j

Network System Design Assgnment 3

Name
T.M.G Buddhika K.E.H Peiris P.A .D.K Ponnamperuma

SLIIT ID
DCN/09/C4-0780 DIT/07C1-0040 DCN/09/C3-0611

CURTIN ID 15649142 14250860 15647272

Windows Performance Monitor (PerfMon) has been around for several generations of Windows and allows you to monitor, either over time or in real-time, the performance statistics of a Windows server. Performance Monitor can capture a plethora of information on a Windows Server and is useful in diagnosing performance problems. However, to meaningfully analyze the PerfMon data captured when troubleshooting performance issues, it is critical that you have a baseline of normal system performance for comparison. This article focuses on using PerfMon to create a performance baseline on a Windows Terminal Server, but the following information also applies to baselining any Windows-based server. Using Performance Monitor, performance data can be captured in a variety of granularity, from total processor utilization on a server down to the processor time used by an individual Windows process. However, to understand how to obtain the information you want, it is important to understand the three fundamental levels of monitoring criteria. These three levels are detailed below: Objects: Objects are the top-most criteria for monitoring a set of attributes on the server. Typical objects include Memory, Network, Paging File, Processor, etc. Counters: Counters are a subset of an object. For any given object, you will have multiple counters. For example, the Processor object has various counters to choose from: % processor time, % privileged time, % user time, interrupts/second, etc. Instances: Each counter can have one or more instances. Using the example above of the processor object, % processor time would have two instances in a dual-processor system one for each processor (0 and 1). You have the ability to monitor only one instance of a given counter if you wish. Another way to look at this relationship is as follows (figure 1):

Figure 1 You can select the object itself, which includes all counters and all instances of each counter, a specific counter for an object, which includes all instances for that counter, or you can select only to view/track a specific instance of a given counter (for example, instance 0 of the % Processor Time counter of the Processor object). Using Performance Monitor

The default screen shows current activity on the system, measuring pages/sec, average disk queue length and processor utilization. 1. To baseline a system, select Counter Logs under Performance Logs and Alerts. By default, there is a basic counter log that measures the same three counters as listed above. Although you cant delete the sample, you can create your own custom counter log. 2. Right click on Counter Logs and select New Log Settings The New Log Settings screen comes up and prompts you to name the job. As a good rule of thumb, it is best to make the job name as descriptive as possible to make future references easier. Include things like the server name and the date that the baseline is being taken. Enter the job name and click OK. 3. Now its time to set up the counters. You will notice that there are two buttons available Add Objects and Add Counters. Most of the time, you will find that adding entire objects will result in too much data being collected. For a proper baseline, you only need to capture the basic information about the performance of a server. Granular items (such as Processor\Pool Paged Bytes) will have no bearing on the baseline, so its overkill. Also, with each additional counter added, the server has to use resources to track that performance data. Adding too many counters by selecting entire objects can easily put undue strain on a server and skew your baseline results. Therefore, its best to only add the counters you wish to track. Clicking Add Counters button will bring up the following screen (figure 2)

Figure 2 By selecting a performance object from the drop-down list, you can drill down to specific counters and instances of that object. Below is a list of object counters that make up a good, well-rounded baseline. You should include all instances of each counter except for the Network counters; they should only monitor the instances for the NICs that will be included in the baseline (if appropriate). The details on what each counter gathers will be discussed in part 2 of this article. Memory

Pages/Sec

Take care to distinguish between these two paging counters: 1) Pages /sec (Hard page faults) 2) Page Faults /sec counter is likely to be at least twice the value of the above. Two problems with monitoring in general, firstly no counter should be taken in isolation, secondly spikes should be ignored, or at least played down. The less paging the better your server's performance. Most authorities agree that Memory: Pages / sec is a key memory counter. This counter measures 'hard' page faults, in other words 4

the page in nowhere in memory, so the VMM (Virtual Memory Manager) has to fetch the data from the pagefile on the disk; in computing terms that takes an age. I am reluctant to disagree with other authorities, but from my experience, I would put the threshold as high as 20 pages /sec, before blaming paging as the bottleneck. Moreover, I would not trust pages /sec as an indicator of a bottleneck without confirmation from low Available bytes. (see above) In truth, if you put 5 experts in the same room, they could all spot a memory bottleneck, but when they wrote up their notes, they would use different time slices and different thresholds, consequently, it would seem that there was a conflict where none actually existed.

Available Mbytes Committed Bytes

If the value for committed bytes is greater than physical memory, then more RAM would help.

Page Faults/Sec

Page faults / sec is the sum of hard and soft page faults. Soft page faults are where the data is found elsewhere in RAM. For example, Word has opened the spellchecker, and now Outlook wishes to use it, there is no need for another call to the disk as the spellchecker is already in memory.

Network Interface

Bytes Total/Sec Packets/Sec

Paging File

% Usage

Physical Disk

% Disk Time Avg Disk Bytes/Transfer Avg Disk Queue Length Avg Disk Sec/Transfer Disk Transfers/Sec 5

Processor

% Processor Time

This counter provides a measure of how much time the processor actually spends working on productive threads and how often it was busy servicing requests. This counter actually provides a measurement of how often the system is doing nothing subtracted from 100%. This is a simpler calculation for the processor to make. The processor can never be sitting idle waiting to the next task, unlike our cashier. The CPU must always have something to do. It's like when you turn on the computer, the CPU is a piece of wire that electric current is always running through, thus it must always be doing something. NT give the CPU something to do when there is nothing else waiting in the queue. This is called the idle thread. The system can easily measure how often the idle thread is running as opposed to having to tally the run time of each of the other process threads. Then , the counter simply subtracts the percentage from 100%.

% Privilege Time

This is the total privledge time for all processors on the system collectively. See Processor : % Privledge Time for more details.

% User Time

The value of this counter helps to determine the kind of processing that is affecting the system. Of course the resulting value is the total amount of non-idle time that was spent on User mode operations. This generally means application code.

Interrupts/Sec

The numbers of interrupts the processor was asked to respond to. Interrupts are generated from hardware components like hard disk controller adapters and network interface cards. A sustained value over 1000 is usually an indication of a problem. Problems would include a poorly configured drivers, errors in drivers, excessive utilization of a device (like a NIC on an IIS server), or hardware failure. Compare this value with the System : Systems Calls/sec. If the Interrupts/sec is much larger over a sustained period, you probably have a hardware issue. System

Context Switches/Sec Processes Processor Queue Length

The following counters are for Terminal Servers specifically, and will aid in translating the output into meaningful information: Terminal Services

Active Sessions Total Sessions

Terminal Services Session

% Processor Time Page Faults/Sec

4. Once you have added any appropriate counters, you can select the sample interval. The default setting of 15 seconds is usually sufficient, but if the server is utilized rather heavily, then set the sampling interval to 30 seconds or more to cut down on the impact that performance monitor may have on normal running conditions. To set the interval, on the General Tab (figure 3), set the Sample data every: parameter to the desired setting, and the corresponding Units (in seconds, by default).

Figure 3 5. On the Log Files tab (figure 4), you can change the type of log file and where they are stored.

Figure 4 Typically, a binary log file is sufficient if you will be reviewing the data in PerfMon (typical). However you have the option of using a delimited text file (however, delimited files cannot be read by PerfMon) or even streaming the data to an SQL database. For the purposes of this article, we will stick to a binary file. Clicking on the Configure button will allow you to set both the file name prefix (which defaults to the job name) and the location of the files. You can also set a maximum size for your log files to prevent them from growing too large. The default of Maximum limit will allow the log file to continue to grow until it consumes all space on the drive, so it might be a good idea to set a maximum file size to prevent this if drive space is short or you will not be setting an end time/date for the job on the Schedule tab. Once the log file reaches the specified size, PerfMon will stop logging information. Another option, however, is to use a Binary Circular File for the log file. Once the log file grows to the size specified, PerfMon will begin flushing the oldest information in the log file to make room for the new data. This will ensure you always have the latest performance statistics when you stop the log, and the log file will never grow beyond the specified size. 6. Finally, the Schedule tab (figure 5) allows you to decide whether the PerfMon job will start and stop at specified times or will require manual intervention. For baselining, you would typically set a start and stop time/date. It is always good to set a stop time if you dont set a maximum log file size. This will prevent the logs from accidentally filling the drive if you forget to turn off PerfMon. In this example below, Perfmon is set to log data for seven days. 9

Figure 5 7. All that is left is to start collecting data. To manually start the job, right click the job name in the Counter Logs screen and select Start. Otherwise, the job will start automatically when the scheduled time arrives. Note: No one needs to be logged on to the server for data collection. PerfMon will automatically start and stop jobs without a user being logged on. Once the job is started, its icon will turn green in the Counter Logs screen. You can also view the log file location in Windows Explorer to see the actual log files as they grow in size. With the job now running, the PerfMon is collecting data. The best way to get the most reliable data is to run the server in production as usual. The idea is to allow Performance Monitor to capture performance statistics as the server is under normal use. This will provide a good baseline for future comparison. Part 2 of this article will go into depth on how to interpret the data gathered and how to effectively use a baseline to troubleshoot future issue.

Netstat

10

Netstat is a useful tool for checking network and Internet connections. Some useful applications for the average PC user are considered, including checking for malware connections.

Syntax and switches

The command syntax is netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [t] [-v] [interval]

A brief description of the switches is given in Table I below. Some

switches are only in certain Windows versions, as noted in the table..Note that switches for Netstat use the dash symbol "-" rather than the slash "/". Table I. Switches for Netstat command Switch -a Description Displays all connections and listening ports Displays the executable involved in creating each connection or listening port. (Added in XP SP2.) Displays Ethernet statistics Displays Fully Qualified Domain Names for foreign addresses. (In Windows Vista/7 only) Displays addresses and port numbers in numerical form Displays the owning process ID associated with each connection Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. Displays the routing table Displays per-protocol statistics

-b

-e

-f

-n -o

-p proto

-r -s

11

-t

Displays the current connection offload state, (Windows Vista/7) When used in conjunction with -b, will display sequence of components

-v

involved in creating the connection or listening port for all executables. (Windows XP SP2, SP3) An integer used to display results multiple times with specified number of

[interval]

seconds between displays. Continues until stopped by command ctrl+c. Default setting is to display once,

Applications of Netstat
Netstat is one of a number of command-line tools available to check the functioning of a network. (See this page for discussion of other tools.) It provides a way to check if various aspects of TCP/IP are working and what connections are present. In Windows XP SP2, a new switch "-B" was added that allows the actual executable file that has opened a connection to be displayed. This newer capability provides a chance to catch malware that may be phoning home or using your computer in unwanted ways on the Internet. There are various ways that a system administrator might use the assortment of switches but I will give two examples that might be useful to home PC users.

Checking TCP/IP connections

TCP and UDP connections and their IP and port addresses can be seen by entering a command combining two switches: netstat -an An example of the output that is obtained is shown in Figure 1. Figure 1. Example output for command "netstat -an"

12

The information that is displayed includes the protocol, the local address, the remote (foreign) address, and the connection state. Note that the various IP addresses include port information as well. An explanation of the different connection states is given in Table II> Table II. Description of various connection states State Description Indicates that the server has received an ACK signal from the client and the connection is closed Indicates that the server has received the first FIN signal from the client and the connection is in the process of being closed Indicates that the server received the SYN signal from the client and the session is established Indicates that the connection is still active but not currently being used Indicates that the client just received acknowledgment of the first FIN signal from the server

CLOSED

CLOSE_WAIT

ESTABLISHED

FIN_WAIT_1

FIN_WAIT_2

13

LAST_ACK LISTENING SYN_RECEIVED SYN_SEND

Indicates that the server is in the process of sending its own FIN signal Indicates that the server is ready to accept a connection Indicates that the server just received a SYN signal from the client Indicates that this particular connection is open and active Indicates that the client recognizes the connection as still active but not currently being used

TIME_WAIT

Checking for malware by looking at which programs initiate connections

To find out which programs are making connections with the outside world, we can use the command netstat -b (Note that for Windows Vista/7, this particular switch requires that the command prompt have elevated privileges.) Actually, it is better to check over a period of time and we can add a number that sets the command to run at fixed intervals. Also, it is best to create a written record of the connections that are made over some period of time. The command can then be written netstat -b 5 >> C:\connections.txt Note that as written, this command will run with five-second intervals until stopped by entering "Ctrl+c", which is a general command to exit. (Some reports say that this can be fairly CPU intensive so it may cause a slower, single-core machine to run sluggishly. It was not noticeable on my dual-core machine.) A simple example of the type of output is shown in Figure 2. Note that the Process ID (PID) is given when using Windows XP. In Windows Vista/7, the switch "o' has to be added to display PIDs. This command can be combined with other tools such as Task Manager to analyze what executable files and processes are active and are trying to make Internet connections. Figure 2. Sample output for command "netstat -b" in Windows XP

14

Windows XP batch program to check connections and terminate automatically

The previous example of using "netstat -b" to check connections at intervals has the disadvantage that it requires manual termination. It is also possible to use a batch file that runs a specified number of times with a given time interval and then terminates automatically. In Windows XP we can make use of a command from the Windows 2003 Server Tools called "Sleep". A possible batch file is: @echo off
echo Checking connections for /L %%X in (1,1,100) do (netstat -b >> C:\connections.txt)&&(sleep 5)

This particular example does 100 iterations of the netstat command at 30 second intervals and writes the results to a file C:\connections.txt. By using different combinations of the switches in Table I, the type of output can be varied

Batch program to check connections in Windows Vista and Windows 7

Windows Vista and Windows 7 do not require installing the "Sleep" file. A command " timeout" has been added to these operating systems that serves a similar purpose. A possible batch file for Windows Vista/7 is:
@echo off echo Checking connections for /L %%X in (1,1,100) do (netstat -b >> "%USERPROFILE%\connections.txt")&& ((timeout /t 5 /nobreak)>nul)

This batch file has to be run with administrator privileges.

15

vmstat command
The first tool to use is the vmstat command, which quickly provides compact information about various system resources and their related performance problems. The vmstat command reports statistics about kernel threads in the run and wait queue, memory, paging, disks, interrupts, system calls, context switches, and CPU activity. The reported CPU activity is a percentage breakdown of user mode, system mode, idle time, and waits for disk I/O. Note: If the vmstat command is used without any interval, then it generates a single report. The single report is an average report from when the system was started. You can specify only the Count parameter with the Interval parameter. If the Interval parameter is specified without the Count parameter, then the reports are generated continuously. As a CPU monitor, the vmstat command is superior to the iostat command in that its one-line-per-report output is easier to scan as it scrolls and there is less overhead involved if there are many disks attached to the system. The following example can help you identify situations in which a program has run away or is too CPU-intensive to run in a multiuser environment. # vmstat 2 kthr memory page faults cpu

----- ----------- ------------------------ ------------ ----------r 1 1 0 b avm fre 1677 1609 1582 re 0 0 0 pi 0 0 0 po 0 0 0 fr 0 0 0 sr 0 0 0 cy in sy cs us sy id wa 0 10 0 16 0 9

0 22478 0 22506 0 22498

0 188 1380 157 57 32 0 214 1476 186 48 37 0 248 1470 226 55 36

2 2 2 3 2

0 22534 0 22534 0 22534 0 22534 1 22557

1465 1445 1426 1410 1365

0 0 0 0 0

0 0 0 0 0

0 0 0 0 0

0 0 0 0 0

0 0 0 0 0

0 238

903 239 77 23

0 0 0 0 0

0 0 0 0 0

0 209 1142 205 72 28 0 189 1220 212 74 26 0 255 1704 268 70 30 0 383 977 216 72 28

2 1 1

0 22541 0 22524 0 22546

1356 1350 1293

0 0 0

0 0 0

0 0 0

0 0 0

0 0 0

0 237 1418 209 63 33 0 241 1348 179 52 32 0 217 1473 180 51 35

0 16 0 14

This output shows the effect of introducing a program in a tight loop to a busy multiuser system. The first three reports (the summary has been removed) show the system balanced at 50-55 percent user, 30-35 percent system, and 10-15 percent I/O wait. When the looping program begins, all available CPU cycles are consumed. Because the looping program does no I/O, it can absorb all of the cycles previously unused because of I/O wait. Worse, it represents a process that is always ready to take over the CPU when a useful process relinquishes it. Because the looping program has a priority equal

16

to that of all other foreground processes, it will not necessarily have to give up the CPU when another process becomes dispatchable. The program runs for about 10 seconds (five reports), and then the activity reported by the vmstat command returns to a more normal pattern. Optimum use would have the CPU working 100 percent of the time. This holds true in the case of a single-user system with no need to share the CPU. Generally, if us + sy time is below 90 percent, a single-user system is not considered CPU constrained. However, if us + sy time on a multiuser system exceeds 80 percent, the processes may spend time waiting in the run queue. Response time and throughput might suffer. To check if the CPU is the bottleneck, consider the four cpu columns and the two kthr (kernel threads) columns in the vmstat report. It may also be worthwhile looking at the faults column: cpu Percentage breakdown of CPU time usage during the interval. The cpu columns are as follows: us The us column shows the percent of CPU time spent in user mode. A UNIX process can execute in either user mode or system (kernel) mode. When in user mode, a process executes within its application code and does not require kernel resources to perform computations, manage memory, or set variables. sy The sy column details the percentage of time the CPU was executing a process in system mode. This includes CPU resource consumed by kernel processes (kprocs) and others that need access to kernel resources. If a process needs kernel resources, it must execute a system call and is thereby switched to system mode to make that resource available. For example, reading or writing of a file requires kernel resources to open the file, seek a specific location, and read or write data, unless memory mapped files are used. id The id column shows the percentage of time which the CPU is idle, or waiting, without pending local disk I/O. If there are no threads available for execution (the run queue is empty), the system dispatches a thread called wait, which is also known as the idle kproc. On an SMP system, one wait thread per processor can be dispatched. The report generated by the ps command (with the -k or -g 0 option) identifies this as kproc or wait. If the ps report shows a high aggregate time for this thread, it means there were significant periods of time when no other thread was ready to run or waiting to be executed on the CPU. The system was therefore mostly idle and waiting for new tasks.

17

wa The wa column details the percentage of time the CPU was idle with pending local disk I/O and NFS-mounted disks. If there is at least one outstanding I/O to a disk when wait is running, the time is classified as waiting for I/O. Unless asynchronous I/O is being used by the process, an I/O request to disk causes the calling process to block (or sleep) until the request has been completed. Once an I/O request for a process completes, it is placed on the run queue. If the I/Os were completing faster, more CPU time could be used. A wa value over 25 percent could indicate that the disk subsystem might not be balanced properly, or it might be the result of a disk-intensive workload. For information on the change made to wa, see Wait I/O time reporting.

kthr Number of kernel threads in various queues averaged per second over the sampling interval. The kthr columns are as follows: r Average number of kernel threads that are runnable, which includes threads that are running and threads that are waiting for the CPU. If this number is greater than the number of CPUs, there is at least one thread waiting for a CPU and the more threads there are waiting for CPUs, the greater the likelihood of a performance impact. b Average number of kernel threads in the VMM wait queue per second. This includes threads that are waiting on filesystem I/O or threads that have been suspended due to memory load control. If processes are suspended due to memory load control, the blocked column (b) in the vmstat report indicates the increase in the number of threads rather than the run queue. p For vmstat -I The number of threads waiting on I/Os to raw devices per second. Threads waiting on I/Os to filesystems would not be included here.

faults Information about process control, such as trap and interrupt rate. The faults columns are as follows: in

18

Number of device interrupts per second observed in the interval. Additional information can be found in Assessing disk performance with the vmstat command. sy The number of system calls per second observed in the interval. Resources are available to user processes through well-defined system calls. These calls instruct the kernel to perform operations for the calling process and exchange data between the kernel and the process. Because workloads and applications vary widely, and different calls perform different functions, it is impossible to define how many system calls per-second are too many. But typically, when the sy column raises over 10000 calls per second on a uniprocessor, further investigations is called for (on an SMP system the number is 10000 calls per second per processor). One reason could be "polling" subroutines like the select() subroutine. For this column, it is advisable to have a baseline measurement that gives a count for a normal sy value. cs Number of context switches per second observed in the interval. The physical CPU resource is subdivided into logical time slices of 10 milliseconds each. Assuming a thread is scheduled for execution, it will run until its time slice expires, until it is preempted, or until it voluntarily gives up control of the CPU. When another thread is given control of the CPU, the context or working environment of the previous thread must be saved and the context of the current thread must be loaded. The operating system has a very efficient context switching procedure, so each switch is inexpensive in terms of resources. Any significant increase in context switches, such as when cs is a lot higher than the disk I/O and network packet rate, should be cause for further investigation

Important stages of vmstat usage. The vmstat command includes information that you can use to diagnose CPU and virtual memory problems. The following fields are particularly important: 1. Virtual memory information (memory), including the number of pages that are on the active list, including inactive pages and Unified Buffer Cache least-recently used (UBC LRU) pages (act); the number of pages on the free list (free), and the number of pages on the wire list (wire). Pages on the wire list cannot be reclaimed. 2. The number of pages that have been paged out (pout). 3. Interrupt information (intr), including the number of nonclock device interrupts per second (in), the number of system calls called per second (sy), and the number of task and thread context switches per second (cs). 19

4. CPU usage information (cpu), including the percentage of user time for normal and priority processes (us), the percentage of system time (sy), and the percentage of idle time (id). User time includes the time the CPU spent executing library routines. System time includes the time the CPU spent executing system calls.

df (Unix)
(abbreviation for disk free) is a standard Unix computer program used to display the amount of available disk space for filesystems on which the invoking user has appropriate read access. df is usually implemented by reading the mtab file or using statfs.
df

df o

first appeared in Version 1 AT&T UNIX.

Usage
The Single UNIX Specification specifications for df are:
df [-k] [-P|-t] [-del] [file...] -k

Use 1024-byte units, instead of the default 512-byte units, when writing space figures.
-P -t

Use a standard, portable, output format If XSI compliant, show allocated space as well[dubious discuss]
-h

Display in Kb, Mb, or Gb

file

Write the amount of free space of the file system containing the specified file Most Unix and Unix-like operating systems add extra options. The BSD and GNU coreutils versions include -h, where free space is listed in human readable format, adding units with the appropriate SI prefix (e.g. 10MB), -i, listing inode usage, and -l, restricting display to only local filesystems. GNU df includes -T as well, listing filesystem type information, but the GNU df shows the sizes in 1K blocks by default.

Specification
The Single Unix Specification (SUS) specifies by default space is reported in blocks of 512 bytes, and that at a minimum, the file system names and the amount of free space. The use of 512-byte units is historical practice and maintains compatibility with ls and other utilities. This does not mandate that the file system itself be based on 512-byte blocks. The -k option was added as a compromise measure. It was agreed by the standard developers that 512 bytes was the best default unit because of its complete historical consistency on System V (versus the mixed 512/1024-byte usage on BSD systems), and that a -k option to switch to 20

1024-byte units was a good compromise. Users who prefer the more logical 1024-byte quantity can easily alias df to df -k without breaking many historical scripts relying on the 512-byte units. The output with -P shall consist of one line of information for each specified file system. These lines shall be formatted as follows:
<fs name>, <total space>, <space used>, <space free>, <percentage used>, <fs root>

In the following list, all quantities expressed in 512-byte units (1024-byte when -k is specified) shall be rounded up to the next higher unit. The fields are:
<fs name>

The name of the file system, in an implementation-defined format.

total space>

The total size of the file system in 512-byte units. The exact meaning of this figure is implementation-defined, but should include <space used>, <space free>, plus any space reserved by the system not normally available to a user.
<space used>

The total amount of space allocated to existing files in the file system, in 512-byte units.
<space free>

The total amount of space available within the file system for the creation of new files by unprivileged users, in 512-byte units. When this figure is less than or equal to zero, it shall not be possible to create any new files on the file system without first deleting others, unless the process has appropriate privileges. The figure written may be less than zero.
<percentage used>

The percentage of the normally available space that is currently allocated to all files on the file system. This shall be calculated using the fraction:
<space used> / (<space used>+ <space free>)

expressed as a percentage. This percentage may be greater than 100 if <space free> is less than zero. The percentage value shall be expressed as a positive integer, with any fractional result causing it to be rounded to the next highest integer.
<fs root>

The directory below which the file system hierarchy appear

21

Example
$ df -k Filesystem /dev/hd4 /dev/hd2 /dev/hd9var /dev/hd3 /dev/hd1 /proc /dev/hd10opt 1024-blocks 32768 4587520 65536 819200 524288 65536 Free %Used 16016 52% 1889420 59% 12032 82% 637832 23% 395848 25% 26004 61% Iused %Iused Mounted on 2271 14% /usr 37791 4% /usr 518 4% /var 1829 1% /tmp 421 1% /home - /proc 654 4% /opt

ifconfig Command About ifconfig The "ifconfig" command allows the operating system to setup network interfaces and allow the user to view information about the configured network interfaces. Syntax ifconfig [-L] [-m] interface [create] [address_family] [address[/prefixlength] [dest_address]] [parameters] ifconfig interface destroy ifconfig -a [-L] [-d] [-m] [-u] [address_family] ifconfig -l [-d] [-u] [address_family] ifconfig [-L] [-d] [-m] [-u] [-C] address For the DARPA-Internet family, the address is either a host name present in the host name data base, or a DARPA Internet address expressed in the Internet standard ``dot notation''. It is also possible to use the CIDR notation (also known as the slash notation) to include the netmask. That is, one can specify an address like 192.168.0.1/16. Specify the address family which affects interpretation of the remaining parameters. Since an interface can receive transmissions in differing protocols with different naming schemes, specifying the address family is recommended. The address or protocol families currently supported are ``inet'', ``inet6'', Specify the address of the correspondent on the other end of a point to point link.

addres_family

dest_address

22

interface add alias

This parameter is a string of the form ``name unit'', for example, ``en0''. Another name for the alias parameter. Introduced for compatibility with BSD/OS. Establish an additional network address for this interface. This is sometimes useful when changing network numbers, and one wishes to accept packets addressed to the old interface. If the address is on the same subnet as the first network address for this interface, a netmask of 0xffffffff has to be specified. Remove the network address specified. This would be used if you incorrectly specified an alias, or it was no longer needed. If you have incorrectly set an NS address having the side effect of specifying the host portion, removing all NS addresses will allow you to respecify the host portion. (Inet6 only.) Specify that the address configured is an anycast address. Based on the current specification, only routers may configure anycast addresses. Anycast address will not be used as source address of any of outgoing IPv6 packets. Enable the use of the Address Resolution Protocol in mapping between network level addresses and link level addresses (default). This is currently implemented for mapping between DARPA Internet addresses and IEEE 802 48-bit MAC addresses (Ethernet, FDDI, and Token Ring addresses). Disable the use of the Address Resolution Protocol (Inet only.) Specify the address to use to represent broadcasts to the network. The default broadcast address is the address with a host part of all 1's. Enable driver dependent debugging code; usually, this turns on extra console error logging. Disable driver dependent debugging code. Another name for the -alias parameter. Mark an interface ``down''. When an interface is marked ``down'', the system will not attempt to transmit messages through that interface. If possible, the interface will be reset to disable reception as well. This action does not automatically disable routes using the interface. Another name for the lladdr parameter. Set the link-level address on an interface. This can be used to e.g. set a new MAC address on an ethernet interface, though the mechanism used is not ethernet-specific. The address addr is specified as a series of colon-separated hex digits. If the interface is already up when this option is used, it will be briefly brought down and then brought backup again in order to ensure that the receive filter in the underlying 23

-alias

anycast

arp

-arp broadcast

debug -debug delete down

ether lladdr addr

ethernet hardware is properly reprogrammed. media type If the driver supports the media selection system, set the media type of the interface to type. Some interfaces support the mutually exclusive use of one of several different physical media connectors. For example, a 10Mb/s Ethernet interface might support the use of either AUI or twisted pair connectors. Setting the media type to ``10base5/AUI'' would change the currently active connector to the AUI port. Setting it to ``10baseT/UTP'' would activate twisted pair. Refer to the interfaces' driver specific documentation or man page for a complete list of the available types. If the driver supports the media selection system, set the specified media options on the interface. The opts argument is a comma delimited list of options to apply to the interface. Refer to the interfaces' driver specific man page for a complete list of available options. (IP tunnel devices only.) Configure the physical source and destination address for IP tunnel interfaces. The arguments src_addr and dest_addr are interpreted as the outer source/destination for the encapsulating IPv4/IPv6 header. Unconfigure the physical source and destination address for IP tunnel interfaces previously configured with tunnel. Create the specified network pseudo-device. If the interface is given without a unit number, try to create a new device with an arbitrary unit number. If creation of an arbitrary device is successful, the new device name is printed to standard output. Destroy the specified network pseudo-device. Another name for the create parameter. Included for Solaris compatibility. Another name for the destroy parameter. Included for Solaris compatibility. Set the routing metric of the interface to n, default 0. The routing metric is used by the routing protocol. Higher metrics have the effect of making a route less favorable; metrics are counted as addition hops to the destination network or host. Set the maximum transmission unit of the interface to n, default is interface specific. The MTU is used to limit the size of packets that are transmitted on an interface. Not all interfaces support setting the MTU, and some interfaces have range restrictions. (Inet only.) Specify how much of the address to reserve for subdividing networks into subnetworks. The mask includes the network part of the local address and the subnet part, which is taken from the host field of the address. The mask can be specified as a single hexadecimal number with a leading `0x', with a dot-notation Internet address, or with a pseudo-network name listed in the network 24

-mediaopt opts

tunnel src_addr dest_addr

deletetunnel create

destroy plumb unplumb metric n

mtu n

netmask mask

table. The mask contains 1's for the bit positions in the 32-bit address which are to be used for the network and subnet parts, and 0's for the host part. The mask should contain at least the standard network portion, and the subnet field should be contiguous with the network portion. The netmask can also be specified in CIDR notation after the address. See the address option above for more information. prefixlen len (Inet6 only.) Specify that len bits are reserved for subdividing networks into sub-networks. The len must be integer, and for syntactical reason it must be between 0 to 128. It is almost always 64 under the current IPv6 assignment rule. If the parameter is omitted, 64 is used. Another name for the -alias parameter. Introduced for compatibility with BSD/OS. Enable special processing of the link level of the interface. These three options are interface specific in actual effect, how- ever, they are in general used to select special modes of operation. An example of this is to enable SLIP compression, or to select the connector type for some Ethernet cards. Refer to the man page for the specific driver for more information. Disable special processing at the link level with the specified interface. Mark an interface ``up''. This may be used to enable an interface after an ``ifconfig down''. It happens automatically when setting the first address on an interface. If the interface was reset when previously marked down, the hardware will be re-initialized.

remove link[0-2]

-link[0-2] Up

Examples ifconfig eth0 View the network settings on the first Ethernet adapter installed in the computer. ifconfig -a Display info on all network interfaces on server, active or inactive. ifconfig eth0 down If eth0 exists would take it down causing it cannot send or receive any information. ifconfig eth0 up If eth0 exists and in the down state would return it back to the up state allowing to to send and receive information. ifconfig eth0 192.168.1.102 netmask 255.255.255.0 broadcast 192.168.1.255 25

Assign eth0 with the above values for IP, netmask and broadcast address

du Command
Purpose
Summarizes disk usage.

Syntax
du [ -a | -s ] [ -k ] [ -m ] [ -g ][ -l ] [ -r ] [ -x ] [ -H | -L ]

Description
The du command displays the number of blocks used for files. If the File parameter specified is actually a directory, all files within the directory are reported on. If no File parameter is provided, the du command uses the files in the current directory. If the File parameter is a directory, then the number of blocks reported is the sum of blocks allocated for the files in the directory and the blocks allocated for the directory itself. If the object of the du command is a file or directory that exists inside a JFS2 snapshot, the du command gives information for the point-in-time object when the snapshot is created. This information does not include how much space is recovered if the snapshot itself is deleted. Specifying the -a flag reports the number of blocks in individual files. Whether the -a flag is used or not, individual files specified by the File parameter are always listed. Specifying the -s flag reports the total blocks for all specified files or all files in a directory. The block count includes indirect blocks of each file. Block count is calculated in 512-byte units independent of the cluster size used by the system. Specifying the -k flag calculates the block count in 1024-byte units. Notes: 1. 2. Files with multiple links are counted and written for only one entry. Block counts are based only on file size; therefore, unallocated blocks are not accounted for in the reported block counts. 3. If du cannot obtain the file attributes or cannot read directories, it reports an error and the exit status of the command is affected.

26

Flags
-a For each file specified, displays the disk usage of the file. For each directory specified, displays the disk usage of each individual file within the directory, including all subdirectories. Contrast this flag with the -s flag. Calculates the block count in GB units rather than the default 512-byte units. The output values for the disk usage would be in floating point numbers as value of each unit in bytes is significantly high. If a symbolic link is specified on the command line, the du command shall count the size of the file or file hierarchy referenced by the link. Calculates the block count in 1024-byte units rather than the default 512byte units. Allocates blocks evenly among the links for files with multiple links. By default, a file with two or more links is counted only once. If a symbolic link is specified on the command line or encountered during the traversal of a file hierarchy, the du command shall count the size of the file or file hierarchy referenced by the link. Calculates the block count in MB units rather than the default 512-byte units. The output values for the disk usage would be in floating point numbers as value of each unit in bytes is significantly high. Reports names of inaccessible files and directories. This is the default. For each file specified, displays the disk usage of the file. For each directory specified, displays the total disk usage of all files within the directory, including all subdirectories. Contrast this flag with the -a flag. When evaluating file sizes, evaluates only those files that reside on the same device as the file or directory specified by the File parameter. For example, you may specify a directory that contains files on several devices. In this case, the -x flag displays block sizes for all files that reside on the same device as the directory.

-g -H -k -l -L

-m -r -s

-x

If all or any two of the -k, -m and -g flags are specified, the last one specified takes effect. The output of the disk usage with the flags -m and -g would be rounded off to the nearest second decimal digit.

Exit Status
This command returns the following exit values: 0 >0 Successful completion. An error occurred.

Examples
1. To summarize the disk usage of a directory tree and each of its subtrees, enter: du /home/fran This displays the number of disk blocks in the /home/fran directory and each of its subdirectories. 2. To summarize the disk usage of a directory tree and each of its subtrees in 1024byte blocks, enter:

27

du -k /home/fran This displays the number of 1024-byte disk blocks in the /home/fran directory and each of its subdirectories. 3. To summarize the disk usage of a directory tree and each of its subtrees in MB blocks, enter: du -m /home/fran This displays the number of MB disk blocks rounded off to nearest 2nd decimal digit in the /home/fran directory and each of its subdirectories. 4. To summarize the disk usage of a directory tree and each of its subtrees in GB blocks, enter: du -g /home/fran This displays the number of GB disk blocks rounded off to nearest 2nd decimal digit in the /home/fran directory and each of its subdirectories. 5. To display the disk usage of each file, enter: du -a /home/fran

This displays the number of disk blocks contained in each file and subdirectory of the /home/fran directory. The number beside a directory is the disk usage of that directory tree. The number beside a regular file is the disk usage of that file alone. 6. To display only the total disk usage of a directory tree, enter: du -s /home/fran

The -s flag instructs the du command to display only the sum total disk usage of the /home/fran directory and the files it contains. By default, the du command displays an error message if it cannot read a file or directory. 7. To display the disk usage of the files and file hierarchies referenced by all the symbolic links in addition to the normal files found during traversal of a the /home/fran directory, type: du -L /home/fran 8. To report the disk usage of the file or file hierarchy referenced by the symbolic link mylink, type: du -H mylink

28