux

By default, the iotop command is not available under Linux and you need to install it as shown.

$ sudo yum install iotop [On Older CentOS/RHEL & Fedora]

$ sudo dnf install iotop [On CentOS/RHEL/Fedora/Rocky Linux & AlmaLinux]

$ sudo apt-get install iotop [On Debian/Ubuntu & Mint]

$ sudo pacman -S iotop [On Arch Linux]

The common usage of the iotop command format is.

# iotop
iotop – Monitor Linux Disk IO Usage
[ For more usage, read: Iotop – Monitor Linux Disk I/O Activity and Usage Per-Process
Basis ]
8. Iostat – Input/Output Statistics

iostat is a simple tool that will collect and show system input and output storage device
statistics. This tool is often used to trace storage device performance issues
including devices, local disks, and remote disks such as NFS.

Install Iostat on Linux

To get the iostat command, you need to install a package called sysstat as shown.

$ sudo yum install sysstat [On Older CentOS/RHEL & Fedora]

$ sudo dnf install sysstat [On CentOS/RHEL/Fedora/Rocky Linux & AlmaLinux]

$ sudo apt-get install sysstat [On Debian/Ubuntu & Mint]

$ sudo pacman -S sysstat [On Arch Linux]

The common usage of the iostat command format is.

# iostat

Linux 4.18.0-193.el8.x86_64 (tecmint) 04/05/2021 _x86_64_ (1 CPU)

avg-cpu: %user %nice %system %iowait %steal %idle

0.21 0.03 0.59 2.50 0.00 96.67

Device tps kB_read/s kB_wrtn/s kB_read kB_wrtn

sda 3.95 83.35 89.63 1782431 1916653

iostat – Monitor Disk IO Statistics

[ For more usage, read: Linux Performance Monitoring with Iostat Commands ]
9. IPTraf – Real-Time IP LAN Monitoring

IPTraf is an open-source console-based real-time network (IP LAN) monitoring utility

for Linux. It collects a variety of information such as IP traffic monitor that passes over the
network, including TCP flag information, ICMP details, TCP/UDP traffic breakdowns, TCP
connection packets, and byte counts.

It also gathers information on general and detailed interface statistics of TCP, UDP, IP, ICMP,
non-IP, IP checksum errors, interface activity, etc.
IPTraf IP Network Monitor
[ For more usage, read: IPTraf-ng – A Console-Based Network Monitoring Tool ]
10. Psacct or Acct – Monitor User Activity

psacct or acct tools are very useful for monitoring each user’s activity on the system. Both
daemons run in the background and keep a close watch on the overall activity of each user on
the system and also what resources are being consumed by them.

These tools are very useful for system administrators to track each user’s activity like what
they are doing, what commands they issued, how many resources are used by them, how long
they are active on the system etc.
psacct – Monitor Linux User Activities
[ For more usage, read: How to Monitor Linux Users Activity with psacct or acct Tools ]
11. Monit – Linux Process and Services Monitoring

Monit is a free open-source and web-based process supervision utility that automatically
monitors and manages system processes, programs, files, directories, permissions, checksums,
and filesystems.

It monitors services like Apache, MySQL, Mail, FTP, ProFTP, Nginx, SSH, and so on. The
system status can be viewed from the command line or using its own web interface.
Monit Monitor Linux System
For installation and configuration, read our article – How to Install and Setup Monit (Linux
Process and Services Monitoring) Program.

12. NetHogs – Monitor Per Process Network Bandwidth

NetHogs is an open-source nice small program (similar to Linux top command) that keeps a
tab on each process network activity on your system. It also keeps track of real-time network
traffic bandwidth used by each program or application.

# nethogs

Nethogs Monitor Network Traffic in Linux

For installation and usage, read our article: Monitor Linux Network Bandwidth Using NetHogs

13. iftop – Network Bandwidth Monitoring

iftop is another terminal-based free open source system monitoring utility that displays a
frequently updated list of network bandwidth utilization (source and destination hosts) that
passes through the network interface on your system.

iftop is analogous to ‘top‘ in the context of network usage, much like how ‘top‘ provides
insights into CPU usage.

iftop belongs to the esteemed ‘top’ family of network monitoring tools. Specifically designed
to observe a user-selected network interface, it renders real-time data on the current bandwidth
utilization between two specified hosts.

# iftop

iftop – Network Bandwidth Monitoring

For installation and usage, read our article: iftop – Monitor Network Bandwidth Utilization

14. Monitorix – System and Network Monitoring

Monitorix is a free lightweight utility that is designed to run and monitor system and network
resources as many as possible in Linux/Unix servers.

It has a built-in HTTP web server that regularly collects system and network information and
displays them in graphs. It Monitors system load average and usage, memory allocation, disk
driver health, system services, network ports, mail statistics (Sendmail, Postfix, Dovecot,
etc), MySQL statistics, and many more.

It is designed to monitor overall system performance and helps in detecting failures,

bottlenecks, abnormal activities, etc.

Monitorix Monitoring
15. Arpwatch – Ethernet Activity Monitor

Arpwatch is a kind of program that is designed to monitor the Address Resolution of

(MAC and IP address changes) of Ethernet network traffic on a Linux network.

It continuously keeps watch on Ethernet traffic and produces a log of IP and MAC address
pair changes along with a timestamp on a network. It also has a feature to send email alerts to
administrators, when a pairing is added or changes. It is very useful in detecting ARP spoofing
on a network.

Arpwatch – Monitor ARP Traffic

16. Suricata – Network Security Monitoring

Suricata is a high-performance open-source Network Security and Intrusion

Detection and Prevention Monitoring System for Linux, FreeBSD, and Windows.

It was designed and owned by a non-profit foundation OISF (Open Information Security
Foundation).

17. VnStat PHP – Monitoring Network Bandwidth

VnStat PHP is a web-based frontend application for the most popular networking tool called
“vnstat“. VnStat PHP monitors network traffic usage in nicely graphical mode.

It displays the total IN and OUT network traffic usage in hourly, daily, monthly, and full
summary reports.

18. Nagios – Network/Server Monitoring

Nagios is a leading open-source powerful monitoring system that enables network/system

administrators to identify and resolve server-related problems before they affect major business
processes.

With the Nagios system, administrators can able to monitor remote Linux, Windows, Switches,
Routers, and Printers on a single window. It shows critical warnings and indicates if something
went wrong in your network/server which indirectly helps you to begin remediation processes
before they occur.
19. Nmon: Monitor Linux Performance

Nmon (stands for Nigel’s Performance Monitor) tool, which is used to monitor all Linux
resources such as CPU, Memory, Disk Usage, Network, Top processes, NFS, Kernel, and much
more. This tool comes in two modes: Online Mode and Capture Mode.

The Online Mode is used for real-time monitoring and Capture Mode is used to store the output
in CSV format for later processing.

Nmon – Linux Performance Monitoring tool

For installation and usage, read our article: Install Nmon (Performance Monitoring) Tool in
Linux

20. Collectl: All-in-One Performance Monitoring Tool

Collectl is yet another powerful and feature-rich command-line-based utility, that can be used
to gather information about Linux system resources such as CPU usage, memory, network,
inodes, processes, nfs, TCP, sockets, and much more.
********************************************************************