Short documentation for JWM / Linux

Last Update: 10.03.2024 for version 2.9.0

Table of contents

Short documentation for JWM / Linux

Introduction

JWM / Linux is a collection of various performance and analyze tools for Linux. In addition, JWM / Linux contains some useful general Linux tools. These are

ack (a grep replacement)
bvi (an hexadecimal editor)
busybox (the Swiss Army Knife for Linux)
screen (a full-screen window manager)
pigz (a parallel implementation of gzip)
a simple manServer
nano (a text editor)

JWM / Linux is distributed via tar.gz file so that it can be installed by any user on a Linux machine.

All tools included are compiled and tested under Linux for x86 with 64 Bit (see the list of tested distributions below). For most of the tools the source code is included.

JWM / Linux contains a lot of tools that do the same thing (see here); e.g. there is more then one top replacement, there are multiple tools to monitor the network bandwidth, etc. Just select the tool that is best for the task you're doing.

Most of the tools included are command line tools for ssh or telnet sessions, some use an internal webserver as user interface, and some are tools with an X Server GUI.

Unfortunately there is no such thing like a "linux binary" that runs on all Linux distributions. Therefore in most cases you must recompile all tools for your distribution.
You can use the script ./compile_scripts/check_for_missing_libs.sh to check if the libraries required by the tools in JWM / Linux exist in your Linux installation.

Please note that some of the tools included need root privileges (most of them are in the directory ./sbin ).

To check for a new version of JWM / Linux and updated documentation visit the JWM / Linux home page http://bnsmb.de/linux/JWM_Linux_documentation.html.

Be aware that this page now heavily uses the "new" html tag <details></details>. Therefor you should use a browser that supports this tag.

<details> Test

If you can see this text and can NOT hide it by clicking on <details> Test above your browser does not support the tag <details></details>.

Author

The collection was created by : Bernd Schemmer

email: Bernd.Schemmer@gmx.de

Homepage: http://bnsmb.de

Only small changes necessary to compile the tools on all distributions tested were done for the source code of some tools. All changes done are documented in the entries in the table Tools included in JWM / Linux.

Tools Summary

Find below a list of all tools contained in JWM / Linux sorted by usage:

Usage	Tools
General tools	ack, busybox, bvi, pigz, screen, manServer, nano
General Monitoring tools	collectl, dstat, hostscope, netdata, oprofile, lxtx, bashtop, bpytop, btop++,

Hardware information tools	dmidecode, inxi, memconf, prtdiag, inq, inxi
Environment information tools	inxi, procenv,
Security tools	lynis, testssl, checksec

Process List	atop, htop, nmon, cpustat
Process monitoring tools	forkstat, health-check, procdump, pspy, tgkill,

Kernel monitoring tools	eventstat, itop, latencytop, numatop, perftools, powertop, powerstat, sysstat tools, tiptop, trace-cmd, faultstat
CPU Monitoring tools	CPUMon, Intel Performance Counter Monitor

Memory Monitoring tools	smem, smemstat, pagemon, memstat

Network Monitor tools	bwm-ng, darkstat, ibmonitor, iftop, ifstat, ipaud, ipband, iptraf, jnettop, mtr, nethogs, nicstat, nload, pchar, pktstat, bmon, iptstate, iptraf-ng, tcptrack, httpry scanlogd, sockstat, tcpick, dnscap,
Network sniffer tools	cdpinfo, cdpr, dhest, ipscan, ngrep, nmap, p0f, justniffer, netsniff-ng, tcpdump, dropwatch, zmap, amap, arp-scan,
Network test tools	hping2, t50, sockperf, arping, netcat, fping,
WLAN monitoring	horst, wavemon

Disk Performance Test	bonnie++, hdperf, iozone, ioping
Network performance test tools	netio, netperf, iperf3, iperf
Performance help tools	CPUHog, stress, stress-ng,

File Info tools	fiemap
File access monitoring tools	fnotifystat, fspy, inotifywait, fsmon
Storage access monitoring tools	iotop
Disk Monitoring tools	smartmontools

Tools with WebGUI	darkstat, netdata, manServer

History

Date	Version	Comment
10.03.2023 /bs	2.9.0	added btop++ 1.3.2 added dnscap 2.2.0 added procenv 0.58 added additional packages to the script add_os_packages.sh New Versions new version: inxi 3.3.33.0 new version: ack 3.7.0 new version: nmon 16n new version: iozone 506 new version: htop 3 3.3 new version: atop 2.10.0 new version: stress-ng 0.17.05 new version: health-check 0.40.0 new version: lynis 3.0.9 new version: netdata 1.44.3 new version: iperf3 3.16 new version: ipscan 3.9.2 new version: nmap 7.94 new version: tcpdump 4.99.4 new version: pigz 2.8 new version: forkstat 0.03.02 new version: faultstat 0.01.11 new version: powerstat 0.04.02 new version: pagemon 0.02.04 new version: eventstat 0.06.00 new version: smemstat 0.02.13 new version: cpustat v0.2.20 new version: procdump 3.2.0 new version: screen 4.9.1 new version: busybox 1.36.1
10.02.2023 /bs	2.8.0	added fsmon 1.8.5 added tgkill New Versions new version: ioping 1.2 new version: nano 7.2 new version: inxi 3.3.24 new version: pigz 2.7 new version: memconf 3.16 new version: stress-ng 0.15.03 new version: atop 2.8.1 new version: sysstat 12.7.2 new version: htop 3 3.2.1 new version: tcpdump 4.99.3 new version: dropwatch 1.5.4 new version: iozone 494 new version: busybox 1.36 new version: procdump 1.4 new version: ipscan 3.9.0 new version: netdata 1.37.1 new version: lynis 3.0.8 new version: nmap 7.93 Fixes - the script to copy the libs created files instead of symbolic links for some libraries -- fixed - removed files not used anymore from the directory ${JWM_DIR}/lib - added missing packages to the script add_os_packages.sh Removed removed the source code for libpcap
07.11.2021/bs	2.7.1	Fixes the compile script for hostscope in the previous version did not copy the created binaries to the target directories --fixed
05.11.2021/bs	2.7.0	added amap 5.4 added fping 5.0 added arp-scan 1.10.1 added tcpick 0.2.1 replaced libpcap 1.0.0 with libpcap 1.10.1 New Versions new version: nano 5.9 new version: inq 9.2 new version: ipscan 3.7.6 new version: htop 3.1.1 new version: stress-ng 0.13.05 new version: tcpdump 4.99.1 new version: dropwatch 1.5.3 new version: sysstat 12.5.4 new version: ack 3.5.0 new version: netdata 1.31 new version: hostscope V8.0 new version: cpustat v0.2.13 new version: bpytop 1.0.63 new version: lynis 3.0.6 new version: dmidecode 3.3 new version: powerstat 0.02.25 new version: busybox 1.33.0 new version: iperf3 3.10 new version: procdump 1.2 new version: iptstate 2.2.7 new version: iozone 3.492 new version: inxi 3.3.07-00 new version: busybox 1.34.1 new version: pigz 2.6 new version: testssl 3.0.6 new version: checksec 2.5.0 new version: bvi 1.4.1 new version: sockperf 3.7 removed: fio (compiling fio for newer kernel does not work anymore) add_os_packages.sh : code to install the missing packages for Redhat based distributions enhanced
	...	see the History archive for the previous updates
27.10.2013/bs	1.0.0	first public release see also the README file in the tar archive

Installation

JWM / Linux is delivered in a compressed tar archive.

The name of the tar archive is

jwml_<archive_version>_<distname>_<distrelease>_<cpu_architecture>_<date>.tar.gz

e.g.

jwml_v100_Mint_14_Nadia_3.5.0-17-generic_x86_64_2013-10-26.tar.gz

This is JWM / Linux version v1.0.0 compiled under "MINT 14 Nadia" with kernel patch "3.5.0-17" for "x86_64" created on "2013/10/26".

or

jwml_v226_Fedora_release_23_(Twenty_Three)_4.7.7-100.fc23.x86_64_x86_64_2016-10-26.tar.gz

This is JWM / Linux version 2.2.6 compiled under "Fedora release 23_(Twenty Three)" with kernel patch "4.7.7-100" for "x86_64" created on "2016/10/26".

To use JWM / Linux download the tar file for your distribution and unpack it using tar with the options -xzf in an empty directory.

If there is no archive with precompiled binaries for your distribution just compile the sources yourself.

Note:

Some of the tools included need a fixed target location while building the binaries. To make sure that every user can install the tools the target directory used for the precompiled binaries is /var/tmp/jwm (/var/tmp is writable by everyone on a Linux machine). Therefor you should install the precompiled tools into the directory /var/tmp/jwm to be sure that all included binaries work.

This directory is called ${JWM_DIR} or JWM_DIR in the rest of this document.

To change the target location you should compile the tools.

Requirements for JWM / Linux

The tools in JWM / Linux should run on every modern 64 Bit Linux for x86 . Not so common libraries used by the tools are included in the archive.

In addition, the source code for the tools is included in the archive (if available) so that you can create your own binaries.

The script to execute the compile tools is written in ksh -- therefor /bin/ksh is required to compile the tools.

Some make scripts expect the executable sed to be in /usr/bin but in new Linux distributions sed is in /bin. To get around this issue just create a symoblic link:

sudo ln -s /bin/sed /usr/bin/sed

The same is true for mkdir:
sudo ln -s /bin/mkdir /usr/bin/mkdir

The make scripts from some tools require /usr/bin/python. If /usr/bin/python does not exist anymore in a Linux distribution please create a symbolic link, e.g.:

sudo ln -s /usr/bin/python3 /usr/bin/python

To compile the tools the necessary compile tools (gcc, g++, c++, make, bison, flex, yacc) , the kernel headers, and some library header files must be installed.
If the configure script for a tool fails just check the output of the configure script for missing header files, install them, and restart compiling.

You may use the script ./compile_scripts/ add_os_packages.sh to install the missing OS packages for the supported Linux distributions.

The environment is written for bash or ksh.

See also the notes for the tools in the table with the descriptions and the Hints for Compiling the tools below.

Required GCC version

Some of the tools require a recent version of gcc to compile. Therefor you should update the gcc before compiling the tools.

example:

To update the gcc on Centos 6.x do

sudo yum install centos-release-scl

sudo yum update

sudo yum install devtoolset-7-gcc-c++

Result:

[xtrnaw7@centos69 ~]$ gcc --version | head -1 gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-23) [xtrnaw7@centos69 ~]$ < [xtrnaw7@centos69 ~]$ scl --list devtoolset-7 [xtrnaw7@centos69 ~]$ [xtrnaw7@centos69 ~]$ scl enable devtoolset-7 bash [xtrnaw7@centos69 ~]$ [xtrnaw7@centos69 ~]$ gcc --version | head -1 gcc (GCC) 7.3.1 20180303 (Red Hat 7.3.1-5) [xtrnaw7@centos69 ~]$

To update the gcc in CentOS 7.xdo sudo yum install centos-release-scl sudo yum install centos-release-scl sudo yum install devtoolset-7-gcc-c++ scl enable devtoolset-7 bashResult:

[xtrnaw7@centos7 compile_scripts]$ scl enable devtoolset-7 bash [xtrnaw7@centos7 compile_scripts]$ gcc --version gcc (GCC) 7.3.1 20180303 (Red Hat 7.3.1-5) Copyright (C) 2017 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. [xtrnaw7@centos7 compile_scripts]$

Required Libraries

Some of the required libraries are probably not in the standard enabled repositories configured in some distribiutions, e.g:

The package libunistring-devel is in the base repository in CentOS 7.x but in CentOS 8.x it's in the additional repository powertools. Therefor to install the package either enable the repository powertools permanent or install the a package using the command:

sudo dnf --enablerepo=powertools install libunistring-devel

Linux Distributions tested

JWM / Linux was compiled on these Linux Distributions:

JWM Version	Date	Linux Distribution	Kernel version	gcc version	Supported by add_os_packages?	Comment
2.9.0	09.03.2024	Fedora 39	6.7.5	gcc (GCC) 13.2.1 20231205 (Red Hat 13.2.1-6)	yes	all packages can be compiled This is the main distribution for development
2.9.0	09.03.2024	CentOS 9 Stream	5.14.0	gcc (GCC) 11.4.1 20231218 (Red Hat 11.4.1-3)	yes	all packages can be compiled The epel repositories are necessary to install all packages required to compile the tools
2.9.0	09.03.2024	CentOS 8 Stream	4.18.0	gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-21)	yes	all packages can be compiled The epel repositories are necessary to install all packages required to compile the tools
2.9.0	09.03.2024	CentOS 7	3.10.0	gcc (GCC) 7.3.1 20180303 (Red Hat 7.3.1-5)	yes	some tools do not compile anymore with the standard gcc in CentOS 7.x Therefor I installed and used the GCC v7 (see Required GCC version) all packagescan be compiled with the GCC v7.x The current version of procdump does not compile in CentOS 7.x therefor the script compiles procdump version 1.4 The epel repositories are necessary to install all packages required to compile the tools
2.9.0	09.03.2024	CentOS 6.10	2.6.32	gcc (GCC) 7.3.1 20180303 (Red Hat 7.3.1-5)	yes	some tools do not compile anymore with the standard gcc in Centos 6.x Therefor I installed and used the GCC v7 (see Required GCC version) most of the packages can be compiled with the GCC v7.x except these ones: health-check (kernel not supported) fnotifystat (kernel not supported) fsmon (kernel not supported) dnscap (necessary libraries missing) justniffer must be compiled manually -- see here The current version of nmap does not compile in CentOS 6.x - the script will therefor compile nmap v7.70 The current version of procdump does not compile in Centos 6.10 therefor the script compiles procdump version 1.1.1. Some tools do not compile in OS with kernel 2.x anymore -- for details see here The epel repositories are necessary to install all packages required to compile the tools
2.9.0	09.03.2024	AlmaLinux 9 RockyLinux 9 (= RHEL 9.x)	5.14.0	gcc (GCC) 11.4.1 20230605 (Red Hat 11.4.1-2)	yes	The epel repositories are necessary to install all packages required to compile the tools
2.9.0	09.03.2024	AlmaLinux 8 RockyLinux 8 (= RHEL 8.x)	4.18.0	gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-20)	yes	The epel repositories are necessary to install all packages required to compile the tools

2.9.0	09.03.2024	Debian 10	4.19.0	gcc (Debian 8.3.0-6) 8.3.0	yes	all packages can be compiled, The current version of procdump does not compile in OpenSUSE Leap 15.2 therefor the script compiles procdump version 1.4
2.9.0	09.03.2024	Debian 11	5.10.0<f	gcc (Debian 10.2.1-6) 10.2.1 20210110	yes	all packages can be compiled iftop - can not be compiled with gcc 10 -- use gcc 9 instead The current version of procdump does not compile in Debian 11 therefor the script compiles procdump version 1.4


2.9.0	09.03.2024	Ubuntu 22.04 LTS	6.2.0	gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0	yes	all packages can be compiled The current version of procdump does not compile in Ubuntu 22.04 LTS therefor the script compiles procdump version 1.4
2.9.0	09.03.2024	Ubuntu_20.04.1 LTS (Server)	5.4.0	gcc (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0	yes	all packages can be compiled except these ones: jnettop (this tools can not be compiled with the current version of the pcap library) The current version of procdump does not compile in Ubuntu Server therefor the script compiles procdump version 1.4
2.9.0	09.03.2024	Mint 19	4.15.0	gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0	yes	all packages can be compiled The current version of procdump does not compile in Mint 19 therefor the script compiles procdump version 1.4

2.9.0	09.03.2024	OpenSuse Tumbleweed	6.6.3	gcc (SUSE Linux) 13.2.1 20231130	yes	all packages can be compiled except these ones: horst (see here) iptraf

2.9.0	09.03.2024	OpenSUSE Leap 15.2	5.3.18	gcc (SUSE Linux) 7.5.0	yes	all packages can be compiled except these ones: horst (see here) iptraf The current version of procdump does not compile in OpenSUSE Leap 15.2 therefor the script compiles procdump version 1.1.1.
2.9.0	09.03.2024	OpenSUSE Leap 15.4	5.14.21	gcc (SUSE Linux) 7.5.0		all packages can be compiled except these ones: horst (see here) iptraf
2.9.0	09.03.2024	OpenSUSE Leap 15.5	5.14.21	gcc (SUSE Linux) 7.5.0	yes	all packages can be compiled except these ones: horst (see here) iptraf

2.9.0	09.03.2024	Manjaro (ArchLinux)	6.5.3	gcc (GCC) 13.2.1 20230801	yes	all packages can be compiled
2.9.0	09.03.2024	ArcoLinux (ArchLinux)	6.6.18	gcc (GCC) 13.2.1 20230801	yes	all packages can be compiled

2.9.0	09.03.2024	Slackware 15.0	5.15.145	gcc (GCC) 11.2.0	no	all packages can be compiled except these ones: procdump dnsca p
2.9.0	09.03.2024	Slackware 14.2	4.4.301	gcc (GCC) 5.5.0	no	all packages can be compiled except these ones: dnscap (necessary libraries missing) and for these tools only an old version can be compiled: atop v2.6 can not be compiled in Slackware (see here) - the compile script will therefor compile the version V2.4 hostscope 8.0 needs a more recent version of gcc than 5.5.0 - the compile script will therefor compile the version V4.0 The current version of procdump does not compile in Slackware 14.2 therefor the script compiles procdump version 1.4 Missing packages for Slackware can be found here: https://packages.slackware.com/ https://pkgs.org/
2.9.0	09.03.2024	Raspbian GNU/Linux 10 (buster)	5.10.103	gcc (Raspbian 8.3.0-6+rpi1) 8.3.0	yes	all packages can be compiled except these ones: IntelPCM (this tool is only for Intel CPUs) justniffer (architecture not supported by make scripts) numatop (this tool is only for Intel CPUs) dnscap (necessary libraries missing)

Old Linux Distributions tested (History)

The old versions of JWM / Linux were compiled on these Linux Distributions:

JWM Linux distributions tested

add_os_packages.sh - Script to add missing packages

The script ./compile_scripts/add_os_packages.sh can be used to install the missing packages to compile all tools in JWM / Linux.

Usage:

[xtrnaw7@t15g /var/tmp/jwm]$ ./compile_scripts/add_os_packages.sh -h [26.02.2024 18:00 ] ### add_os_packages.sh started at Mon Feb 26 06:00:48 PM CET 2024 [26.02.2024 18:00 ] ### The logfile used is /var/tmp/add_os_packages.sh.log add_os_packages.sh Function: add missing OS packages for compiling JWM / Linux Usage: add_os_packages.sh [-v|--verbose] [-q|--quiet] [-f|--force] Parameter: -v - verbose mode -q - quiet mode -f - force execution -d - dry-run mode, only print the commands to execute [26.02.2024 18:00 ] ### The logfile used was /var/tmp/add_os_packages.sh.log [26.02.2024 18:00 ] ### add_os_packages.sh ended at Mon Feb 26 06:00:48 PM CET 2024 [xtrnaw7@t15g /var/tmp/jwm]$

add_os_packages.sh supports Linux distributions based on

Debian (Ubuntu, Mint, etc)
Suse
RedHat (Centos, RockyLinux, AlmaLinux, Fedora, etc)
ArchLinux

add_os_packages.sh installs all packages that are missing after an initial installation of the distribution without any modifications.

The script asks the user for confirmation before starting the installation or changing anything.

Note:

The scripts assumes a "standard installation" of the Linux distribution - so there may be other libraries or tools missing to compile all tools . Just check the error messages of the compile script and install the missing packages manually.

Using JWM / Linux

Creating a JWM / Linux session

To use JWM / Linux change to the directory with JWM / Linux (the JWM_DIR) and issue

. ./init_session

e.g.

screenshot:

[xtrnaw7@t15g /var/tmp/jwm]$ cd /var/tmp/jwm [xtrnaw7@t15g /var/tmp/jwm]$ [xtrnaw7@t15g /var/tmp/jwm]$ . ./init_session JWM_DIR is "/var/tmp/jwm" [bash] Starting environment for "JMW / Linux v290 created on Fedora_release_39_(Thirty_Nine) 6.7.6-200.fc39.x86_64 x86_64 at 2024-03-04" ... [bash] Initializing JWM environment ... [bash] JWM environment initialized. The tools available are: /var/tmp/jwm/bin: amap cifsiostat fspy ibmonitor ncat op-check-perfevents procenv stress-ng total amap6 cpulimit get_device ifstat ndiff operf protoc sysstat trace-cmd amapcrap cpumon get_driver inotifywait netio opgprof prtdiag systool trace-graph arp-fingerprint cpustat get-iab inotifywatch netperf ophelp prtdiag.cfg tapestat trace-view arp-scan dlist_test get_module iostat netserver opimport ptiptop tcpdump uninstall_ndiff atop dnscap get-oui iozone nicstat opjitconv rawtime tcpdump.4.99.0 uninstall_zenmap.org atopsar dnscap-rssm-rssac002 hdperf iperf3 nload opreport rnano tcpdump.4.99.1 unpigz bmon dropwatch horst jnettop nmap pcap-config rvnamed tcpdump.4.99.3 wavemon bmore dropwatch.1.5.0 horst.sh justniffer nmon pidstat rvnamed-ng tcpdump.4.99.4 zblocklist bon_csv2html dstat hostscope kernelshark nmonchart pigz screen tcpflow ziterate bon_csv2txt faultstat hping2 makelocal nping pit_server smemstat tcpick zmap btop fiemap htop memstat ocount plugins sockperf tcptrack ztee bvi fileop htop2 mpstat opannotate powerstat sockstat tgkill bwm-ng fsmon httpry nano oparchive procdump stress tiptop /var/tmp/jwm/bin1: CPUhog.jar inq inq.LinuxI386 iperf ipscan-linux64-3.9.1.jar latencytop-tui pchar_for_linux26 CPUhog.sh inq.LinuxAMD64 iodump ipscan latencytop-gui lxtx pspy64 /var/tmp/jwm/sbin: arping darkstat forkstat ioping iptraf-ng netsniff-ng pcm-core.x pcm-sensor.x smartctl update-smart-drivedb ztee astraceroute dhtest fping ipaudit iptstate ngrep pcm-memory.x pcm-tsx.x smartd vpddecode biosdecode dmidecode health-check ipband latencytop numatop pcm-msr.x pcm.x t50 zblocklist bonnie++ eventstat hostscoped ipstrings mausezahn p0f pcm-numa.x pktstat tcpdump zcav bpfc flowtop ifpps iptraf mtr pagemon pcm-pcie.x powertop trafgen ziterate cdpr fnotifystat iftop iptraf.fc31 nethogs pchar pcm-power.x scanlogd unfsd zmap /var/tmp/jwm/scripts: ack collectl_top getroute.sh jwm.sh netdata.sh ack-2.24-single-file.pl collectl_top_io hostscope.sh manServer_107_ma1.pl opensnoop1 ack-v3.5.0 compile_justniffer_with_boost.sh init_infoscale.include manServer_107.pl open_snoop_wrapper.sh ack-v3.7.0 darkstat.sh init_infoscale.sh manServer.pl rtp_task_desc.inp addtimestamp exec_snoop_wrapper.sh inxi manServer.pl.org scriptt_mini.sh bashtop execute_on_all_hosts.sh iotop memconf show_kernel_memory bpytop execute_osbuild_check_tasks.include iotop-0.4.4 memconf-v3.15.pl smem busybox_httpd.sh execute_osbuild_check_tasks.sh iotop-0.6 memconf.v3.16.pl start_stop_manserver.sh cdpinfo execute_scripts.sh iotop.sh mle.sh testssl.sh check_network_adapter_config.sh execute_tasks.sh itop monitor_system.sh view_vmware_server_configuration.sh collectl fio_tests.sh jdiskreport mpathstat.py Additional general Linux tools are in the directory /var/tmp/jwm/busybox Additional performance monitoring tools are in /var/tmp/jwm/perf-tools [JWM session] [xtrnaw7@t15g /var/tmp/jwm]$
Notes:

init_session sets the environment variables PATH, LD_LIBRARY_PATH, MANPATH, PYTHONPATH, and PS1 and defines some useful aliase.

If you want to use the already installed Linux libraries instead of the libraries contained in JWM / Linux set and export the variable LD_LIBRARY_PATH before calling init_session.

Using JWM commands via jwm.sh

To only execute a single command from the JWM / Linux environment without starting a JWM / Linux shell you can use the script ${JWM_DIR}/scripts/jwm.sh.

jwm.sh creates a temporary JWM / Linux environment and then executes the command. The usage for jwm.sh is

[xtrnaw7@t540p /var/tmp/jwm]$ /var/tmp/jwm/scripts/jwm.sh -h [18.11.2016 17:08 ] ### jwm.sh started at Fri Nov 18 17:08:53 CET 2016 [18.11.2016 17:08 ] ### The logfile used is /var/tmp/jwm.sh.log jwm.sh Function: exeucte a command in a temporary JWM / Linux environment Usage: jwm.sh [-v|--verbose] [-q|--quiet] [-f|--force] command [parameter] Parameter: -v - verbose mode -q - quiet mode -f - force execution [18.11.2016 17:08 ] ### The logfile used was /var/tmp/jwm.sh.log [18.11.2016 17:08 ] ### jwm.sh ended at Fri Nov 18 17:08:53 CET 2016 [xtrnaw7@t540p /var/tmp/jwm]$

You should create a symbolic link for jwm.sh in a directory that is in your standard path, e.g

sudo ln -s /var/tmp/jwm/scripts/jwm.sh /usr/bin/jwm

Then you can use jwm.sh like this

[xtrnaw7@t540p /var/tmp/jwm]$ jwm nicstat 1 1 [18.11.2016 17:29 ] ### jwm started at Fri Nov 18 17:29:22 CET 2016 [18.11.2016 17:29 ] ### The logfile used is /var/tmp/jwm.log Time Int rKB/s wKB/s rPk/s wPk/s rAvs wAvs %Util Sat 17:29:22 enp0s25 12.01 3.06 9.34 6.22 1316.5 504.8 0.01 0.00 17:29:22 lo 2.74 2.74 41.09 41.09 68.30 68.30 0.00 0.00 17:29:22 wlp4s0 0.00 0.00 0.00 0.00 112.5 145.5 0.00 0.00 [18.11.2016 17:29 ] ### The logfile used was /var/tmp/jwm.log [18.11.2016 17:29 ] ### jwm ended at Fri Nov 18 17:29:22 CET 2016 [xtrnaw7@t540p /var/tmp/jwm]$

Note: Use jwm.sh with the parameter -v to get some more information for trouble shooting:

[xtrnaw7@t540p /var/tmp/jwm]$ jwm -v nicstat 1 1 [29.08.2018 13:32 ] ### jwm started at Wed Aug 29 13:32:54 CEST 2018 [29.08.2018 13:32 ] ### The logfile used is /var/tmp/jwm.log [29.08.2018 13:32 ] INFO: SCRIPTNAME is "jwm" [29.08.2018 13:32 ] INFO: SCRIPTDIR is "/tools/scripts" [29.08.2018 13:32 ] INFO: REAL_SCRIPTNAME is "/data/tools/scripts/jwm" [29.08.2018 13:32 ] INFO: REAL_SCRIPTDIR is "/data/tools/scripts" [29.08.2018 13:32 ] INFO: WORKING_DIR is "/var/tmp/jwm" [29.08.2018 13:32 ] INFO: RUNNING_IN_TERMINAL_SESSION is "0" (0 = yes, 1 = no) [29.08.2018 13:32 ] INFO: CUR_USER_ID is "1000" [29.08.2018 13:32 ] INFO: CUR_USER_NAME is "xtrnaw7" [29.08.2018 13:32 ] INFO: CUR_GROUP_ID is "1000" [29.08.2018 13:32 ] INFO: CUR_GROUP_NAME is "xtrnaw7" [29.08.2018 13:32 ] INFO: ACTION is "" [29.08.2018 13:32 ] INFO: Using the JWM directory "/var/tmp/jwm" [29.08.2018 13:32 ] INFO: PATH is now /var/tmp/jwm/scripts:/var/tmp/jwm/bin:/var/tmp/jwm/sbin:/tools/scripts:/tools/bin:/tools/sbin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/home/xtrnaw7/.local/bin:/home/xtrnaw7/bin [29.08.2018 13:32 ] INFO: LD_LIBRARY_PATH is now /var/tmp/jwm/lib: [29.08.2018 13:32 ] INFO: MANPATH is now /var/tmp/jwm/man:/tools/man: [29.08.2018 13:32 ] INFO: PYTHONPATH is now :/var/tmp/jwm/lib/python2.7/site-packages/ [29.08.2018 13:32 ] INFO: Executing now "nicstat 1 1" ... Time Int rKB/s wKB/s rPk/s wPk/s rAvs wAvs %Util Sat 13:32:54 enp0s25 20.84 8.38 18.73 12.40 1139.6 692.1 0.02 0.00 13:32:54 lo 0.00 0.00 0.01 0.01 77.56 77.56 0.00 0.00 [29.08.2018 13:32 ] ### The logfile used was /var/tmp/jwm.log [29.08.2018 13:32 ] ### jwm ended at Wed Aug 29 13:32:54 CEST 2018 [xtrnaw7@t540p /var/tmp/jwm]$

JWM / Linux manServer

JWM / Linux contains a simple manServer that can be used to view the man pages in a web browser that listens on localhost:7777.

To use it start a JWM / Linux session

cd /var/tmp/jwm . init_session

and start the JWM / Linux manServer

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ start_stop_manserver.sh start [04.11.2016 21:01 ] ### start_stop_manserver.sh started at Fri Nov 4 21:01:38 CET 2016 [04.11.2016 21:01 ] ### The logfile used is /var/tmp/start_stop_manserver.sh.log [04.11.2016 21:01 ] Starting the JWM manserver ... export MANPATH="/var/tmp/jwm/share/man:/tools/man::/var/tmp/jwm/perf-tools/man" nohup /var/tmp/jwm/scripts/manServer.pl -s 7777 >/tmp/manserver_jwm.log 2>&1 & echo $! >"/tmp/manserver_jwm.pid" [04.11.2016 21:01 ] Use "http://localhost:7777" or "http://t540p:7777" to connect to the JWM manserver [04.11.2016 21:01 ] ### The logfile used was /var/tmp/start_stop_manserver.sh.log [04.11.2016 21:01 ] ### start_stop_manserver.sh ended at Fri Nov 4 21:01:38 CET 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$

Now you can use your Web Browser to view the man pages, e.g.

To add other man pages to the JWM / Linux manServer and use another port use :

MANPATH=$MANPATH:/usr/share/man ./start_stop_manserver.sh --port 7788 start

example

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ MANPATH=$MANPATH:/usr/share/man start_stop_manserver.sh --port 7788 start[12.01.2019 17:23 ] ### start_stop_manserver.sh started at Sat Jan 12 17:23:05 CET 2019[12.01.2019 17:23 ] ### The logfile used is /var/tmp/start_stop_manserver.sh.log[12.01.2019 17:23 ] Starting the JWM manserver ...export MANPATH="/var/tmp/jwm/share/man:/tools/man::/var/tmp/jwm/perf-tools/man:/usr/share/man" nohup /var/tmp/jwm/scripts/manServer.pl -s 7788 >/tmp/jwm_manserver_7788.log 2>&1 &echo $! >"/tmp/jwm_manserver_7788.pid"[12.01.2019 17:23 ] Use "http://localhost:7788" or "http://t540p:7788" to connect to the JWM manserver[12.01.2019 17:23 ] ### The logfile used was /var/tmp/start_stop_manserver.sh.log[12.01.2019 17:23 ] ### start_stop_manserver.sh ended at Sat Jan 12 17:23:05 CET 2019[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$

start_stop_manserver.sh details

Use the parameter status to check the status of the JWM manserver:

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ start_stop_manserver.sh status [04.11.2016 21:02 ] ### start_stop_manserver.sh started at Fri Nov 4 21:02:11 CET 2016 [04.11.2016 21:02 ] ### The logfile used is /var/tmp/start_stop_manserver.sh.log [04.11.2016 21:02 ] The JWM manserver already running; the PID is 8378 [04.11.2016 21:02 ] The JWM manserver is listening to the ports: (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 0.0.0.0:7777 0.0.0.0:* LISTEN 8378/perl [04.11.2016 21:02 ] ### The logfile used was /var/tmp/start_stop_manserver.sh.log [04.11.2016 21:02 ] ### start_stop_manserver.sh ended at Fri Nov 4 21:02:11 CET 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ start_stop_manserver.sh stop [04.11.2016 21:04 ] ### start_stop_manserver.sh started at Fri Nov 4 21:04:37 CET 2016 [04.11.2016 21:04 ] ### The logfile used is /var/tmp/start_stop_manserver.sh.log [04.11.2016 21:04 ] The JWM manserver is not running [04.11.2016 21:04 ] ### The logfile used was /var/tmp/start_stop_manserver.sh.log [04.11.2016 21:04 ] ### start_stop_manserver.sh ended at Fri Nov 4 21:04:37 CET 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$

The usage for the JWM mansever start/stop script is:

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ start_stop_manserver.sh --help [04.11.2016 21:13 ] ### start_stop_manserver.sh started at Fri Nov 4 21:13:13 CET 2016 [04.11.2016 21:13 ] ### The logfile used is /var/tmp/start_stop_manserver.sh.log start_stop_manserver.sh Function: start or stop the manserver in JWM / Linux Usage: start_stop_manserver.sh [-v|--verbose] [-q|--quiet] [-f|--force] [-p|--port port] [start|stop|restart|status] Parameter: -v - verbose mode -q - quiet mode -f - force execution -p - port for the JWM manserver, the default port is 7777 [04.11.2016 21:13 ] ### The logfile used was /var/tmp/start_stop_manserver.sh.log [04.11.2016 21:13 ] ### start_stop_manserver.sh ended at Fri Nov 4 21:13:13 CET 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$

Directories in the JWM / Linux archive

Directory name	Directory contents	Comment
bashtop*	bashtop
bin	binaries w/ source
bin1	binaries w/o source
bpytop*	bpytop
busybox	busybox binary and links
checksec*	checksec
collectl*	collectl
compile_scripts	scripts for compiling the tools
data/*	data files for the tools
develop	script templates and other development files
etc	config files for the tools
htdocs	webserver based applications and html pages
include	include files
info	.info files
iotop*	iotop (various versions)
jdiskreport*	JDiskReport
lib	libraries for the tools
lib64	symbolic link to lib
libexec	add files for the tools
lynis*	lynis installation
man	symbolic link to ./share/man
netdata*	netdata installation
new	staging directory for new tools
other_os	this directory contains some binaries for other OS
perf-tools	directory with the perftools
sbin	binaries that need root privileges
scripts	well, scripts
share	docs, manpages, etc for the tools
src	source for the tools
src/old	source code for the previous version of some tools (see here)
testssl*	directories with the tool testssl.sh
workdir	data files and log files for compiling the tools

Outdated versions of the tools

The current version of some of the tools can not be compiled on older kernels anymore. For these tools the archive also contains the source code for the old version of the tool in the directory ${JWM_DIR}/src/old. The compile script then compiles the old version of a tool if necessary.

e.g. the version 2.6 of atop does not compile for kernel 2.x . Therefor the compile script for atop will compile the version 2.4 of atop if a kernel 2.x is detected.

As of [26.02.2024] the tar archive contains this "old" versions of the tools
[xtrnaw7@t15g /var/tmp/jwm]$ date Mon Feb 26 06:07:24 PM CET 2024 [xtrnaw7@t15g /var/tmp/jwm]$ [xtrnaw7@t15g /var/tmp/jwm]$ ls -l ./src/old/ total 52 drwxrwxr-x. 4 xtrnaw7 xtrnaw7 4096 Jan 12 2019 atop-2.4.0 drwxrwxr-x. 4 xtrnaw7 xtrnaw7 4096 Aug 3 2020 health-check-0.03.09 drwxrwxr-x. 2 xtrnaw7 xtrnaw7 4096 Dec 26 2020 hostscope-V4.0 drwxrwxr-x. 12 xtrnaw7 xtrnaw7 4096 Apr 17 2021 htop3-3.0.5 drwxr-xr-x. 12 xtrnaw7 xtrnaw7 4096 Oct 30 2021 ibpcap-1.0.0 lrwxrwxrwx. 1 xtrnaw7 xtrnaw7 18 Sep 5 2020 iptraf-ng -> ./iptraf-ng-1.1.4/ drwxrwxr-x. 4 xtrnaw7 xtrnaw7 4096 Jul 23 2013 iptraf-ng-1.1.4 drwxrwxr-x. 24 xtrnaw7 xtrnaw7 4096 Feb 4 2023 nmap-7.70 drwxr-xr-x. 8 xtrnaw7 xtrnaw7 4096 Feb 24 17:01 procdump-1.1.1 drwxr-xr-x. 10 xtrnaw7 xtrnaw7 4096 Feb 26 08:17 procdump-1.4 drwxr-xr-x. 7 xtrnaw7 xtrnaw7 16384 Sep 5 2020 stress-ng-0.10.08 lrwxrwxrwx. 1 xtrnaw7 xtrnaw7 18 Sep 5 2020 stress-ng-without_O_PATH -> stress-ng-0.10.08/ [xtrnaw7@t15g /var/tmp/jwm]$

Libraries included in JWM / Linux

Because not all libraries necessary for the tools are installed on all machines (especially on machines in production environments) some libraries are included in JWM / Linux. The libraries are in the directory ${JWM_DIR}/lib.

As of this writing these libraries are:

Library	Version	Description	Source

The make script for JWM / Linux also copies some OS libraries necessary for some of the tools to the JWM / Linux lib directory. The libraries to copy are listed in the file

${JWM_DIR}/compile_scripts/OS_LIBS

The libraries to copy are [as of 22.09.2020]; (you may change the file if the libraries are already on the target machines for JWM / Linux ]:

Library	Comment
libpcap*
libcrypto.so.10*
libdb-4.7*
libdb-5.3*
libtinfo*
libnuma*
liblua*
liblua5.2*
liblua-5.1*
liblua-5.2*
liblua-5.3*
liblua-5.4*
liblua-5*
libnet*
libnl*
libconfuse*

libnl-3*
libnl-route-3*
libnl-genl-3*
libsctp1*
libnetfilter_conntrack*
libboost_regex*
libboost_regex-mt*
libboost_iostreams*
libboost_iostreams-mt*
libboost_program_options*
libboost_program_options-mt*
liburcu*
libcli*

libsctp1*
libjson-c*
libbsd*

see How to add another OS Library for details for the copy process

Note:

To suppress the copying of the libraries create the semaphor file ${JWM_DIR}/lib/_DO_NOT_COPY_LIBS_ prior to calling the make script (or remove the file ${JWM_DIR}/compile_scripts/OS_LIBS).

Tools included in JWM / Linux

Tool	Version	Last Update	Interface	Description	Source
ack	3.7	2023	cli	ack is a grep replacement written in Perl; requirement is Perl 5.8.8 or higher	http://beyondgrep.com/
amap	5.4	2011	cli	amap is a tool to identify application protocols on target ports.	https://www.thc.org/ Download source from https://github.com/hackerschoice/THC-Archive/blob/master/Tools
arp-scan	1.10.1	2021	cli	arp-scan is an arp scanner	arp-scan documentation: http://www.royhills.co.uk/wiki/index.php/Arp-scan_Documentation download the source from https://github.com/royhills/arp-scan
arping	2.19	2017	cli	arping is a util to find out if a specific IP address on the LAN is 'taken' and what MAC address owns it.	http://github.com/ThomasHabets/arping
atop	2.10.0	2024	cli	top like system monitor Hints for compiling atop If you get the error message `cc -O2 -I. -Wall -c -o photosyst.o photosyst.cphotosyst.c: In function ‘lvmmapname’:photosyst.c:1466:19: error: called object ‘major’ is not a function or function pointer` `dmp->major = major(statbuf.st_rdev);` `^~~~~photosyst.c:1421:25: note: declared here` `lvmmapname(unsigned int major, unsigned int minor,` `~~~~~~~~~~~~~^~~~~` add the line `#include <sys/sysmacros.h>` to the file `photosyst.c` Note [25.12.2020] The compile script for atop will compile the old version 2.4 of atop if a kernel version 2.x is detected because the atop version 2.6 can not be compiled for kernel 2.x (see also here.) The script will also compile the version 2.4 if ETHTOOL_GLINKSETTINGS is not defined in the current OS.	http://www.atoptool.nl/
bashtop	0.9.25	2020	cli	a "top" written in bash (see also bpytop) Dependencies for bashtop are bash (v4.4 or later) GNU coreutils, sed, grep, ps, awk (see also the homepage of bashtop)	https://github.com/aristocratos/bashtop
bmonDMI	4.0	2017	cli	"bmon is a monitoring and debuggng tool to capture networking related statistics and prepare them visually in a human friendly way. It features various output methods including an interactive curses user interface and a programmable text output for scripting."	https://github.com/tgraf/bmon/
bonnie++	1.04 UNRELEASED	2017	cli	bonnie++ is a disk performance test tool	http://www.coker.com.au/bonnie++/
bpytop	1.0.63	2020	cli	a "top" written in Python (see also bashtop) Dependencies for bpytop are Python3 (v3.6 or later) psutil module (v5.7.0 or later)	https://github.com/aristocratos/bpytop
busybox	1.36.1	2023	cli	BusyBox: The Swiss Army Knife of Embedded Linux Note: The config for busybox in the tar archive is the default config without the i2c tools. The compile script does not create a new config. Use `make menuconfig` in the busybox source directory to select which busybox components should be compiled. Hints for some of the errors I got while compiling busybox on older Linux versions `Error message ‘MTD_FILE_MODE_RAW’ undeclared` -> disable "Miscellaenous Utilities/nandwrite" and "Miscellaenous Utilities/nanddump" `Error message ‘BLKSECDISCARD’ undeclared` -> disable "Linux System Utilities/blkdiscard" Error message sync.c:(.text.sync_main+0x7a): undefined reference to `syncfs' -> disable "Core Utils/sync" Error message nsenter.c:(.text.nsenter_main+0x1b6): undefined reference to `setns' -> disable "Linux System Utilties/nsenter" The config without these tools is saved in the file rhel6_config in the busybox source directroy. Use "make menuconfig" in the busybox source directory to use this config.	http://www.busybox.net
btop++	1.3.2	2022	cli	"Resource monitor that shows usage and stats for processor, memory, disks, network and processes." Note: The precompiled static binary files from btop++ are used in JWM	https://github.com/aristocratos/btop/releases
bvi	1.4.2	2023	cli	bvi is a vi like editor for binary files	http://bvi.sourceforge.net/
bwm-ng	0.6.2	2018	cli	Bandwidth Monitor NG is a small and console-based live network and disk-io bandwidth monitor	http://sourceforge.net/projects/bwmng/
cdpinfo	1.2	2012	cli	A perl script to listen for Cisco Discovery Protocol (CDP) packets and print out key values such as switch, port and vlan	https://github.com/wildajet/scripts/blob/master/cdpinfo
cdpr	2.4	2013	cli	Cisco Discovery Protocol Reporter - view and decode CDP packets	http://sourceforge.net/projects/cdpr/
checksec	2.5.0	2021	cli	Test security features implemented in the running Linux version	https://github.com/slimm609/checksec.sh http://www.trapkit.de/tools/checksec.html
collectl	4.3.1	2018	cli	powerfull performance monitoring tool	http://collectl.sourceforge.net/
CPUHog	2.1.3	2018	GUI	Java app. to utilise (waste) as much CPU as it can. The application allows the user to create multiple Java threads, each performing a CPU-intensive task tasks with a selectable memory footprint. The options let you 'thrash' the aspect you want.	https://sourceforge.net/projects/cpuhog/
cpumon	2.4	2014	cli	monitor cpu usage	http://www.softndesign.org/codes/c/cpumon/
cpustat	0.02.20	2024	cli	cpustat periodically dumps out the current CPU utilisation statistics of running processes. cpustat has been optimised to have a minimal CPU overhead and typically uses about 35% of the CPU compared to top. cpustat also includes some simple statistical analysis options that can help characterise the way CPUs are being loaded.	https://github.com/ColinIanKing/cpustat
darkstat	3.0.719	2015	WebGUI	Captures network traffic, calculates statistics about usage, and serves reports over HTTP. Use darkstat.sh to start or stop the darkstat daemon.	http://unix4lyfe.org/darkstat/
dhtest	1.5	2018	cli	DHCP Test client	https://github.com/saravana815/dhtest
dmidecode	3.5	2023	cli	dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output)	http://www.nongnu.org/dmidecode/
dnscap	2.2.0	2023	cli	"dnscap is a network capture utility designed specifically for DNS traffic."	https://github.com/DNS-OARC/dnscap
dstat	0.7.3	2017	cli	Resource statistic tool	http://dag.wieers.com/home-made/dstat/
dropwatch	1.5.4	2022	cli	list dropped network packages	https://github.com/nhorman/dropwatch
eventstat	0.06.00	2024	cli	eventstat periodically dumps out the current kernel event state. It keeps track of current events and outputs the change in events on each output update. The tool requires sudo to run since it needs to write to /proc/timer_stats to start and stop the event monitoring.	https://github.com/ColinIanKing/eventstat
faultstat	0.01.11	2024	cli	"Faultstat reports the page fault activity of processes running on a system. The tool supports a 'top' like mode to dynamically display the top page faulting processes. "	https://github.com/ColinIanKing/faultstat
fiemap		2017	cli	Reads file extents using the FIEMAP ioctl	https://github.com/ColinIanKing/fiemap
fnotifystat	0.02.07	2020	cli	Fnotifystat is a program that dumps the file system activity in a given period of time. Note: The compile script aborts the compilation if the file fanotify.h is not found in /usr/include or one of the sub directories. This file is missing in older Linux versions Hints for compiling fnotifystat If you get the error message `cc -Wall -Wextra -DVERSION='"0.01.17"' -O2 fnotifystat.o -o fnotifystat`/usr/bin/ld: fnotifystat.o: in function `fnotify_get_filename.constprop.3':fnotifystat.c:(.text+0xbad): undefined reference to `minor' add the line `#include <sys/sysmacros.h>` to the file `fnotifystat.c`	https://github.com/ColinIanKing/fnotifyst
forkstat	0.03.02	2024	cli	forkstat is a program that logs process fork(), exec() and exit() activity. It is useful for monitoring system behaviour and to track down rogue processes that are spawning off processes and potentially abusing the system. Note that forkstat uses the Linux netlink connector to gather process activity and this may miss events if the system is overly busy. Netlink connector also requires root privilege.	https://github.com/ColinIanKing/forkstat
fping	5.0	2020	cli	fping is a program to send ICMP echo probes to network hosts, similar to ping, but much better performing when pinging multiple hosts.	https://www.fping.org/
fsmon	1.8.5	2021	cli	FileSystem Monitor utility that runs on Linux, Android, iOS and OSX.	https://github.com/nowsecure/fsmon
fspy	0.1.1	2010	cli	fspy is an easy to use linux filesystem activity monitoring tool which is meant to be small, fast and to handle system resources conservative. you can apply filters, use diffing and your own output format in order to get the best resul	ttps://www.security-database.com/toolswatch/fspy-v0-1-1-linux-filesystem.html
hdperf	1.5	2013	cli	harddrive performance benchmark	http://sourceforge.net/projects/hdperf/
health-check	0.04.00	2024	cli	The health-check tool monitors prcesses in various ways to help identify areas where it is consuming too many resources. One can trace one or more processes (including all their threads and child processes too) for a full story of system activity. Note: The compile script aborts the compilation if the file fanotify.h is not found in /usr/include or one of the sub directories. This file is missing in older Linux versions	https://github.com/ColinIanKing/health-check
horst	5.1	2016	cli	horst is a small, lightweight IEEE802.11 WLAN analyzer with a text interface. Hints for compiling horst If compiling horst fails with error messages like this: `display.c:435:11: error: lvalue required as left operand of assignment` `435 \| ESCDELAY = 25; /* we don't use ESC sequences */` A workaround for this error is to comment the lines with the "invalid" assignments (but that will only work if the statement defines some unused variable)	https://github.com/br101/horst
hostscope	8.0	2021	cli, network	hostscope displays key system metrics of Linux hosts, such as detailed CPU load, speed and temperature, I/O rates of network interfaces, I/O rates of disks, and user process summary information. All metrics are multicast on the LAN, if wanted, and clients can switch between multiple hosts on the network. Hints for compiling hostscope An error like this `hostscope_wfc.cc:769:18: error: 'class std::vector<HostScope_LinuxCPU>' has no member named 'emplace_back'` `m_linux_cpus.emplace_back();` can be fixed by using a more recent version of gcc.	http://www.maier-komor.de/hostscope.html
hping2	2.0.0	2006	cli	command-line oriented TCP/IP packet assembler/analyzer	https://sourceforge.net/projects/hping2/
htop	3.3.0	2024	cli	top like system monitor Hints for compiling htop 3.x htop version 3.1.x does not compile on OS versions with a missing definition for TASKSTATS_TYPE_NULL in the file /usr/include/linux/taskstats.h. In this case the compile script will compile the old version 3.0.5 - see also here. Note: The old htop version 2.2.0 is available as htop2.	http://htop.sourceforge.net/
httpry	0.1.8.0	2014	cli	a HTTP logging and information retrieval tool	https://github.com/jbittel/httpry#
ibmonitor	1.4	2006	cli	ibmonitor is an interactive linux console application which shows bandwidth consumed and total data transferred on all interfaces.	http://ibmonitor.sourceforge.net/index.html
ifstat	1.1	2004	cli	report network interface bandwidth	http://gael.roualland.free.fr/ifstat/
iftop	1.0pre4	2014	cli	report network interface bandwidth	http://www.ex-parrot.com/pdw/iftop/
inxi	3.3.33-00	2024	cli	inxi - the universal, portable, system information tool for console and irc.	http://smxi.org/
inotify	3.14	2010	cli	inotify-tools is a C library and a set of command-line programs for Linux providing a simple interface to inotify. These programs can be used to monitor and act upon filesystem events. ... The programs are written in C and have no dependencies other than a Linux kernel supporting inotify. inotify-tools 3.14 is the latest version, released on the 7th of March 2010. inotify is a file change notification system in the Linux kernel, available since version 2.6.13 To check whether your own kernel version supports Inotify as well, you can run the following command: % grep INOTIFY_USER /boot/config-$(uname -r) CONFIG_INOTIFY_USER=y	https://github.com/rvoicilas/inotify-tools/wiki see also: http://www.infoq.com/articles/inotify-linux-file-system-event-monitoring
inq	9.2.1.2	2021	cli	disk inquiry program from EMC, Notes: The archive contains only the 32bit binary and the 64bit binary The 32 Bit Version is still 7.6.2.0	ftp://ftp.emc.com/pub/symm3000/inquiry/ (no source code available)
Intel PCM	2.11	2012	cli	Intel Performance Counter Monitor	https://software.intel.com/en-us/articles/intel-performance-counter-monitor/
ioping	1.2	2020	cli	simple disk I/0 latency measuring tool	https://github.com/koct9i/ioping
iotop	0.4.4	2013	cli	iotop is a Python program with a top like UI used to show of behalf of which process is the I/O going on. Be aware of the requirements for this iotop version: "It requires Python >= 2.5 (or Python >= 2.4 with the ctypes module) and a Linux kernel >= 2.6.20 with the CONFIG_TASK_DELAY_ACCT CONFIG_TASKSTATS, CONFIG_TASK_IO_ACCOUNTING and CONFIG_VM_EVENT_COUNTERS options on."	http://guichaz.free.fr/iotop/
iotop	0.6	2013	cli	iotop is a Python program with a top like UI used to show of behalf of which process is the I/O going on. Be aware of the requirements for this iotop version: "It requires Python >= 2.7 and a Linux kernel >= 2.6.20 with the CONFIG_TASK_DELAY_ACCT CONFIG_TASKSTATS, CONFIG_TASK_IO_ACCOUNTING and CONFIG_VM_EVENT_COUNTERS options on."	Update 17.10.2021/bs Webpage is reachable http://guichaz.free.fr/iotop/
iozone	3_506	2023	cli	IOzone is a filesystem benchmark tool	http://iozone.org/
ipaudit	1.1	2016	cli	IPAudit monitors network activity on a network by host, protocol and port.	http://ipaudit.sourceforge.net/
ipband	0.8.1	2008	cli	ipband is a pcap based IP traffic monitor.	http://ipband.sourceforge.net/
iperf3	3.16.0	2023	cli	iperf3 is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers. For each test it r./src/bwm-ngeports the bandwidth, loss, and other parameters. Note: A binary version of the "old" iperf 2.0.5 that should run on most Linux distributions is in the directory ./bin1.	https://github.com/esnet/iperf
ipscan	3.9.2	2023	GUI	A cross-platform network scanner written in Java that is fast and simple to use	https://github.com/angryip/ipscan/releases old releases: https://sourceforge.net/projects/ipscan/
iptraf	3.0.0	2005	cli	IPTraf is a console-based network statistics utility for Linux.	http://iptraf.seul.org/index.html
iptraf-ng	1.2.1	2020	cli	iptraf-ng is a fork of the original iptraf-3.0.0 Hints for compiling iptraf-ng 05.09.2020 /bs New versions of iptraf-ng require the definition of PACKET_USER and PACKET_KERNEL. These definitions are missing in older Linux versions. Therefor the compile script for iptraf-ng checks if PACKET_USER is defined in the file /usr/include/linux/if_packet.h. If the definition is missing the compile script will compile the old version of iptraf-ng in the directory ${JWM_DIR}/src/old/iptraf-ng. (see also here)	https://github.com/iptraf-ng/iptraf-ng
iptstate	2.2.7	2021	cli	IPTState is a top-like interface to your netfilter connection-tracking table.
itop		2012	cli	itop monitors the interrupts of a system in real time	http://www.void.gr/kargig/blog/2012/06/24/interrupts-top-like-utility-for-linux/
JDiskReport	1.4.1	.2014	GUI	"JDiskReport enables you to understand how much space the files and directories consume on your disk drives, and it helps you find obsolete files and folders. The tool analyses your disk drives and collects several statistics which you can view as overview charts and details tables."	http://www.jgoodies.com/freeware/jdiskreport/
jnettop	0.13	2006	cli	jnettop is a traffic visualiser, which captures traffic going through the host it is running from and displays streams sorted by bandwidth they use.	https://sourceforge.net/projects/jnettop/files/
justniffer	0.5.14	2014	cli	justniffer is a network sniffer Hints for compiling justniffer Compiling justniffer requires boost version 1.46 or newer. If you do not want to install a new boost version you can compile justniffer using a boost staging area. See also the hint below regarding GENL_ID_GENERATE. Update 13.09.2020 boost_regex missing error If the configure script complains about a missing library boost_regex the real missing library might be libboost_program_options.so: `checking whether the Boost::Regex library is available... yeschecking for exit in -lboost_regex... yes``checking whether the Boost::Program_Options library is available... yes``configure: error: Could not link against boost_regex !`	http://justniffer.sourceforge.net/ https://sourceforge.net/projects/justniffer/?source=directory
latencytop	0.5	2009	cli	view process latencies	http://www.latencytop.org
lxtx	1.1.12	2016	cli	A simple command line program, like vmstat, sar, or iostat. Note: There is no source code available for this tool.	http://ontune.us/lxtx/
lynis	3.0.9	2023	cli	Lynis is a security auditing tool for UNIX derivatives like Linux, macOS, BSD, Solaris, AIX, and others	https://cisofy.com/download/lynis/
manServer	1.07 ma1	2006	WebGUI	manServer - convert manual pages to HTML for viewing with a web browser. Use start_stop_manserver.sh to start or stop the JWM / Linux manServer.
memconf	3.16	2022	cli	Identify sizes of memory modules installed on a Solaris, Linux, FreeBSD or HP-UX workstation or server.	http://sourceforge.net/projects/memconf/
memstat	1.0.0	?	cli	memstat is a small proc-based utility designed to help the system administrator figure out what's consuming memory	https://www.gnu.org/software/hurd/user/tlecarrour/memstat.html
monitor_system.sh	1.0.0	2018	cli	monitor_system.sh is a simple wrapper script to start one or more monitor commands -- for further details see the documentation for the script.
mpathstat.py	1.1	2016	cli	Python script to sort the output of iostat for better monitoring of multipathed devices	http://prefetch.net/blog/index.php/2016/10/24/displaying-multi-path-statistics-on-linux-systems/
mtr	0.92	2017	cli	mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.	http://www.bitwizard.nl/mtr/
nano	7.2	2023	cli	nano is a small visual editor	https://nano-editor.org/
netcat	0.7.1	2004	cli	The GNU Netcat	http://netcat.sourceforge.net/
netdata	1.44.3	2024	WebGUI	real time performance monitoring in a Web dashboard Very short netdata usage help To use netdata start the daemon: /var/tmp/jwm/netdata/usr/bin/netdata (or use the script netdata.sh) Then connect via WebBrowser to http://127.0.0.1:19999/ To view the config use: http://127.0.0.1:19999/netdata.conf Note: Please make sure that all files and sub directories in the directory ${JWM_DIR}/netdata are owned by the user executing netdata Hints for compiling netdata netdata needs the develop package for libuv-1 or a newer version. This package is currently [as of 10.08.2020] not available in the standard repositories for RHEL 8.x or CentOS 8.x (neither in the repositories for the base OS nor in the epel repositories. Therefor you must reinstall the package from another source (for example from the repository from okay) or download the source for the library, compile it and install it. Use the parameter --disable-cloud for the installer netdata-installer.sh as work around for this error while compiling netdata: externaldeps/libwebsockets/libwebsockets.a(unix-caps.c.o): In function `lws_plat_drop_app_privileges':unix-caps.c:(.text+0x2d9): undefined reference to `cap_get_proc'unix-caps.c:(.text+0x2f5): undefined reference to `cap_set_flag'	https://github.com/firehol/netdata
nethogs	0.8.0	2015	cli	NetHogs is a small 'net top' tool	https://github.com/raboof/nethogs#readme
netio	1.32	2012	cli	network benchmark tool Note: For 10 GB connections netio is not that useful; use one of the other tools (for example netperf) instead.

netperf	2.7.0	2015	cli	network benchmark tool	http://www.netperf.org/netperf
netsniff-ng	0.6.7	2020	cli	netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Hints for compiling netsniff-ng netsniff-ng does not compile with the libraries and headers from JWM / Linux . You must install the latest version of the libraries to compile netsniff-ng. Compiling the version 0.6.3 will fail with the error message `staging/tools.c:485:10: error: ‘UINT64_MAX’ undeclared (first use in this function)` To fix this issue add the missing statement `#include <stdint.h>` to the file `./staging/tools.c`	http://netsniff-ng.org/
ngrep	1.47	2006	cli	grep for network traffic	http://ngrep.sourceforge.net/
nicstat	1.95	2014	cli	Network traffic statics utility for Solaris and Linux	http://sourceforge.net/projects/nicstat/
nload	0.7.4	2012	cli	nload is a console application which monitors network traffic and bandwidth usage in real time. It visualizes the in- and outgoing traffic using two graphs and provides additional info like total amount of transfered data and min/max network usage.	http://www.roland-riegel.de/nload/index.html
nmap	7.94	2023	cli	network port scanner	http://nmap.org/
nmon	16n	2023	cli	Nigel's performance Monitor for Linux Hints for compiling nmon The source code for nmon version 15+ uses functions from the math library but does not link the necessary lib for that, so compiling nmon ends with an error: `cc -o nmon_power_rhel3 lmon.c -g -O2 -D JFS -D GETUSER -Wall -D LARGEMEM -lncurses -g -D POWER` /tmp/ccLo9PxQ.o: In function `main':/var/tmp/jwm/src/nmon/lmon.c:5616: undefined reference to `ceilf'`collect2: error: ld returned 1 exit status` To get around this edit the makefile and change the line `LDFLAGS=-lncurses -g` to `LDFLAGS=-lncurses -g -lm` Included are also nmonchart: "nmonchart is a Korn shell script for AIX or Linux to convert nmon collected files to a webpage (.html) including Google Chart and JavaScript to display the top 53+ AIX and Linux Performance Graphs and configuration details" and the Java Nmon Analyzer "The Java Nmon analyser is a free, open source analyser tool which is helpful in analyzing performance data captured using the nmon performance tool. and real-time monitor the Linux/AIX 's performance base on nmon." There are other tools to use the data collected by nmon - see the list of other tools not included in JWM / Linux below.	nmon and nmon chart: http://nmon.sourceforge.net/pmwiki.php nmon Analyzer: https://sourceforge.net/projects/jnmonanalyser/
numatop	1.0.4	2015	cli	NumaTOP is an observation tool for runtime memory locality characterization and analysis of processes and threads running on a NUMA system. It helps the user characterize the NUMA behavior of processes and threads and identify where the NUMA-related performance bottlenecks reside. NumaTOP Requirements NumaTOP requires a special patch which supports PEBS Load Latency functionality. The patch has not been integrated in 3.8 (probably it will be integrated in 3.9). Numatop is supported on Intel Xeon processors: 5500-series, 6500/7500-series, 5600 series, E7-x8xx-series, and E5-16xx/24xx/26xx/46xx-series. E5-16xx/24xx/26xx/46xx-series had better be updated to latest CPU microcode (microcode must be 0x618+ or 0x70c+).	https://01.org/numatop
oprofile	1.4.0	2020	cli	OProfile is a system-wide profiler for Linux systems, capable of profiling all running code at low overhead Note: The binary operf will only be compiled if the kernel supports the necessary events.	http://oprofile.sourceforge.net/news/
p0f	3.09b	2016	cli	P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).	http://lcamtuf.coredump.cx/p0f3/
pagemon	0.02.04	2024	cli	pagemon is an interactive memory/page monitoring tool allowing one to browse the memory map of an active running process on Linux.	https://github.com/ColinIanKing/pagemon
pchar	1.5	2005	cli	pchar is a tool to characterize the bandwidth, latency, and loss of links along an end-to-end path through the Internet. Hints for compiling pchar If compiling pchar with make fails with saying something like "SO_BSDCOMPAT not defined" temporary add `#define SO_BSDCOMPAT 14` to the file `/usr/include/asm-generic/socket.h` The compile script in JWM / Linux adds this statement to the include file pc.h from pchar if neccessary. The usage of the abs function in the pchar source file ResultTable.cc is not allowed with GCC 7.x anymore. Therefor I corrected the source file: [xtrnaw7@t61p pchar-1.5]$ diff ResultTable.cc ResultTable.cc.org 913,921c913,917 < // residuals[l] = abs(partialmins[i] - < // ((currentslope * < // column2size(i) / < // slopescale) + < // currentintercept)); < residuals[l] = partialmins[i] > ((currentslope * column2size(i) / slopescale ) + currentintercept ) ? < partialmins[i] - ((currentslope * column2size(i) / slopescale ) + currentintercept ) : < ((currentslope * column2size(i) / slopescale ) + currentintercept ) - partialmins[i] ; < --- > residuals[l] = abs(partialmins[i] - > ((currentslope * > column2size(i) / > slopescale) + > currentintercept)); 938,939c934 < // ys[l] = abs(partialmins[i] - mediany); < ys[l] = partialmins[i] > mediany ? partialmins[i] - mediany : mediany - partialmins[i] ; --- > ys[l] = abs(partialmins[i] - mediany); [xtrnaw7@t61p pchar-1.5]$ `[xtrnaw7@t61p pchar-1.5]$ ls -ltr ResultTable.cc* -rw-r--r-- 1 xtrnaw7 users 26718 Aug 13 11:35 ResultTable.cc # source w/ corrections for gcc 7.x -rw-r--r-- 1 xtrnaw7 users 26109 Aug 13 11:42 ResultTable.cc.org # original source file -rw-r--r-- 1 xtrnaw7 users 26718 Aug 13 11:42 ResultTable.cc.gc7x` `# source w/ corrections for gcc 7.x [xtrnaw7@t61p pchar-1.5]$`	http://www.kitchenlab.org/www/bmah/Software/pchar/
perftools	(2017/12/19)	2017	cli	Performance analysis tools based on Linux perf_events (aka perf) and ftrace (Brendan Gregg)	https://github.com/brendangregg/perf-tools
pigz	2.8.0	2023	cli	parallel gzip	http://zlib.net/pigz/
pktstat	1.8.5	2012	cli	pktstat displays a real-time list of active connections seen on a network interface, and how much bandwidth is being used by what. It partially decodes HTTP and FTP protocols to show what filename is being transferred, as well as X11 application names. Entries hang around on the screen for a few seconds so you can see what just happened, in short a very useful tool to figure out network connection in real time.	http://linuxpoison.blogspot.de/2010/12/top-like-utility-to-monitor-network.html
powertop	2.13	2020	cli	PowerTOP is a Linux tool to diagnose issues with power consumption and power management. In addition to being a diagnostic tool, PowerTOP also has an interactive mode where the user can experiment various power management settings for cases where the Linux distribution has not enabled these settings. Hints for compiling powertop 2.8 and older Neccessary changes in main.cpp to compile in GCC 7.x: `[xtrnaw7@t540p /var/tmp/jwm/src/powertop-2.6.1/src]$ diff main.cpp main.cpp.org` `420c420< sprintf(workload, "%s", optarg ? optarg : (char *)'\0' );` `---> sprintf(workload, "%s", optarg ? optarg :'\0' );[xtrnaw7@t540p /var/tmp/jwm/src/powertop-2.6.1/src]$`	https://01.org/powertop/
powerstat	0.04.02	2024	cli	"Powerstat measures the power consumption of a machine using the battery stats or the Intel RAPL interface. The output is like vmstat but also shows power consumption statistics. At the end of a run, powerstat will calculate the average, standard deviation and min/max of the gathered data."	https://github.com/ColinIanKing/powerstat
procdump	3.2.0	2024	cli	ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers. Hints for compiling procdump The version 1.2 of procdump can not be compiled on OS versions without definition for PTRACE_SEIZE in the file /usr/include/sys/ptrace.h. In this case the compile script compiles the version 1.1.1 of procdump Hints for compiling procdump 1.0 Changes for the source code and make file done in version 1.0 are: [xtrnaw7@rhel7-001 procdump-1.0.0]$ diff Makefile Makefile.org 3c3 < CFLAGS=-I ./include -pthread -lrt --- > CFLAGS=-I ./include -pthread [xtrnaw7@rhel7-001 procdump-1.0.0]$ [xtrnaw7@t540p /var/tmp/jwm/src/procdump-1.0.0/src]$ diff ProcDumpConfiguration.c ProcDumpConfiguration.c.org 461,462c461 < int i ; < for (i = 0; i < self->nThreads; i++) { --- > for (int i = 0; i < self->nThreads; i++) { 588,589c587,588 < int i ; < for (i = 0; i < strLen; i++) { --- > > for (int i = 0; i < strLen; i++) { [xtrnaw7@t540p /var/tmp/jwm/src/procdump-1.0.0/src]$ 40p /var/tmp/jwm/src/procdump-1.0.0/src]$ diff CoreDumpWriter.c CoreDumpWriter.c.org 184c184 < int j; --- > 186c186 < for(j = 0; j < i; j++){ --- > for(int j = 0; j < i; j++){	https://github.com/Microsoft/ProcDump-for-Linux
procenv	0.58	2016	cli	dump the current environment (see homepage for details)	http://ifdeflinux.blogspot.com/2012/10/procenv-and-process-environment.html
prtdiag	1.2	2003	cli	prtdiag is a little script that displays the hardware configuration and status of a running machine.
pspy	1.2	2019	cli	pspy - unprivileged Linux process snooping	https://github.com/DominicBreuker/pspy Note: The tar archive only contains the binary because the source file is in written in go. The source code is available on the website.
scanlogd	2.2.7	2012	cli	"scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article. Thus, unlike some of the other port scan detection tools out there, scanlogd is designed to be totally safe to use."	https://www.openwall.com/scanlogd/
screen	4.9.1		cli	screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Hints for compiling screen To compile screen the include file /usr/include/sys/stropts.h is necessary but in standard Linux distributions this file does not exist. To get around this bug do `sudo mkdir -p /usr/include/sys sudo touch /usr/include/sys/stropts.h`	https://www.gnu.org/software/screen/
smartmontools	6.6	2017	cli	smartmontools contains utility programs (smartctl, smartd) to control/monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (S.M.A.R.T.) built into most modern ATA and SCSI disks. It is derived from smartsuite.	http://sourceforge.net/projects/smartmontools/
smem	1.4	2013	cli	smem is a tool that can give numerous reports on memory usage on Linux systems. Unlike existing tools, smem can report proportional set size (PSS), which is a more meaningful representation of the amount of memory used by libraries and applications in a virtual memory system. Because large portions of physical memory are typically shared among multiple applications, the standard measure of memory usage known as resident set size (RSS) will significantly overestimate memory usage. PSS instead measures each application's "fair share" of each shared area to give a realistic measure.	https://www.selenic.com/smem/
smemstat	0.02.13	2024	cli	Smemstat reports the physical memory usage taking into consideration shared memory. The tool can either report a current snapshot of memory usage or periodically dump out any changes in memory.	https://github.com/ColinIanKing/smemstat
sockperf	3.7	2020	cli	sockperf is a network benchmarking utility over socket API that was designed for testing performance (latency and throughput) of high-performance systems (it is also good for testing performance of regular networking systems as well). It covers most of the socket API calls and options. Hints for compiling sockperf 3.5 See here if using gcc 11 or newer	https://github.com/Mellanox/sockperf
sockstat	0.4.1-1	2019	cli	"Sockstat is a tool to let you view information about open connections. It is similar to the tool of the same name that is included in FreeBSD, trying to faithfully reproduce as much functionality as is possible."	https://packages.debian.org/unstable/main/sockstat Source: https://packages.debian.org/source/sid/sockstat
stress	1.0.4	2014	cli	stress is a deliberately simple workload generator for POSIX systems. It imposes a configurable amount of CPU, memory, I/O, and disk stress on the system. It is written in C, and is free software licensed under the GPLv2.
stress-ng	0.17.05	2024	cli	stress-ng will stress test a computer system in various selectable ways. Hints for compiling stress-ng If you get the error message stress-rdrand.c:49: Error: no such instruction: `rdrand %rax' then the installed binutils are too old. Update the binutils (see Links_to libraries neccessary for JWM below) and try again 13.08.2017 /bs Changes in stress-fp-error.c from version 0.07.14 to successfully compile in ArcLinux with `[xtrnaw7@t61p /var/tmp/jwm/src/stress-ng-0.07.14]$ uname -a Linux t61p 4.12.6-1-ARCH #1 SMP PREEMPT Sat Aug 12 09:16:22 CEST 2017 x86_64 GNU/Linux [xtrnaw7@t61p /var/tmp/jwm/src/stress-ng-0.07.14]$ gcc --version gcc (GCC) 7.1.1 20170630 Copyright (C) 2017 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.[xtrnaw7@t540p /var/tmp/jwm/src/stress-ng-0.07.14]$ diff stress-fp-error.c stress-fp-error.c.org 30,44d29 < /* < neccessary code for ArcLinux (?) 13.08.2017/bs < / < #if !defined EDOM < # define EDOM 33 / Math argument out of domain of function. / < #endif < < #if !defined ERANGE < # define ERANGE 34 / Math result not representable. / < #endif < < / < end of work around for ArcLinux < / <` 18.08.2018 /bs* stress-ng needs a GCC version that supports this: `#pragma GCC diagnostic not allowed inside functions` The GCC version in Centos 6.9 does not support that. Therefor stress-ng must be compiled with a newer GCC version in Centos 6.9 (see Required GCC version on how to install a newer GCC version): `scl enable devtoolset-7 bashcd /var/tmp/jwm/compile_scripts && ./compile_stress-ng.sh` 05.09.2020 /bs New versions of stress-ng require O_PATH to be defined. But O_PATH is not defined in older Linux versions. Therefor the compile script for stress-ng checks if O_PATH is defined in the file /usr/include/asm-generic/fcntl.h . If O_PATH is not defined the compile script will compile an older version of stress-ng; the source code for the older version of stress-ng is in the directory ${JWM_DIR}/src/old/stress-ng-without_O_PATH. (see also here)	https://github.com/ColinIanKing/stress-ng
sysfsutils	2.1.0	2006	cli	This package's purpose is to provide a set of utilities for interfacing with sysfs	https://sourceforge.net/projects/linux-diag/files/sysfsutils/
sysstat	12.7.2	2023	cli	misc. tools : cifsiostat mpstat iostat pidstat sysstat tapestat Hints for compiling sysstat 18.08.2018 /bs sysstat needs a GCC version that supports the __builtin_bswap16. The GCC version in Centos 6.9 does not support that. Therefor sysstat must be compiled with a newer GCC version in Centos 6.9 (see Required GCC version on how to install a newer GCC version): `scl enable devtoolset-7 bash` `cd /var/tmp/jwm/compile_scripts && ./compile_sysstat.sh`	http://sebastien.godard.pagesperso-orange.fr/
tcpick	0.2.1	2021	cli	tcpick is a textmode sniffer libpcap-based that can track, reassemble and reorder tcp streams. Note : All patches from this page are applied: https://aur.archlinux.org/packages/tcpick/#comment-804158	http://tcpick.sourceforge.net/
t50	5.8.8	2020	cli	T50 - Experimental Mixed Packet Injector T50 (f.k.a. F22 Raptor) is a tool designed to perform "Stress Testing"	https://gitlab.com/fredericopissarra/t50
tcptrack	1.4.2	2004	cli	Monitor TCP connections on the network	no home page
tcpdump	4.99.4	2023	cli	a powerful command-line packet analyzer	http://www.tcpdump.org/
testssl.sh	3.0.6	2021	cli	testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.	https://testssl.sh/
tgkill		2014	cli	Simple command line tool to invoke tgkill(2)	https://github.com/ankon/tgkill
tiptop	2.3		cli	tiptop is a performance monitoring tool for Linux. It provides a dynamic real-time view of the tasks running in the system. tiptop is very similar to the top utility, but most of the information displayed comes from hardware counters. Requirements: Linux 2.6.31+	http://tiptop.gforge.inria.fr/
trace-cmd	2.7	2018	cli	trace-cmd: A front-end for Ftrace see also Using the ftrace interface with shell	https://git.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git/

wavemon	0.8.0	2008	cli	WLAN monitor	http://freecode.com/projects/wavemon/
zmap	2.1.1	2017	cli	a fast single packet network scanner designed for Internet-wide network surveys	https://github.com/zmap/zmap see also https://github.com/zmap/zmap/wiki

Scripts and files included in JWM / Linux

Script	Purpose	Comment
./scripts/addtimestamp	add a timestamp to every output line of an executable
./scripts/busybox_httpd.sh	start or stop the busybox httpd daemon	the htdocs directory for the httpd daemon is ${JWM_DIR}/htdocs
./scripts/collectl	wrapper script to call collectl
./scripts/collectl_top	call collectl with top like output
./scripts/collectl_top_io	call collectl with top like output with I/O
./scripts/darkstat.sh	start or stop the darkstat daemon
./scripts/execute_on_all_hosts.sh	execute a script or command on multiple hosts
./scripts/execute_tasks.sh	a wrapper script to execute tasks defined in an include file	execute_tasks.include is an sample include file for execute_tasks.sh; use `./scripts/execute_tasks.sh -v -h` to get the usage help and documentation for the script
./scripts/execute_scripts.sh	execute one or more executables in parallel or sequential sessions
./scripts/exec_snoop_wrapper.sh	a wrapper script for the execsnoop script from the perftools
./scripts/iotop*	shell scripts to start iotop
./scripts/netdata.sh	start or stop the netdata daemon
./scripts/open_snoop_wrapper.sh	a wrapper script for the opensnoop script from the perftools
./scripts/opensnoop1	a patched version of the opensnoop script from the perftools
./scripts/start_stop_manserver.sh	start or stop the JWM manServer
./scripts/compile_justniffer_with_boost.sh	script to compile justniffer with a boost staging area
./scripts/jwm.sh	script to execute a command in a temporay JWM / Linux environment
./compile_scripts/check_for_missing_libs.sh	script to check for missing libraries
./compile_scripts/add_os_packages.sh	script to install the OS packages required to compile all tools included in JWM / Linux

Note:

The scripts in the directory ./scripts not listed in the table above are part of one of the tools listed below

Develop Templates

These files/scripts can be used as template for new scripts

Script / file	Purpose	Comment
./develop/scriptt_mini.sh	simple kornshell script template with only the most useful functions
./develop/scriptt.sh	complex kornshell script template with lots of predefined variables and functions
./develop/send_monitor_login_mail.sh	a sample script to monitor a log file
./compile_scripts/compile_tool.template	a template for new compile scripts

Scripts and files for the JWM / Linux Environment

This table list the files and scripts that make up the JWM / Linux environment:

File	Type	Purpose	Comment
compile_tools.sh	script	simple wrapper script for make_tools.sh

create_archive.sh	script	create a new archive
init_session	script	start a JWM / Linux session
JWM_DESC	textfile	contains the description of the archive; this file will be (re)created by create_archive.sh before creating the new archive
jwm_env	include script	this is the include script for all other scripts in JWM / Linux that defines the necessary variables and some general functions
JWM_Linux_documentation.html	HTML page	this file
README	textfile	readme file for JWM / Linux
VERSION	textfile	contains the version of the JWM / Linux archive
NO_COMPILE_LIST	textfile	file with the list of packages that should not be compiled
compile_scripts/make_tools.sh		main script to compile the tools
compile_scripts/check_compile_status	script	view the compile status
compile_scripts/compile_<toolname>.sh	script	compile the tool <toolname>
compile_scripts/start_compiling.sh	script	help script for the compile process Note: This script is used to compile the libraries included in JWM / Linux and copy the required OS libraries to the JWM / Linux lib directory.
compile_scripts/jwml_include.inc	script	include script for the compile scripts
compile_scripts/compile_tool.template	script	template for a compile script
./lib/_DO_NOT_COPY_LIBS_	file	semaphore file to request make_tools.sh NOT to copy the OS libraries
compile_scripts/OS_LIBS	textfile	list of OS libraries that should be copied to the JWM / Linux lib directory

Aliase in JWM / Linux

The JWM / Linux init script init_session defines the following aliase:

Alias	Purpose	Comment
jwm_version	print the version of the installed JWM archive
jwm_tools	list the tools in the current JWM environment
jwm_dir	print the the JWM / Linux base directory
jwm_home	change the working directory to the JWM / Linux base directory

Examples

This section contains the usage and some usage examples for the tools included in JWM / Linux. For more indepth information see either the man page or the documentation on the websites for the tools.

Note:

Most of the examples are copied from the documentation for the tools.

ack

ack is a replacement for grep written in Perl.

ack usage

[xtrnaw7@t15g /var/tmp/jwm]$ ./scripts/ack --help Usage: ack [OPTION]... PATTERN [FILES OR DIRECTORIES] Search for PATTERN in each source file in the tree from the current directory on down. If any files or directories are specified, then only those files and directories are checked. ack may also search STDIN, but only if no file or directory arguments are specified, or if one of them is "-". Default switches may be specified in an .ackrc file. If you want no dependency on the environment, turn it off with --noenv. File select actions: -f Only print the files selected, without searching. The PATTERN must not be specified. -g Same as -f, but only select files matching PATTERN. File listing actions: -l, --files-with-matches Print filenames with at least one match -L, --files-without-matches Print filenames with no matches -c, --count Print filenames and count of matching lines Searching: -i, --ignore-case Ignore case distinctions in PATTERN -S, --[no]smart-case Ignore case distinctions in PATTERN, only if PATTERN contains no upper case. Ignored if -i or -I are specified. -I, --no-ignore-case Turns on case-sensitivity in PATTERN. Negates -i and --smart-case. -v, --invert-match Invert match: select non-matching lines -w, --word-regexp Force PATTERN to match only whole words -Q, --literal Quote all metacharacters; PATTERN is literal --range-start PATTERN Specify PATTERN as the start of a match range. --range-end PATTERN Specify PATTERN as the end of a match range. --match PATTERN Specify PATTERN explicitly. Typically omitted. Search output: --output=expr Output the evaluation of expr for each line (turns off text highlighting) -o Show only the part of a line matching PATTERN Same as --output='$&' --passthru Print all lines, whether matching or not -m, --max-count=NUM Stop searching in each file after NUM matches -1 Stop searching after one match of any kind -H, --with-filename Print the filename for each match (default: on unless explicitly searching a single file) -h, --no-filename Suppress the prefixing filename on output --[no]column Show the column number of the first match -A NUM, --after-context=NUM Print NUM lines of trailing context after matching lines. -B NUM, --before-context=NUM Print NUM lines of leading context before matching lines. -C [NUM], --context[=NUM] Print NUM lines (default 2) of output context. --print0 Print null byte as separator between filenames, only works with -f, -g, -l, -L or -c. -s Suppress error messages about nonexistent or unreadable files. File presentation: --pager=COMMAND Pipes all ack output through COMMAND. For example, --pager="less -R". Ignored if output is redirected. --nopager Do not send output through a pager. Cancels any setting in ~/.ackrc, ACK_PAGER or ACK_PAGER_COLOR. --[no]heading Print a filename heading above each file's results. (default: on when used interactively) --[no]break Print a break between results from different files. (default: on when used interactively) --group Same as --heading --break --nogroup Same as --noheading --nobreak -p, --proximate=LINES Separate match output with blank lines unless they are within LINES lines from each other. -P, --proximate=0 Negates --proximate. --[no]underline Print a line of carets under the matched text. --[no]color, --[no]colour Highlight the matching text (default: on unless output is redirected, or on Windows) --color-filename=COLOR --color-match=COLOR --color-colno=COLOR --color-lineno=COLOR Set the color for filenames, matches, line and column numbers. --help-colors Show a list of possible color combinations. --help-rgb-colors Show a list of advanced RGB colors. --flush Flush output immediately, even when ack is used non-interactively (when output goes to a pipe or file). File finding: --sort-files Sort the found files lexically. --show-types Show which types each file has. --files-from=FILE Read the list of files to search from FILE. -x Read the list of files to search from STDIN. File inclusion/exclusion: --[no]ignore-dir=name Add/remove directory from list of ignored dirs --[no]ignore-directory=name Synonym for ignore-dir --ignore-file=FILTER:ARGS Add filter for ignoring files. -r, -R, --recurse Recurse into subdirectories (default: on) -n, --no-recurse No descending into subdirectories --[no]follow Follow symlinks. Default is off. File type inclusion/exclusion: -t X, --type=X Include only X files, where X is a filetype, e.g. python, html, markdown, etc -T X, --type=noX Exclude X files, where X is a filetype. -k, --known-types Include only files of types that ack recognizes. --help-types Display all known types, and how they're defined. File type specification: --type-set=TYPE:FILTER:ARGS Files with the given ARGS applied to the given FILTER are recognized as being of type TYPE. This replaces an existing definition for TYPE. --type-add=TYPE:FILTER:ARGS Files with the given ARGS applied to the given FILTER are recognized as being type TYPE. --type-del=TYPE Removes all filters associated with TYPE. Miscellaneous: --version Display version & copyright --[no]env Ignore environment variables and global ackrc files. --env is legal but redundant. --ackrc=filename Specify an ackrc file to use --ignore-ack-defaults Ignore default definitions included with ack. --create-ackrc Outputs a default ackrc for your customization to standard output. --dump Dump information on which options are loaded and where they're defined. --[no]filter Force ack to treat standard input as a pipe (--filter) or tty (--nofilter) --help This help --man Print the manual. --help-types Display all known types, and how they're defined. --help-colors Show a list of possible color combinations. --help-rgb-colors Show a list of advanced RGB colors. --thpppt Bill the Cat --bar The warning admiral --cathy Chocolate! Chocolate! Chocolate! Filter specifications: If FILTER is "ext", ARGS is a list of extensions checked against the file's extension. If FILTER is "is", ARGS must match the file's name exactly. If FILTER is "match", ARGS is matched as a case-insensitive regex against the filename. If FILTER is "firstlinematch", ARGS is matched as a regex the first line of the file's contents. Exit status is 0 if match, 1 if no match. ack's home page is at https://beyondgrep.com/ The full ack manual is available by running "ack --man". This is version v3.5.0 of ack. Run "ack --version" for full version info. [xtrnaw7@t15g /var/tmp/jwm]$

amap

"Amap is a next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal.
It also identifies non-ascii based applications. This is achieved by sending trigger packets, and looking up the responses in a list of response strings. "

amap usage

[xtrnaw7@t540p /var/tmp/jwm/src/amap-5.4]$ /var/tmp/jwm/bin/amap -h amap v5.4 (c) 2011 by van Hauser <vh@thc.org> www.thc.org/thc-amap Syntax: /var/tmp/jwm/bin/amap [-A|-B|-P|-W] [-1buSRHUdqv] [[-m] -o <file>] [-D <file>] [-t/-T sec] [-c cons] [-C retries] [-p proto] [-i <file>] [target port [port] ...] Modes: -A Map applications: send triggers and analyse responses (default) -B Just grab banners, do not send triggers -P No banner or application stuff - be a (full connect) port scanner Options: -1 Only send triggers to a port until 1st identification. Speeeeed! -6 Use IPv6 instead of IPv4 -b Print ascii banner of responses -i FILE Nmap machine readable outputfile to read ports from -u Ports specified on commandline are UDP (default is TCP) -R / -S Do NOT identify RPC / SSL services -H Do NOT send application triggers marked as potentially harmful -U Do NOT dump unrecognised responses (better for scripting) -d Dump all responses -v Verbose mode, use twice (or more!) for debug (not recommended :-) -q Do not report closed ports, and do not print them as unidentified -o FILE [-m] Write output to file FILE, -m creates machine readable output -c CONS Amount of parallel connections to make (default 32, max 256) -C RETRIES Number of reconnects on connect timeouts (see -T) (default 3) -T SEC Connect timeout on connection attempts in seconds (default 5) -t SEC Response wait timeout in seconds (default 5) -p PROTO Only send triggers for this protocol (e.g. ftp) TARGET PORT The target address and port(s) to scan (additional to -i) amap is a tool to identify application protocols on target ports. Usage hint: Options "-bqv" are recommended, add "-1" for fast/rush checks. [xtrnaw7@t540p /var/tmp/jwm/src/amap-5.4]$

arp-scan

arp-scan is a command-line tool for system discovery and fingerprinting. It constructs and sends ARP requests to the specified IP addresses, and displays any responses that are received.

arp-scan usage

[xtrnaw7@t540p /var/tmp/jwm/src/arp-scan-1.10.1]$ /var/tmp/jwm/bin/arp-scan --help Usage: arp-scan [options] [hosts...] Target hosts must be specified on the command line unless the --file option is given, in which case the targets are read from the specified file instead, or the --localnet option is used, in which case the targets are generated from the network interface IP address and netmask. You will need to be root, or arp-scan must be SUID root, in order to run arp-scan, because the functions that it uses to read and write packets require root privilege. The target hosts can be specified as IP addresses or hostnames. You can also specify the target as IPnetwork/bits (e.g. 192.168.1.0/24) to specify all hosts in the given network (network and broadcast addresses included), or IPstart-IPend (e.g. 192.168.1.3-192.168.1.27) to specify all hosts in the inclusive range, or IPnetwork:NetMask (e.g. 192.168.1.0:255.255.255.0) to specify all hosts in the given network and mask. These different options for specifying target hosts may be used both on the command line, and also in the file specified with the --file option. Options: Note: where an option takes a value, that value is specified as a letter in angle brackets. The letter indicates the type of data that is expected: <s> A character string, e.g. --file=hostlist.txt. An integer, which can be specified as a decimal number or as a hexadecimal number if preceded with 0x, e.g. --arppro=2048 or --arpro=0x0800. <f> A floating point decimal number, e.g. --backoff=1.5. <m> An Ethernet MAC address, which can be specified either in the format 01:23:45:67:89:ab, or as 01-23-45-67-89-ab. The alphabetic hex characters may be either upper or lower case. E.g. --arpsha=01:23:45:67:89:ab. <a> An IPv4 address, e.g. --arpspa=10.0.0.1 <h> Binary data specified as a hexadecimal string, which should not include a leading 0x. The alphabetic hex characters may be either upper or lower case. E.g. --padding=aaaaaaaaaaaa <x> Something else. See the description of the option for details. --help or -h Display this usage message and exit. --file=<s> or -f <s> Read hostnames or addresses from the specified file instead of from the command line. One name or IP address per line. Use "-" for standard input. --localnet or -l Generate addresses from network interface configuration. Use the network interface IP address and network mask to generate the list of target host addresses. The list will include the network and broadcast addresses, so an interface address of 10.0.0.1 with netmask 255.255.255.0 would generate 256 target hosts from 10.0.0.0 to 10.0.0.255 inclusive. If you use this option, you cannot specify the --file option or specify any target hosts on the command line. The interface specifications are taken from the interface that arp-scan will use, which can be changed with the --interface option. --retry= or -r Set total number of attempts per host to , default=2. --retry-send= or -Y Set total number of send packet attempts to , default=20. --retry-send-interval= or -E Set interval between send packet attempts to . The interval specified is in milliseconds by default. or in microseconds if "u" is appended to the value. default=5. --timeout= or -t Set initial per host timeout to ms, default=500. This timeout is for the first packet sent to each host. subsequent timeouts are multiplied by the backoff factor which is set with --backoff. --interval=<x> or -i <x> Set minimum packet interval to <x>. This controls the outgoing bandwidth usage by limiting the rate at which packets can be sent. The packet interval will be no smaller than this number. If you want to use up to a given bandwidth, then it is easier to use the --bandwidth option instead. The interval specified is in milliseconds by default, or in microseconds if "u" is appended to the value. --bandwidth=<x> or -B <x> Set desired outbound bandwidth to <x>, default=256000. The value is in bits per second by default. If you append "K" to the value, then the units are kilobits per sec; and if you append "M" to the value, the units are megabits per second. The "K" and "M" suffixes represent the decimal, not binary, multiples. So 64K is 64000, not 65536. You cannot specify both --interval and --bandwidth because they are just different ways to change the same underlying parameter. --backoff=<f> or -b <f> Set timeout backoff factor to <f>, default=1.50. The per-host timeout is multiplied by this factor after each timeout. So, if the number of retries is 3, the initial per-host timeout is 500ms and the backoff factor is 1.5, then the first timeout will be 500ms, the second 750ms and the third 1125ms. --verbose or -v Display verbose progress messages. Use more than once for greater effect: 1 - Display the network address and mask used when the --localnet option is specified, display any nonzero packet padding, display packets received from unknown hosts, and show when each pass through the list completes. 2 - Show each packet sent and received, when entries are removed from the list, the pcap filter string, and counts of MAC/Vendor mapping entries. 3 - Display the host list before scanning starts. --version or -V Display program version and exit. --random or -R Randomise the host list. This option randomises the order of the hosts in the host list, so the ARP packets are sent to the hosts in a random order. It uses the Knuth shuffle algorithm. --randomseed= Use to seed the pseudo random number generator. This option seeds the PRNG with the specified number, which can be useful if you want to ensure that the random host list is reproducible. By default, the PRNG is seeded with an unpredictable value. This option is only effective in conjunction with the --random (-R) option. --numeric or -N IP addresses only, no hostnames. With this option, all hosts must be specified as IP addresses. Hostnames are not permitted. No DNS lookups will be performed. --snap= or -n Set the pcap snap length to . Default=64. This specifies the frame capture length. This length includes the data-link header. The default is normally sufficient. --interface=<s> or -I <s> Use network interface <s>. If this option is not specified, arp-scan will search the system interface list for the lowest numbered, configured up interface (excluding loopback). The interface specified must support ARP. --quiet or -q Only display minimal output. No protocol decoding. If this option is specified, then only the IP address and MAC address are displayed for each responding host. No protocol decoding is performed and the OUI mapping files are not used. --plain or -x Display plain output showing only responding hosts. This option suppresses the printing of the header and footer text, and only displays one line for each responding host. Useful if the output will be parsed by a script. --ignoredups or -g Don't display duplicate packets. By default, duplicate packets are displayed and are flagged with "(DUP: n)". --ouifile=<s> or -O <s> Use IEEE Ethernet OUI to vendor mapping file <s>. If this option is not specified, the default filename is ieee-oui.txt in the current directory. If that is not found, then the file //var/tmp/jwm/share/arp-scan/ieee-oui.txt is used. --iabfile=<s> or -O <s> Use IEEE Ethernet IAB to vendor mapping file <s>. If this option is not specified, the default filename is ieee-iab.txt in the current directory. If that is not found, then the file //var/tmp/jwm/share/arp-scan/ieee-iab.txt is used. --macfile=<s> or -O <s> Use custom Ethernet MAC to vendor mapping file <s>. If this option is not specified, the default filename is mac-vendor.txt in the current directory. If that is not found, then the file //var/tmp/jwm/share/arp-scan/mac-vendor.txt is used. --srcaddr=<m> or -S <m> Set the source Ethernet MAC address to <m>. This sets the 48-bit hardware address in the Ethernet frame header for outgoing ARP packets. It does not change the hardware address in the ARP packet, see --arpsha for details on how to change that address. The default is the Ethernet address of the outgoing interface. --destaddr=<m> or -T <m> Send the packets to Ethernet MAC address <m> This sets the 48-bit destination address in the Ethernet frame header. The default is the broadcast address ff:ff:ff:ff:ff:ff. Most operating systems will also respond if the ARP request is sent to their MAC address, or to a multicast address that they are listening on. --arpsha=<m> or -u <m> Use <m> as the ARP source Ethernet address This sets the 48-bit ar$sha field in the ARP packet It does not change the hardware address in the frame header, see --srcaddr for details on how to change that address. The default is the Ethernet address of the outgoing interface. --arptha=<m> or -w <m> Use <m> as the ARP target Ethernet address This sets the 48-bit ar$tha field in the ARP packet The default is zero, because this field is not used for ARP request packets. --prototype= or -y Set the Ethernet protocol type to , default=0x0806. This sets the 16-bit protocol type field in the Ethernet frame header. Setting this to a non-default value will result in the packet being ignored by the target, or sent to the wrong protocol stack. --arphrd= or -H Use for the ARP hardware type, default=1. This sets the 16-bit ar$hrd field in the ARP packet. The normal value is 1 (ARPHRD_ETHER). Most, but not all, operating systems will also respond to 6 (ARPHRD_IEEE802). A few systems respond to any value. --arppro= or -p Use for the ARP protocol type, default=0x0800. This sets the 16-bit ar$pro field in the ARP packet. Most operating systems only respond to 0x0800 (IPv4) but some will respond to other values as well. --arphln= or -a Set the hardware address length to , default=6. This sets the 8-bit ar$hln field in the ARP packet. It sets the claimed length of the hardware address in the ARP packet. Setting it to any value other than the default will make the packet non RFC compliant. Some operating systems may still respond to it though. Note that the actual lengths of the ar$sha and ar$tha fields in the ARP packet are not changed by this option; it only changes the ar$hln field. --arppln= or -P Set the protocol address length to , default=4. This sets the 8-bit ar$pln field in the ARP packet. It sets the claimed length of the protocol address in the ARP packet. Setting it to any value other than the default will make the packet non RFC compliant. Some operating systems may still respond to it though. Note that the actual lengths of the ar$spa and ar$tpa fields in the ARP packet are not changed by this option; it only changes the ar$pln field. --arpop= or -o Use for the ARP operation, default=1. This sets the 16-bit ar$op field in the ARP packet. Most operating systems will only respond to the value 1 (ARPOP_REQUEST). However, some systems will respond to other values as well. --arpspa=<a> or -s <a> Use <a> as the source IP address. The address should be specified in dotted quad format; or the literal string "dest", which sets the source address to be the same as the target host address. This sets the 32-bit ar$spa field in the ARP packet. Some operating systems check this, and will only respond if the source address is within the network of the receiving interface. Others don't care, and will respond to any source address. By default, the outgoing interface address is used. WARNING: Setting ar$spa to the destination IP address can disrupt some operating systems, as they assume there is an IP address clash if they receive an ARP request for their own address. --padding=<h> or -A <h> Specify padding after packet data. Set the padding data to hex value <h>. This data is appended to the end of the ARP packet, after the data. Most, if not all, operating systems will ignore any padding. The default is no padding, although the Ethernet driver on the sending system may pad the packet to the minimum Ethernet frame length. --llc or -L Use RFC 1042 LLC framing with SNAP. This option causes the outgoing ARP packets to use IEEE 802.2 framing with a SNAP header as described in RFC 1042. The default is to use Ethernet-II framing. arp-scan will decode and display received ARP packets in either Ethernet-II or IEEE 802.2 formats irrespective of this option. --vlan= or -Q Use 802.1Q tagging with VLAN id . This option causes the outgoing ARP packets to use 802.1Q VLAN tagging with a VLAN ID of , which should be in the range 0 to 4095 inclusive. arp-scan will always decode and display received ARP packets in 802.1Q format irrespective of this option. --pcapsavefile=<s> or -W <s> Write received packets to pcap savefile <s>. This option causes received ARP responses to be written to the specified pcap savefile as well as being decoded and displayed. This savefile can be analysed with programs that understand the pcap file format, such as "tcpdump" and "wireshark". --rtt or -D Display the packet round-trip time. Report bugs or send suggestions at https://github.com/royhills/arp-scan See the arp-scan homepage at https://github.com/royhills/arp-scan [xtrnaw7@t540p /var/tmp/jwm/src/arp-scan-1.10.1]$

arp-scan examples

[xtrnaw7@t540p /var/tmp/jwm/src/arp-scan-1.10.1]$ sudo /var/tmp/jwm/bin/arp-scan --interface=enp0s25 --localnet Interface: enp0s25, type: EN10MB, MAC: 54:ee:75:05:d4:4e, IPv4: 192.168.1.164 Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan) 192.168.1.1 78:94:b4:4f:b9:e4 Sercomm Corporation. 192.168.1.64 08:00:27:f7:c0:ac PCS Systemtechnik GmbH 192.168.1.151 1c:c1:de:83:dc:33 Hewlett Packard 192.168.1.170 8c:16:45:a0:d8:ee LCFC(HeFei) Electronics Technology co., ltd 192.168.1.240 dc:a6:32:d2:3d:a4 Raspberry Pi Trading Ltd 192.168.1.249 00:92:58:00:72:67 (Unknown) 192.168.1.251 00:22:2d:7f:b0:8f SMC Networks Inc. 192.168.1.253 b0:39:56:19:90:3e NETGEAR 8 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.9.7: 256 hosts scanned in 1.915 seconds (133.68 hosts/sec). 8 responded [xtrnaw7@t540p /var/tmp/jwm/src/arp-scan-1.10.1]$

arping

arping is a util to find out if a specific IP address on the LAN is 'taken' and what MAC address owns it. Sure, you *could* just use 'ping' to find out if it's taken and even if the computer blocks ping (and everything else) you still get an entry in your ARP cache. But what if you aren't on a routable net? Or the host blocks ping (all ICMP even)? Then you're screwed. Or you use arping.

arping usage

[xtrnaw7@t540p /data/download/arping-arping-2.x]$ ./src/arping --helpARPing 2.19, by Thomas Habets <thomas@habets.se>usage: arping [ -0aAbdDeFpPqrRuUv ] [ -w <sec> ] [ -W <sec> ] [ -S <host/ip> ] [ -T <host/ip ] [ -s <MAC> ] [ -t <MAC> ] [ -c <count> ] [ -C <count> ] [ -i <interface> ] [ -m <type> ] [ -g <group> ] [ -V <vlan> ] [ -Q <priority> ] <host/ip/MAC | -B>Options: -0 Use this option to ping with source IP address 0.0.0.0. Use this when you haven't configured your interface yet. Note that this may get the MAC-ping unanswered. This is an alias for -S 0.0.0.0. -a Audiable ping. -A Only count addresses matching requested address (This *WILL* break most things you do. Only useful if you are arpinging many hosts at once. See arping-scan-net.sh for an example). -b Like -0 but source broadcast source address (255.255.255.255). Note that this may get the arping unanswered since it's not nor- mal behavior for a host. -B Use instead of host if you want to address 255.255.255.255. -c count Only send count requests. -C count Only wait for this many replies, regardless of -c and -w. -d Find duplicate replies. Exit with 1 if there are answers from two different MAC addresses. -D Display answers as exclamation points and missing packets as dots. -e Like -a but beep when there is no reply. -F Don't try to be smart about the interface name. (even if this switch is not given, -i overrides smartness) -g group setgid() to this group instead of the nobody group. -h Displays a help message and exits. -i interface Use the specified interface. -m type Type of timestamp to use for incoming packets. Use -vv when pinging to list available ones. -q Does not display messages, except error messages. -Q pri 802.1p priority to set. Should be used with 802.1Q (-V). Defaults to 0. -r Raw output: only the MAC/IP address is displayed for each reply. -R Raw output: Like -r but shows "the other one", can be combined with -r. -s MAC Set source MAC address. You may need to use -p with this. -S IP Like -b and -0 but with set source address. Note that this may get the arping unanswered if the target does not have routing to the IP. If you don't own the IP you are using, you may need to turn on promiscious mode on the interface (with -p). With this switch you can find out what IP-address a host has without tak- ing an IP-address yourself. -t MAC Set target MAC address to use when pinging IP address. -T IP Use -T as target address when pinging MACs that won't respond to a broadcast ping but perhaps to a directed broadcast. Example: To check the address of MAC-A, use knowledge of MAC-B and IP-B. $ arping -S <IP-B> -s <MAC-B> -p <MAC-A> -p Turn on promiscious mode on interface, use this if you don't "own" the MAC address you are using. -P Send ARP replies instead of requests. Useful with -U. -u Show index=received/sent instead of just index=received when pinging MACs. -U Send unsolicited ARP. -v Verbose output. Use twice for more messages. -V num 802.1Q tag to add. Defaults to no VLAN tag. -w sec Specify a timeout before ping exits regardless of how manypackets have been sent or received. -W sec Time to wait between pings.Report bugs to: thomas@habets.seArping home page: <http://www.habets.pp.se/synscan/>Development repo: http://github.com/ThomasHabets/arping[xtrnaw7@t540p /data/download/arping-arping-2.x]$

arping example

[xtrnaw7@t540p /var/tmp/jwm/sbin]$ ./arping 192.168.1.151arping: libnet_init(LIBNET_LINK, <null>): libnet_open_link(): UID/EUID 0 or capability CAP_NET_RAW requiredarping: you may need to run as root[xtrnaw7@t540p /var/tmp/jwm/sbin]$ sudo ./arping 192.168.1.151ARPING 192.168.1.15160 bytes from 1c:c1:de:83:dc:24 (192.168.1.151): index=0 time=219.432 usec60 bytes from 1c:c1:de:83:dc:24 (192.168.1.151): index=1 time=224.237 usec60 bytes from 1c:c1:de:83:dc:24 (192.168.1.151): index=2 time=204.635 usec^C--- 192.168.1.151 statistics ---3 packets transmitted, 3 packets received, 0% unanswered (0 extra)rtt min/avg/max/std-dev = 0.205/0.216/0.224/0.008 ms[xtrnaw7@t540p /var/tmp/jwm/sbin]$

atop

atop is a replacement for top.

atop usage

[xtrnaw7@t15g /var/tmp/jwm/src]$ ../bin/atop --help ../bin/atop: invalid option -- '-' Usage: ../bin/atop [-flags] [interval [samples]] or Usage: ../bin/atop -w file [-S] [-a] [interval [samples]] ../bin/atop -r [file] [-b [YYYYMMDD]hhmm[ss]] [-e [YYYYMMDD]hhmm[ss]] [-flags] generic flags: -B show bar graphs for system statistics -H show bar graphs without categories -V show version information -a show or log all processes (i.s.o. active processes only) -R calculate proportional set size (PSS) per process -W determine WCHAN (string) per thread -P generate parsable output for specified label(s) -J generate JSON output for specified label(s) -Z no spaces in parsable output for command (line) -L alternate line length (default 80) in case of non-screen output -z prepend regex matching environment variables to command line -f show fixed number of lines with system statistics -F suppress sorting of system resources -G suppress exited processes in output -l show limited number of lines for certain resources -y show threads within process -Y sort threads (when combined with 'y') -1 show average-per-second i.s.o. total values -x no colors in case of high occupation -g show general process-info (default) -m show memory-related process-info -d show disk-related process-info -n show network-related process-info -s show scheduling-related process-info -v show various process-info (ppid, user/group, date/time) -c show command line per process -X show cgroup v2 info per process -o show own defined process-info -u show cumulated process-info per user -p show cumulated process-info per program (i.e. same name) -j show cumulated process-info per container/pod -C sort processes in order of cpu consumption (default) -M sort processes in order of memory consumption -D sort processes in order of disk activity -N sort processes in order of network activity -E sort processes in order of GPU activity -A sort processes in order of most active resource (auto mode) specific flags for raw logfiles: -w write raw data to file (compressed) -r read raw data from file (compressed) symbolic file: y[y...] for yesterday (repeated) file name '-': read raw data from stdin -S finish atop automatically before midnight (i.s.o. #samples) -b begin showing data from specified date/time -e finish showing data after specified date/time interval: number of seconds (minimum 0) samples: number of intervals (minimum 1) If the interval-value is zero, a new sample can be forced manually by sending signal USR1 (kill -USR1 pid_atop) or with the keystroke 't' in interactive mode. Please refer to the man-page of 'atop' for more details. [xtrnaw7@t15g /var/tmp/jwm/src]$

bashtop

bashtop is a "Resource monitor that shows usage and stats for processor, memory, disks, network and processes." (see also bpytop; (see also the new C++ version of btop)

bmon

"bmon is a monitoring and debugging tool to capture networking related statistics and prepare them visually in a human friendly way. It features various output methods including an interactive curses user interface and a programmable text output for scripting."

bmon usage

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/bin]$ ./bmon -h bmon 3.9 Copyright (C) 2001-2015 by Thomas Graf <tgraf@suug.ch> Copyright (C) 2013 Red Hat, Inc. bmon comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the source code for details. Usage: bmon [OPTION]... Options: Startup: -i, --input=MODPARM Input module(s) -o, --output=MODPARM Output module(s) -f, --configfile=PATH Alternative path to configuration file -h, --help Show this help text -V, --version Show version Input: -p, --policy=POLICY Element display policy (see below) -a, --show-all Show all elements (even disabled elements) -r, --read-interval=FLOAT Read interval in seconds (float) -R, --rate-interval=FLOAT Rate interval in seconds (float) -s, --sleep-interval=FLOAT Sleep time in seconds (float) -L, --lifetime=LIFETIME Lifetime of an element in seconds (float) Output: -U, --use-si Use SI units -b, --use-bit Display in bits instead of bytes Module configuration: modparm := MODULE:optlist,MODULE:optlist,... optlist := option;option;... option := TYPE[=VALUE] Examples: -o curses:ngraph=2 -o list # Shows a list of available modules -o curses:help # Shows a help text for html module Interface selection: policy := [!]simple_regexp,[!]simple_regexp,... Example: -p 'eth*,lo*,!eth1' Please see the bmon(1) man pages for full documentation. [JWM session] [xtrnaw7@t540p /var/tmp/jwm/bin]$

bonnie++

"Bonnie++ is a benchmark suite that is aimed at performing a number of simple tests of hard drive and file system performance. Then you can decide which test is important and decide how to compare different systems after running it. I have no plans to ever have it produce a single number, because I don't think that a single number can be useful when comparing such things.
The main program tests database type access to a single file (or a set of files if you wish to test more than 1G of storage), and it tests creation, reading, and deleting of small files which can simulate the usage of programs such as Squid, INN, or Maildir format email.
The ZCAV program which I initially released as a seperate package tests the performance of different zones of a hard drive. It does not write any data (so you can use it on full file systems). It can show why comparing the speed of Windows at the start of a hard drive to Linux at the end of the hard drive (typical dual-boot scenario) isn't a valid comparison.
Bonnie++ was based on the code for Bonnie by Tim Bray. "

bonnie++ usage

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ bonnie++ -h bonnie++: invalid option -- 'h' usage: bonnie++ [-d scratch-dir] [-s size(MiB)[:chunk-size(b)]] [-n number-to-stat[:max-size[:min-size][:num-directories]]] [-m machine-name] [-r ram-size-in-MiB] [-x number-of-tests] [-u uid-to-use:gid-to-use] [-g gid-to-use] [-q] [-f] [-b] [-D] [-p processes | -y] Version: 1.03e

bpytop

A python version of bashtop. (see also the new C++ version of btop)

busybox

"BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. The utilities in BusyBox generally have fewer options than their full-featured GNU cousins; however, the options that are included provide the expected functionality and behave very much like their GNU counterparts. BusyBox provides a fairly complete environment for any small or embedded system.

BusyBox has been written with size-optimization and limited resources in mind. It is also extremely modular so you can easily include or exclude commands (or features) at compile time. This makes it easy to customize your embedded systems. To create a working system, just add some device nodes in /dev, a few configuration files in /etc, and a Linux kernel."

busybox is compiled for all supported tools; the binary and links are in the directory ${JWM_DIR}/busybox.

Binaries combined in busybox

[xtrnaw7@t540p /var/tmp/jwm/busybox]$ ls [ cttyhack fsck iprule mkfs.vfat raidautorun sleep ubirmvol [[ cut fsck.minix iptunnel mknod rdate smemcap ubirsvol acpid date fstrim kbd_mode mkpasswd rdev softlimit ubiupdatevol addgroup dc fsync kill mkswap readahead sort udhcpc add-shell dd ftpd killall mktemp readlink split udhcpd adduser deallocvt ftpget killall5 modinfo readprofile start-stop-daemon udpsvd adjtimex delgroup ftpput klogd modprobe realpath stat uevent ar deluser fuser last more reboot strings umount arp depmod getopt less mount reformime stty uname arping devmem getty linux32 mountpoint remove-shell su uncompress ash df grep linux64 mpstat renice sulogin unexpand awk dhcprelay groups linuxrc mt reset sum uniq base64 diff gunzip ln mv resize sv unix2dos basename dirname gzip loadfont nameif rev svlogd unlink beep dmesg halt loadkmap nanddump rm swapoff unlzma blkdiscard dnsd hd logger nandwrite rmdir swapon unlzop blkid dnsdomainname hdparm login nbd-client rmmod switch_root unshare blockdev dos2unix head logname nc route sync unxz bootchartd du hexdump logread netstat rpm sysctl unzip brctl dumpkmap hostid losetup nice rpm2cpio syslogd uptime bunzip2 dumpleases hostname lpd nmeter rtcwake tac users busybox echo httpd lpq nohup runlevel tail usleep bzcat ed hush lpr nsenter run-parts tar uudecode bzip2 egrep hwclock ls nslookup runsv tcpsvd uuencode cal eject i2cdetect lsattr ntpd runsvdir tee vconfig cat env i2cdump lsmod od rx telnet vi catv envdir i2cget lsof openvt script telnetd vlock chat envuidgid i2cset lspci passwd scriptreplay test volname chattr ether-wake id lsusb patch sed tftp wall chgrp expand ifconfig lzcat pgrep sendmail tftpd watch chmod expr ifdown lzma pidof seq time watchdog chown fakeidentd ifenslave lzop ping setarch timeout wc chpasswd false ifplugd lzopcat ping6 setconsole top wget chpst fatattr ifup makedevs pipe_progress setfont touch which chroot fbset inetd makemime pivot_root setkeycodes tr who chrt fbsplash init man pkill setlogcons traceroute whoami chvt fdflush insmod md5sum pmap setserial traceroute6 whois cksum fdformat install mdev popmaildir setsid true xargs clear fdisk ionice mesg poweroff setuidgid truncate xz cmp fgconsole iostat microcom powertop sh tty xzcat comm fgrep ip mkdir printenv sha1sum ttysize yes conspy find ipaddr mkdosfs printf sha256sum tunctl zcat cp findfs ipcalc mke2fs ps sha3sum tune2fs zcip cpio flock ipcrm mkfifo pscan sha512sum ubiattach crond fold ipcs mkfs.ext2 pstree showkey ubidetach crontab free iplink mkfs.minix pwd shuf ubimkvol cryptpw freeramdisk iproute mkfs.reiser pwdx slattach ubirename [xtrnaw7@t540p /var/tmp/jwm/busybox]$

busybox_httpd.sh

busybox_httpd.sh is a script to start or stop the busybox httpd daemon.

The current version of the script is always available here.

The usage for the script

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ ./busybox_httpd.sh --help [25.10.2016 18:52 ] ### busybox_httpd.sh started at Tue Oct 25 18:52:07 CEST 2016 busybox_httpd.sh Function: start or stop the busybox httpd daemon Usage: busybox_httpd.sh [-v|--verbose] [-q|--quiet] [-f|--force] [-p|--port httpd_port] [-h|--home homedir] [-c|--config configfile] [start [httpd_options]|stop|restart [httpd_options]|status|daemon_help] Parameter -v - verbose mode -q - quiet mode -f - force execution -p - port for httpd (default: 8080) -h - home dir , default: ${JWM_DIR}/htdocs or <script_dir>/../htdocs if JWM_DIR is not set -c - config file, default: ${JWM_DIR}/etc or <script_dir>/../etc/httpd.conf if JWM_DIR is not set -C - config file like -c but do NOT change the config file at all httpd_options - additional options for starting the httpd daemon_help - list the usage help for the busybox httpd daemon The script searches the busybox binary in these directories: - the current working directory - the directory with this script - the directory ${JWM_DIR}/busybox - the directory ${PWD}/../busybox Author: Bernd Schemmer (Bernd.Schemmer@gmx.de) [25.10.2016 18:52 ] ### busybox_httpd.sh ended at Tue Oct 25 18:52:07 CEST 2016

Examples busybox_httpd.sh

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ ./busybox_httpd.sh start [25.10.2016 18:52 ] ### busybox_httpd.sh started at Tue Oct 25 18:52:14 CEST 2016 [25.10.2016 18:52 ] Using the busybox directory based on the the environment variable JWM_DIR ("/var/tmp/jwm") [25.10.2016 18:52 ] The busybox base directory is /var/tmp/jwm [25.10.2016 18:52 ] Starting the httpd daemon ... [25.10.2016 18:52 ] Using the httpd home directory /var/tmp/jwm/htdocs [25.10.2016 18:52 ] Using the httpd config file /var/tmp/jwm/etc/httpd.conf [25.10.2016 18:52 ] The port to use for the httpd daemon is 8080 [25.10.2016 18:52 ] Preparing the environment to start the busybox httpd with php support ... [25.10.2016 18:52 ] Searching for the php-cgi binary ... [25.10.2016 18:52 ] Using the PHP binary "/usr/bin/php-cgi" ... + ./busybox/httpd '' -p 8080 -c /tmp/httpd.8080.conf -h /var/tmp/jwm/htdocs + 2>& 1 [25.10.2016 18:52 ] httpd daemon started; the PID is 573 [25.10.2016 18:52 ] Use http://localhost:8080 or http://t540p:8080 to access the httpd in your Webbrowser [25.10.2016 18:52 ] ### busybox_httpd.sh ended at Tue Oct 25 18:52:14 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ ./busybox_httpd.sh status [25.10.2016 18:52 ] ### busybox_httpd.sh started at Tue Oct 25 18:52:25 CEST 2016 [25.10.2016 18:52 ] Using the busybox directory based on the the environment variable JWM_DIR ("/var/tmp/jwm") [25.10.2016 18:52 ] The busybox base directory is /var/tmp/jwm [25.10.2016 18:52 ] The httpd daemon is running; the PID is 573 UID PID PPID C STIME TTY TIME CMD xtrnaw7 573 1 0 18:52 ? 00:00:00 ./busybox/httpd -p 8080 -c /tmp/httpd.8080.conf -h /var/tmp/jwm/htdocs [25.10.2016 18:52 ] The httpd daemon is listening on these ports: (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp6 0 0 :::8080 :::* LISTEN 573/./busybox/httpd [25.10.2016 18:52 ] ### busybox_httpd.sh ended at Tue Oct 25 18:52:26 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ ./busybox_httpd.sh stop [25.10.2016 18:52 ] ### busybox_httpd.sh started at Tue Oct 25 18:52:29 CEST 2016 [25.10.2016 18:52 ] Using the busybox directory based on the the environment variable JWM_DIR ("/var/tmp/jwm") [25.10.2016 18:52 ] The busybox base directory is /var/tmp/jwm [25.10.2016 18:52 ] The httpd daemon is running; the PID is 573 [25.10.2016 18:52 ] Stopping the httpd daemon ... [25.10.2016 18:52 ] ### busybox_httpd.sh ended at Tue Oct 25 18:52:30 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ ./busybox_httpd.sh status [25.10.2016 18:52 ] ### busybox_httpd.sh started at Tue Oct 25 18:52:33 CEST 2016 [25.10.2016 18:52 ] Using the busybox directory based on the the environment variable JWM_DIR ("/var/tmp/jwm") [25.10.2016 18:52 ] The busybox base directory is /var/tmp/jwm [25.10.2016 18:52 ] The httpd daemon is NOT running (well, it may be running but it was not started by this script) [25.10.2016 18:52 ] ### busybox_httpd.sh ended at Tue Oct 25 18:52:33 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$

To change the port used by the httpd use:

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ ./busybox_httpd.sh -p 8888 start [25.10.2016 18:53 ] ### busybox_httpd.sh started at Tue Oct 25 18:53:13 CEST 2016 [25.10.2016 18:53 ] Using the busybox directory based on the the environment variable JWM_DIR ("/var/tmp/jwm") [25.10.2016 18:53 ] The busybox base directory is /var/tmp/jwm [25.10.2016 18:53 ] Starting the httpd daemon ... [25.10.2016 18:53 ] Using the httpd home directory /var/tmp/jwm/htdocs [25.10.2016 18:53 ] Using the httpd config file /var/tmp/jwm/etc/httpd.conf [25.10.2016 18:53 ] The port to use for the httpd daemon is 8888 [25.10.2016 18:53 ] Preparing the environment to start the busybox httpd with php support ... [25.10.2016 18:53 ] Searching for the php-cgi binary ... [25.10.2016 18:53 ] Using the PHP binary "/usr/bin/php-cgi" ... + ./busybox/httpd '' -p 8888 -c /tmp/httpd.8888.conf -h /var/tmp/jwm/htdocs + 2>& 1 [25.10.2016 18:53 ] httpd daemon started; the PID is 825 [25.10.2016 18:53 ] Use http://localhost:8888 or http://t540p:8888 to access the httpd in your Webbrowser [25.10.2016 18:53 ] ### busybox_httpd.sh ended at Tue Oct 25 18:53:13 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ ./busybox_httpd.sh status [25.10.2016 18:53 ] ### busybox_httpd.sh started at Tue Oct 25 18:53:19 CEST 2016 [25.10.2016 18:53 ] Using the busybox directory based on the the environment variable JWM_DIR ("/var/tmp/jwm") [25.10.2016 18:53 ] The busybox base directory is /var/tmp/jwm [25.10.2016 18:53 ] The httpd daemon is running; the PID is 825 UID PID PPID C STIME TTY TIME CMD xtrnaw7 825 1 0 18:53 ? 00:00:00 ./busybox/httpd -p 8888 -c /tmp/httpd.8888.conf -h /var/tmp/jwm/htdocs [25.10.2016 18:53 ] The httpd daemon is listening on these ports: (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp6 0 0 :::8888 :::* LISTEN 825/./busybox/httpd [25.10.2016 18:53 ] ### busybox_httpd.sh ended at Tue Oct 25 18:53:19 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ ./busybox_httpd.sh stop [25.10.2016 18:53 ] ### busybox_httpd.sh started at Tue Oct 25 18:53:30 CEST 2016 [25.10.2016 18:53 ] Using the busybox directory based on the the environment variable JWM_DIR ("/var/tmp/jwm") [25.10.2016 18:53 ] The busybox base directory is /var/tmp/jwm [25.10.2016 18:53 ] The httpd daemon is running; the PID is 825 [25.10.2016 18:53 ] Stopping the httpd daemon ... [25.10.2016 18:53 ] ### busybox_httpd.sh ended at Tue Oct 25 18:53:31 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$

The known parameter of the busybox httpd daemon are:

busybox httpd usage

[xtrnaw7@t15g /var/tmp/jwm]$ ./busybox/httpd --help BusyBox v1.36.1 (2024-02-23 15:34:20 CET) multi-call binary. Usage: httpd [-ifv[v]] [-c CONFFILE] [-p [IP:]PORT] [-u USER[:GRP]] [-r REALM] [-h HOME] or httpd -d/-e/-m STRING Listen for incoming HTTP requests -i Inetd mode -f Run in foreground -v[v] Verbose -p [IP:]PORT Bind to IP:PORT (default *:80) -u USER[:GRP] Set uid/gid after binding to port -r REALM Authentication Realm for Basic Authentication -h HOME Home directory (default .) -c FILE Configuration file (default {/etc,HOME}/httpd.conf) -m STRING MD5 crypt STRING -e STRING HTML encode STRING -d STRING URL decode STRING [xtrnaw7@t15g /var/tmp/jwm]$

btop++

"Resource monitor that shows usage and stats for processor, memory, disks, network and processes.

C++ version and continuation of bashtop and bpytop."

btop usage

[xtrnaw7@t15g /var/tmp/jwm/src]$ ../bin/btop --help usage: btop [-h] [-v] [-/+t] [-p <id>] [-u <ms>] [--utf-force] [--debug] optional arguments: -h, --help show this help message and exit -v, --version show version info and exit -lc, --low-color disable truecolor, converts 24-bit colors to 256-color -t, --tty_on force (ON) tty mode, max 16 colors and tty friendly graph symbols +t, --tty_off force (OFF) tty mode -p, --preset <id> start with preset, integer value between 0-9 -u, --update <ms> set the program update rate in milliseconds --utf-force force start even if no UTF-8 locale was detected --debug start in DEBUG mode: shows microsecond timer for information collect and screen draw functions and sets loglevel to DEBUG [xtrnaw7@t15g /var/tmp/jwm/src]$

btop examples

n/a

bvi

"The bvi is a display-oriented editor for binary files (hex editor), based on the vi texteditor. If you are familiar with vi, just start the editor and begin to edit! A bmore program is also included in the package.
If you never heard about vi, maybe bvi is not the best choice for you. "

bvi usage

[xtrnaw7@t540p /var/tmp/jwm/src]$ ../bin/bvi -h Usage: bvi [-R] [-c cmd | +cmd] [-f script] [-s skip] [-e end] [-n length] file ... file offset/size: 10k, 20m, 1g, 0x1000 hex, 0200 octal [xtrnaw7@t540p /var/tmp/jwm/src]$

bwm-ng

bwm-ng is a network bandwidth monitor; the usage for bwm-ng is:

bwm-ng usage

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/bin]$ bwm-ng -h Bandwidth Monitor NG (bwm-ng) v0.6.2 Copyright (C) 2004-2007 Volker Gropp <bwmng@gropp.org> USAGE: bwm-ng [OPTION] ... [CONFIGFILE] displays current ethernet interfaces stats Options: -t, --timeout <msec> displays stats every <msec> (1msec = 1/1000sec) default: 500 -d, --dynamic [value] show values dynamically (Byte KB or MB) -a, --allif [mode] where mode is one of: 0=show only up (and selected) interfaces 1=show all up interfaces (default) 2=show all and down interfaces -I, --interfaces <list> show only interfaces in <list> (comma separated), or if list is prefaced with % show all but interfaces in list -S, --sumhidden [value] count hidden interfaces for total -A, --avglength <sec> sets the span of average stats (Default 30s) -D, --daemon [value] fork into background and daemonize -h, --help displays this help -V, --version print version info Input: -i, --input <method> input method, one of: proc disk -f, --procfile <file> filename to read raw data from. (/proc/net/dev) --diskstatsfile <file> filename to read diskstats (Linux 2.6+) from. (/proc/diskstats) --partitionsfile <file> filename to read diskstats (Linux 2.4) from. (/proc/partitions) Output: -o, --output <method> output method, one of: plain, curses, curses2, csv, html -u, --unit <value> unit to show. one of bytes, bits, packets, errors -T, --type <value> type of stats. one of rate, max, sum, avg -C, --csvchar <char> delimiter for csv -F, --outfile <file> output file for csv and html (default stdout) -R, --htmlrefresh <num> meta refresh for html output -H, --htmlheader show <html> and <meta> frame for html output -c, --count <num> number of query/output for plain & csv -N, --ansiout disable ansi codes for plain output (ie 1 for one single output) [JWM session] [xtrnaw7@t540p /var/tmp/jwm/bin]$

cdpinfo

cdpinfo is a perl script listening for Cisco Discovery Protocol (CDP) packets and printing out key values such as switch, port and vlan.

This script depends on either "snoop" (Solaris) or "tcpdump" (Linux, AIX, and others). Both of those programs generally must be run as root (see also cdpr)

cdpinfo usage

[xtrnaw7@t540p /var/tmp/jwm/scripts]$ ./cdpinfo -h Usage: ./cdpinfo -i devX [-t tmout] [-v] -i devX : Use the devX device name for the interface to watch. -t tmout : Timeout value in seconds. Don't wait for a CDP packet longer than this. Default is 60 seconds. 0 means no limit. -v : Verbose output. -h : This help message. [xtrnaw7@t540p /var/tmp/jwm/scripts]$

cdpinfo example

[xtrnaw7@t540p /var/tmp/jwm/scripts]$ sudo ./cdpinfo -i enp0s25 No CDP packet - sorry ^C

cdpr

"cdpr is used to decode a Cisco Disovery Protocol (CDP) packet, by default it will report the device ID, the IP Address (of the device), and the port number that the machine is connected to. Optionally it will decode the entire CDP packet"

Please note that the Cisco Discovery Protocol is disabled in a lot of production sites and therefor cdpr can not do anything.

cdpr usage

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ cdpr -h cdpr - Cisco Discovery Protocol Reporter Version 2.4 Copyright (c) 2002-2010 - MonkeyMental.com d: Specify device to use (eth0, hme0, etc.) h: Print this usage t: time in seconds to abort waiting for a packet (should be > 60) v[vv]: Set verbose mode r: read from file instead of network device ** Options dealing with server updates: ** u: Send cdpr information to a cdpr server requires config file as arg l: Location/description of this port for use with -u or -s and -p n: Override the hostname reported to the server for use with -u or -s and -p s: Server to send information to specify port with a : after Server/IP Example: 192.168.1.20:88 (default: 80) requires -p (overridden by -u) p: Path of server script to send data to requires -s (overridden by -u) [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$

checksec

"Checksec.sh is a bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source). It has been originally written by Tobias Klein and the original source is available here: http://www.trapkit.de/tools/checksec.html"

"Modern Linux distributions offer some mitigation techniques to make it harder to exploit software vulnerabilities reliably. Mitigations such as RELRO, NoExecute (NX), Stack Canaries, Address Space Layout Randomization (ASLR) and Position Independent Executables (PIE) have made reliably exploiting any vulnerabilities that do exist far more challenging. The checksec.sh script is designed to test what standard Linux OS and PaX security features are being used."

see also http://blog.siphos.be/2011/07/high-level-explanation-on-some-binary-executable-security/

checksec usage

xtrnaw7@t540p /var/tmp/jwm/checksec]$ ./checksec -h Usage: checksec [--format={cli,csv,xml,json}] [OPTION] Options: ## Checksec Options --file={file} --dir={directory} --listfile={text file with one file per line} --proc={process name} --proc-all --proc-libs={process ID} --kernel[=kconfig] --fortify-file={executable-file} --fortify-proc={process ID} --version --help --update or --upgrade ## Modifiers --debug --verbose --format={cli,csv,xml,json} --output={cli,csv,xml,json} --extended For more information, see: http://github.com/slimm609/checksec.sh [xtrnaw7@t540p /var/tmp/jwm/checksec]$

checksec example

[xtrnaw7@t540p /var/tmp/jwm/checksec]$ ./checksec --kernel* Kernel protection information: Description - List the status of kernel protection mechanisms. Rather than inspect kernel mechanisms that may aid in the prevention of exploitation of userspace processes, this option lists the status of kernel configuration options that harden the kernel itself against attack. Kernel config: /boot/config-5.14.14-200.fc34.x86_64 Warning: The config on disk may not represent running kernel config! Running kernel: 5.14.14-200.fc34.x86_64 Vanilla Kernel ASLR: Full NX protection: Enabled Protected symlinks: sysctl: permission denied on key 'fs.protected_symlinks' Disabled Protected hardlinks: sysctl: permission denied on key 'fs.protected_hardlinks' Disabled Protected fifos: sysctl: permission denied on key 'fs.protected_fifos' Unsupported Protected regular: sysctl: permission denied on key 'fs.protected_regular' Unsupported Ipv4 reverse path filtering: Disabled Kernel heap randomization: Enabled GCC stack protector support: Enabled GCC stack protector strong: Disabled GCC structleak plugin: Disabled SLAB freelist randomization: Enabled Virtually-mapped kernel stack: Enabled Restrict /dev/mem access: Enabled Restrict I/O access to /dev/mem: Enabled Exec Shield: Unsupported Hardened Usercopy: Enabled Harden str/mem functions: Enabled * X86 only: Address space layout randomization: Enabled * SELinux: Enforcing Checkreqprot: Enabled Deny Unknown: Disabled [xtrnaw7@t540p /var/tmp/jwm/checksec]$[xtrnaw7@t540p /var/tmp/jwm/checksec]$ ./checksec --file=/bin/bash RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols Yes 13 32 /bin/bash [xtrnaw7@t540p /var/tmp/jwm/checksec]$

Note: checksec.sh needs the binary readelf. The script needs bash v3.2 or newer.

collectl

collectl is a excellent general monitoring tool for Linux.

To use the additional moduls for collectl, collectl must be started from within the collectl directory. Therefor you should always use the script collectl in the script directory which is available via the PATH variable.

see also the examples on the collectl homepage: http://collectl.sourceforge.net/Examples.html
and the collectl FAQ.

Short collectl usage

JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ collectl -h This is a subset of the most common switches and even the descriptions are abbreviated. To see all type 'collectl -x', to get started just type 'collectl' usage: collectl [switches] -c, --count count collect this number of samples and exit -f, --filename file name of directory/file to write to -i, --interval int collection interval in seconds [default=1] -o, --options options misc formatting options, --showoptions for all d|D - include date in output T - include time in output z - turn off compression of plot files -p, --playback file playback results from 'file' (be sure to quote if wild carded) or the shell might mess it up -P, --plot generate output in 'plot' format -s, --subsys subsys specify one or more subsystems [default=cdn] --verbose display output in verbose format (automatically selected when brief doesn't make sense) Various types of help -h, --help print this text -v, --version print version -V, --showdefs print operational defaults -x, --helpextend extended help, more details descriptions too -X, --helpall shows all help concatenated together --showoptions show all the options --showsubsys show all the subsystems --showsubopts show all subsystem specific options --showtopopts show --top options --showheader show file header that 'would be' generated --showcolheaders show column headers that 'would be' generated --showslabaliases for SLUB allocator, show non-root aliases --showrootslabs same as --showslabaliases but use 'root' names Copyright 2003-2016 Hewlett-Packard Development Company, L.P. collectl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the source kit [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$

Complete collectl usage

[JWM session] xtrnaw7@t61p Tue Oct 29 20:19:39 /var/tmp/jwm/scripts $ collectl --help This is a subset of the most common switches and even the descriptions are abbreviated. To see all type 'collectl -x', to get started just type 'collectl' usage: collectl [switches] -c, --count count collect this number of samples and exit -f, --filename file name of directory/file to write to -i, --interval int collection interval in seconds [default=1] -o, --options options misc formatting options, --showoptions for all d|D - include date in output T - include time in output z - turn off compression of plot files -p, --playback file playback results from 'file' (be sure to quote if wild carded) or the shell might mess it up -P, --plot generate output in 'plot' format -s, --subsys subsys specify one or more subsystems [default=cdn] --verbose display output in verbose format (automatically selected when brief doesn't make sense) Various types of help -h, --help print this text -v, --version print version -V, --showdefs print operational defaults -x, --helpextend extended help, more details descriptions too -X, --helpall shows all help concatenated together --showoptions show all the options --showsubsys show all the subsystems --showsubopts show all subsystem specific options --showtopopts show --top options --showheader show file header that 'would be' generated --showcolheaders show column headers that 'would be' generated --showslabaliases for SLUB allocator, show non-root aliases --showrootslabs same as --showslabaliases but use 'root' names Copyright 2003-2013 Hewlett-Packard Development Company, L.P. collectl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the source kit [JWM session] xtrnaw7@t61p Tue Oct 29 20:23:27 /var/tmp/jwm/scripts $ collectl --showoptions Various combinations can be specified with -o or --options, both interactively and in playback mode, in far too many combinations to describe. In general if they make sense together they probably work! Date and Time d - preface output with 'mm/dd hh:mm:ss' D - preface outout with 'ddmmyyyy hh:mm:ss' T - preface output with time only U - preface output with UTC time m - when reporting times, include milli-secs Numerical Formats g - include/substitute 'g' for decimal point for numbers > 1G G - include decimal point (when it will fit) for numbers > 1G Exception Reporting x - report exceptions only (see man page) X - record all values + exceptions in plot format (see manpage) Modify results before display (do NOT effect collection) n - do NOT normalize rates to units/second Plot File Naming/Creation a - if plotfile exists, append [default=skip -p file] c - always create new plot file u - create unique plot file names - include time Plot Data Format 1 - plot format with 1 decimal place of precision 2 - plot format with 2 decimal places of precision z - don't compress output file(s) File Header Information i - include file header in output JWM session] xtrnaw7@t61p Tue Oct 29 20:24:46 /var/tmp/jwm/scripts $ collectl --showsubsys The following subsystems can be specified in any combinations with -s or --subsys in both record and playbackmode. [default=bcdfijlmnstx] These generate summary, which is the total of ALL data for a particular type b - buddy info (memory fragmentation) c - cpu d - disk f - nfs i - inodes j - interrupts by CPU l - lustre m - memory n - network s - sockets t - tcp x - interconnect (currently supported: Infiniband and Quadrics) y - slabs These generate detail data, typically but not limited to the device level C - individual CPUs, including interrupts if -sj or -sJ D - individual Disks E - environmental (fan, power, temp) [requires ipmitool] F - nfs data J - interrupts by CPU by interrupt number L - lustre M - memory numa/node N - individual Networks T - tcp details (lots of data!) X - interconnect ports/rails (Infiniband/Quadrics) Y - slabs/slubs Z - processes An alternative format lets you add and/or subtract subsystems to the defaults by immediately following -s with a + and/or - eg: -s+YZ-x adds slabs & processes and removes interconnet summary data -s-n removes network summary data -s-all removes ALL subsystems, something that can handy when playing back data collected with --import and you ONLY want to see that data [JWM session] xtrnaw7@t61p Tue Oct 29 20:25:24 /var/tmp/jwm/scripts $ collectl --showsubopts These options are all subsystem specific and all take one or more arguments. Options typically effect the type of data collectl and filters effect the way it is displayed. In the case of lustre there are also 'services' CPU --cpuopts z - do not show any detail lines which are ALL 0 Disk --dskfilt perl-regx[,perl-regx...] this ONLY applies to disk stats output and not data collection only data for disk names that match the pattern(s) will be included in summary stats or displayed when details requested if you don't know perl, a partial string will usually work too --dskopts f - include fractions for some of the detail output columns i - include average i/o size in brief mode (as with --iosize) o - exclude unused devices from new headers and plot data see docs on disk monitoring for more detail z - do not show any detail lines which are ALL 0 --rawdskfilt this works like dskfilt except rather than being applied to the output it applies to the data collection. --rawdskignore this is the opposite if --rawdskfilt in that any disks matching this pattern will not have their statistics recorded as well as not being shown in any output Environmental --envopts [def=fpt] NOTE: these do not filter data on collection f - display fan data p - display power data t - display temperature data C - display temperature in celcius F - display temperature in fahrenheit M - display data on multiple lines (useful when too much data) T - display all env data truncated to whole integers 0-9 - use as ipmi device number --envfilt perl-regx during collection, this filter is applied to the data returned by ipmitool and only those lines that match are kept --envremap perl-regx... a list of regx expressions, comma separated, are applied to the final env names before reporting The following are for those needed to develop/debug remapping rules. See online documentation OR Ipmi.html in docs/ --envrules filename file containin remapping rules --envdebug show processing of ipmi data --envtest filename file containing extract of 'ipmitool -c sdr' Interconnect --xopts i - include i/o sizes in brief mode Interrupts --intfilt perl-regx like other filters, this filter only applies to display output and all interrupts will always be collected and available for playback Lustre --lustopts B - only for OST's and clients, collect buffer/rpc stats D - collect lustre disk stats (HPSFS: MDS and OSS only) M - collect lustre client metadata O - collect lustre OST level stats (detail mode only and not MDS) R - collect lustre client readahead stats --lustsvc: force monitoring/reporting of these lustre services c - client m - mds o - oss NOTE - you can specify the service in either lower or upper case, in case other tools might care. see the collectl documentation on lustre for details Memory --memopts P - display physical portion of verbose display V - display virtual portion of verbose display p - display/record alloc/refill number of pages s - display/record steal/kswap/direct number of pages R - show changes in memory as rates, not instantaneous values note that including p or s will collect more data and will slightly increase in processing time. if neither P or V are specified none of the basic memory stats will be displayed BUT they will be recorded making it possible to display later either by including P/V as an option OR leaving off both p and s. Network --netfilt perl-regx[,perl-regx...] this ONLY applies to network stats output and not data collection only data for network names that match the pattern(s) will be included in summary stats or displayed when details requested if you don't know perl, a partial string will usually work too --netopts eEw99 e - include errors in brief mode and explicit error types in verbose and detail formats E - only display intervals which have network errors in them i - include i/o sizes in brief mode o - exclude unused devices from new headers and plot data see docs on network monitoring for more detail w - sets minimal network name width in network stats output which can be useful for aligning output from multiple systems --rawnetfilt this works like netfilt except rather than being applied to the output it applies to the data collection. --rawnetignore this is the opposite of --rawnetfilt in that any networks matching this pattern will not have their statistics recorded as well as not being shown in any output NFS --nfsfilt TypeVer,... C - client S - server 2 - V2 3 - V3 4 - V4 By specifying a csv list, collectl will only collect/record the type of data indicated (eg c3,s3 indicates V3 clients/server data) --nfsopts z - do not show lines of 0 activity with -sF Processes --procopts c - include cpu time of children who have exited (same as ps S switch) f - use cumulative totals for page faults in proc data instead of rates i - show io counters in display I - disable collection/display of I/O stats. saves over 25% in data collection overhead k - remove known shells from process names m - show memory breakdown and faults in display p - never look for new pids or threads to match processing criteria This also improves performance! r - show root command name for a narrower display, can be combined with w R - show ALL process priorities ('RT' currently displayed if realtime) s - include process start times in hh:mm:ss format S - include process start times in mmmdd-hh:mm:ss format t - include ALL threads (can be a lot of overhead if many active threads) u - make username format 12 chars wide. you can also set any arbitrary width of at least 8, eg u10 w - make format wider by including entire process argument string you can also set a max number of chars, eg w32 x - include extended process attributes (currently only for context switches) z - exclude any processes with 0 in sort field --procfilt: restricts which procs are listed, where 'procs' is of the Format: <type><match>[[,<type><match>],...], and valid types are any combinations of: c - any substring in command name C - command name starts with this string f - full path of command (including args) contains string p - pid P - parent pid u - any processes owned by this user's UID or in range xxx-yyy U - any processes owned by this user NOTE1: if 'procs' is actually a filename, that file will be read and all lines concatenated together, comma separted, as if typed in as an argument of --procfilt. Lines beginning with # will be ignored as comments and blank lines will be skipped. NOTE2: if any type fields are immediatly followed by a plus sign, any threads associated with that process will also be reported. see man page for important restrictions --procstate Only show processes in one or more of the following states D - waiting in uninterruptable disk sleep R - running S - sleeping in uninterruptable wait T - traced or stopped W - paging Z - zombie Slab Options and Filters --slabopts s - only show slabs with non-zero allocations S - only show slabs that have changed since last interval --slabfilt: restricts which slabs are listed, where 'slab's is of the form: 'slab[,slab...]. only slabs whose names start with this name will be included TCP Stack Options - these DO effect data collection as well as printing --tcpfilt i - ip stats, no brief stats so selecting it alone will force --verbose t - tcp stats u - udp stats c - Icmp Stats I - ip extended stats T - tcp extended stats [JWM session] xtrnaw7@t61p Tue Oct 29 20:25:27 /var/tmp/jwm/scripts $ collectl --showtopopts The following is a list of --top's sort types which apply to either process or slab data. In some cases you may be allowed to sort by a field that is not part of the display if you so desire TOP PROCESS SORT FIELDS Memory vsz virtual memory rss resident (physical) memory Time syst system time usrt user time time total time accum accumulated time I/O rkb KB read wkb KB written iokb total I/O KB rkbc KB read from pagecache wkbc KB written to pagecache iokbc total pagecacge I/O ioall total I/O KB (iokb+iokbc) rsys read system calls wsys write system calls iosys total system calls iocncl Cancelled write bytes Page Faults majf major page faults minf minor page faults flt total page faults Context Switches vctx volunary context switches nctx non-voluntary context switches Miscellaneous (best when used with --procfilt) cpu cpu number pid process pid thread total process threads (not counting main) TOP SLAB SORT FIELDS numobj total number of slab objects actobj active slab objects objsize sizes of slab objects numslab number of slabs objslab number of objects in a slab totsize total memory sizes taken by slabs totchg change in memory sizes totpct percent change in memory sizes name slab names

collectl - List detailed output

To view more detailed fields use the switch --verbose, e.g:

JWM session] xtrnaw7@t61p Tue Oct 29 20:16:39 /var/tmp/jwm/scripts $ collectl -sn -oT monospace;"> waiting for 1 second sample... # <----------Network----------> #Time KBIn PktIn KBOut PktOut 20:17:22 0 1 0 0 20:17:23 0 0 0 0 20:17:24 0 1 0 0 Ouch! [JWM session] xtrnaw7@t61p Tue Oct 29 20:17:24 /var/tmp/jwm/scripts $ collectl -sn --verbose -oT waiting for 1 second sample... # NETWORK SUMMARY (/sec) #Time KBIn PktIn SizeIn MultI CmpI ErrsI KBOut PktOut SizeO CmpO ErrsO 20:17:31 0 0 0 0 0 0 0 0 0 0 0 20:17:32 0 1 60 0 0 0 0 0 0 0 0 20:17:33 0 0 0 0 0 0 0 0 0 0 0 20:17:34 0 1 60 0 0 0 0 0 0 0 0 20:17:35 0 0 0 0 0 0 0 0 0 0 0

collectl - List processes in tree view

To view processes in a tree view use the switch --export proctree, e.g.

collectl --top --export proctree Process Tree 01:00:00 [skip when 'time'<=0 is 'on' aggr: 'on' x1024: 'off' depth 5] # PID PPID User PR S VSZ RSS CP SysT UsrT Pct AccuTime RKB WKB MajF MinF Command 00001 0 root 20 S 23G 1G 1 0.03 0.08 11 02:07.44 0 0 0 7 /sbin/init 01964 1 root 20 S 9G 497M 0 0.03 0.08 11 01:39.73 0 0 0 7 /usr/sbin/mdm 01979 1964 root 20 S 9G 495M 1 0.03 0.08 11 01:39.73 0 0 0 7 /usr/sbin/mdm 01992 1979 root 20 S 170M 60M 1 0.01 0.00 1 00:26.55 0 0 0 0 /usr/bin/X 02407 1979 xtrnaw7 20 S 9G 431M 1 0.02 0.08 10 01:13.17 0 0 0 7 gnome-session 02804 2407 xtrnaw7 20 S 3G 264M 0 0.02 0.08 10 01:06.44 0 0 0 7 /usr/bin/cinnamon 00002 0 root 20 S 0 0 1 0.01 0.00 1 00:07.16 0 0 0 0 kthreadd 00181 2 root 20 S 0 0 1 0.01 0.00 1 00:01.77 0 0 0 0 kworker/1:2 monospace;"> Ouch!

collectl - View process I/O

To view process I/O use this parameter:

[JWM session] xtrnaw7@t61p Tue Oct 29 20:34:03 /var/tmp/jwm/scripts $ collectl -sZ -i:1 |more waiting for 1 second sample... ### RECORD 1 >>> t61p <<< (1383075264.001) (Tue Oct 29 20:34:24 2013) ### # PROCESS SUMMARY (counters are /sec) monospace;"> # PID User PR PPID THRD S VSZ RSS CP SysT UsrT Pct AccuTime RKB WKB MajF MinF Command 1 root 20 0 0 S 24M 2M 1 0.00 0.00 0 00:00.44 0 0 0 0 /sbin/init 2 root 20 0 0 S 0 0 1 0.00 0.00 0 00:00.00 0 0 0 0 kthreadd 3 root 20 2 0 S 0 0 0 0.00 0.00 0 00:00.67 0 0 0 0 ksoftirqd/0 6 root RT 2 0 S 0 0 0 0.00 0.00 0 00:01.59 0 0 0 0 migration/0 7 root RT 2 0 S 0 0 0 0.00 0.00 0 00:00.03 0 0 0 0 watchdog/0 8 root RT 2 0 S 0 0 1 0.00 0.00 0 00:00.36 0 0 0 0 migration/1

The columns RKB and WKB list the kilobytes read and written by the processes.

collectl - View with timestamps

To add a timestamp to the output lines use

[JWM session] xtrnaw7@t61p Tue Oct 29 20:40:40 /var/tmp/jwm/scripts $ collectl --procopts i -oT waiting for 1 second sample... # <--------CPU--------><----------Disks-----------><----------Network----------> #Time cpu sys inter ctxsw KBRead Reads KBWrit Writes KBIn PktIn KBOut PktOut 20:40:43 3 1 252 486 0 0 0 0 0 0 0 0 20:40:44 4 1 287 658 0 0 0 0 0 1 0 0 20:40:45 3 1 262 556 0 0 56 6 0 0 0 0 20:40:46 4 1 296 576 0 0 192 3 0 1 0 0 Ouch!

To add a timestamp in milli seconds to the output lines use

[JWM session] xtrnaw7@t61p Tue Oct 29 20:40:46 /var/tmp/jwm/scripts $ collectl --procopts i -oTm waiting for 1 second sample... # <--------CPU--------><----------Disks-----------><----------Network----------> #Time cpu sys inter ctxsw KBRead Reads KBWrit Writes KBIn PktIn KBOut PktOut 20:40:51.001 12 8 402 998 0 0 8 2 0 0 0 0 20:40:52.001 5 2 326 720 0 0 0 0 0 1 0 0 20:40:53.001 6 4 299 652 0 0 0 0 0 1 0 2 Ouch!

CPUHog

CPUhog is a small Java program to use all CPU resources .

CPUhog usage

[xtrnaw7@t540p /data/download]$ java -jar CPUhog.jar -h Usage: java -jar CPUhog <options> The options can be specified in any order and later ones override earlier ones. Available options are -t nnn Start load nnn threads (default 10). Typically the main program runs in the initial thread and it starts a monitoring thread as well as the specified number of load threads. You may see additional threads created by the JVM for system use. -s nnn The size of the vector used during the convolution (default 100). Note that doubling the number coefficients will appoximately increase the load execution time by 4. -a Permit the application to adjust the vector size automatically. Initially this will reduce the size when out of memory errors start to occur. During adjustment the load may fluctuate. Currently the size is not adjusted upwards so the -d option can be used to set an upper value. -w nnn The amount of time (ms) to wait between log line outputs. -sn No statistics. -sa All statistics -sc Compilation information -so Operating system information. This is the only section output by default. -sr Runtime information (includes all java system properties) -st Thread information -sm Memory information -sp Memory pool information -c nnn The target percentage of total CPU to use (integer - default 100). A delay within each load thread will be adjusted to bring the aggregate load on the system to the specified percentage. The granularity that the application can achieve will be determined by the size of load and the speed of CPU. This also relies on the JVM / OS to spread the total load evenly (although this may be what you are testing!) -q Supress logging information. [xtrnaw7@t540p /data/download]$

CPUhog example

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ bin1/CPUhog.sh Operating System Information OS name: Linux OS version: 4.7.7-100.fc23.x86_64 Architecture: amd64 Available processors: 8 Hogging all the CPU with 10 java threads doing 10x10 matrix arithmetic. Time /s Threads CPUs Free KBs Total KBs Max KBs %CPU User %CPU Total %CPU / CPU LoopTime/s Ld Wait/ms mSize 0.000 10 8 232775 241664 3557376 0.000 0.000 0.000 -1.000e-09 0 10 All threads started. 2.005 15 8 223886 241664 3557376 782.629 786.077 98.260 3.192e-04 0 10 4.007 15 8 223886 241664 3557376 779.734 780.817 97.602 2.601e-04 0 10 6.009 15 8 223886 241664 3557376 784.251 783.921 97.990 3.297e-04 0 10 8.011 15 8 223886 241664 3557376 787.799 787.870 98.484 2.610e-04 0 10 10.013 15 8 223886 241664 3557376 780.233 780.892 97.611 3.138e-04 0 10 12.015 15 8 223886 241664 3557376 791.424 790.783 98.848 3.337e-04 0 10 14.017 15 8 223886 241664 3557376 788.900 788.183 98.523 3.173e-04 0 10 16.018 15 8 223886 241664 3557376 788.500 789.356 98.669 3.610e-04 0 10 18.021 15 8 223886 241664 3557376 792.436 792.113 99.014 2.900e-04 0 10 20.023 15 8 223886 241664 3557376 789.072 789.279 98.660 3.446e-04 0 10 22.025 15 8 223886 241664 3557376 789.872 790.447 98.806 3.025e-04 0 10 24.026 15 8 223886 241664 3557376 793.408 793.212 99.152 2.974e-04 0 10 26.028 15 8 223886 241664 3557376 790.376 790.354 98.794 3.197e-04 0 10 28.029 15 8 223886 241664 3557376 788.936 789.481 98.685 3.409e-04 0 10 30.031 15 8 223886 241664 3557376 786.201 786.107 98.263 3.156e-04 0 10 32.033 15 8 223886 241664 3557376 792.136 792.731 99.091 2.965e-04 0 10 34.035 15 8 223886 241664 3557376 790.356 790.693 98.837 3.202e-04 0 10 36.037 15 8 223886 241664 3557376 789.868 789.714 98.714 3.248e-04 0 10 38.038 15 8 223886 241664 3557376 785.974 787.033 98.379 2.744e-04 0 10 Time /s Threads CPUs Free KBs Total KBs Max KBs %CPU User %CPU Total %CPU / CPU LoopTime/s Ld Wait/ms mSize 40.041 15 8 223886 241664 3557376 789.479 788.058 98.507 3.293e-04 0 10 42.042 15 8 223886 241664 3557376 782.507 783.508 97.938 1.827e-04 0 10 44.044 15 8 223886 241664 3557376 792.222 793.141 99.143 3.322e-04 0 10 46.045 15 8 223886 241664 3557376 792.163 790.496 98.812 3.126e-04 0 10 48.046 15 8 223886 241664 3557376 788.175 789.011 98.626 3.265e-04 0 10 50.047 15 8 223886 241664 3557376 794.052 793.869 99.234 3.083e-04 0 10 52.049 15 8 223886 241664 3557376 793.178 793.641 99.205 2.995e-04 0 10 54.050 15 8 223886 241664 3557376 774.625 774.294 96.787 3.467e-04 0 10 56.051 15 8 223886 241664 3557376 780.368 780.860 97.607 2.354e-04 0 10

cpumon

cpumon monitors CPU activity of a multi-core machine. This tools provides effective load report useful for debugging real-time software on standard Linux operating system.

cpumon usage

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ cpumon -h usage: cpumon [-c int] [-f str] [-h] [-k int] [-m int] [-s int] [-t int] [-v int] [-V] -c int: force calibration (1), need root -f str: calibration file (/var/lib/cpumon/calibration.txt) -h : help message -k int: cpu id for calibration, -1 means last core (-1) -m int: cpu id for monitoring, -1 means last core (0) -s int: number of second before stopping, -1 means infinity (-1) -t int: timer period (5) -v int: verbose level (1) -V : show version [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$

cpumon example

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo cpumon sudo: cpumon: command not found [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo bin/cpumon can't read calibration file (/var/lib/cpumon/calibration.txt) runnning calibration on cpu 7 calibration max loops: 47994 cpu speed is changing from -0.000 to 2.794 cpu: 34.5% + 35.4% + 46.2% + 39.0% + 38.1% + 33.1% + 35.5% + 36.2% = 297.9% cpu: 32.4% + 35.6% + 43.7% + 35.5% + 32.6% + 32.7% + 32.9% + 32.8% = 278.0% cpu: 36.0% + 32.0% + 47.2% + 36.7% + 32.4% + 32.8% + 33.9% + 33.1% = 283.9% cpu: 43.9% + 42.4% + 43.8% + 29.9% + 33.6% + 32.4% + 34.4% + 32.9% = 293.1%

cpustat

"cpustat periodically dumps out the current CPU utilisation statistics of running processes. cpustat has been optimised to have a minimal CPU overhead and typically uses about 35% of the CPU compared to top. cpustat also includes some simple statistical analysis options that can help characterise the way CPUs are being loaded."

cpustat usage

[xtrnaw7@t15g /var/tmp/jwm/src]$ ../bin/cpustat -h cpustat, version 0.02.20 Usage: cpustat [options] [duration] [count] -h help -a calculate CPU utilisation based on all the CPU ticks rather than per CPU tick -c get command name from processes comm field -d strip directory basename off command information -D show distribution of CPU utilisation stats at end -g show grand total of CPU utilisation stats at end -i ignore cpustat in the statistics -l show long (full) command information -n specifies number of tasks to display -p just show utilisation for a specified PID -q run quietly, useful with option -r -r specifies a comma separated values output file to dump samples into -s show short command information -S timestamp output -t specifies a task tick count threshold where samples less than this are ignored -T show total CPU utilisation statistics -x show extra stats (load average, avg cpu freq, etc) -X top-like curses based display mode [xtrnaw7@t15g /var/tmp/jwm/src]$

cpustat example

[xtrnaw7@t540p /var/tmp/jwm/src]$ ../bin/cpustat -c -d -D -g -n 20 %CPU %USR %SYS PID S CPU Time Task 15.69 0.98 14.71 9982 S 1 8.11h VirtualBoxVM 5.88 1.96 3.92 107641 S 3 2.21h VirtualBoxVM 3.92 0.00 3.92 107700 S 6 2.25h VirtualBoxVM 3.92 3.92 0.00 11184 S 4 2.27h slimjet 3.92 3.92 0.00 11322 S 0 1.05h slimjet 2.94 1.96 0.98 262429 S 6 20.49m seamonkey 1.96 0.98 0.98 9954 S 5 15.46m VBoxSVC 1.96 0.98 0.98 9267 S 1 18.08m pulseaudio 1.96 1.96 0.00 11076 S 6 41.00m slimjet 1.96 0.98 0.98 105632 S 4 12.19m Telegram 1.96 0.98 0.98 9670 S 0 18.13m mate-cpufreq-ap 1.96 0.98 0.98 13996 S 1 1.04h java 1.96 1.96 0.00 11158 S 5 1.05h slimjet 1.96 1.96 0.00 2679 S 3 49.22m Xorg 0.98 0.00 0.98 9599 S 0 10.36m top 0.98 0.98 0.00 18661 S 0 1.22m Privileged Cont 0.98 0.98 0.00 11197 S 6 25.11m slimjet 0.98 0.00 0.98 9948 S 5 5.46m VBoxXPCOMIPCD 0.98 0.00 0.98 14051 S 3 8.50m java 0.98 0.98 0.00 9381 S 3 1.47m mate-terminal %CPU %USR %SYS PID S CPU Time Task 17.17 0.00 17.17 9982 S 1 8.11h VirtualBoxVM 8.08 2.02 6.06 107641 S 3 2.21h VirtualBoxVM 5.05 2.02 3.03 107700 S 6 2.25h VirtualBoxVM 5.05 4.04 1.01 11184 S 4 2.27h slimjet 5.05 3.03 2.02 11322 S 0 1.05h slimjet 3.03 3.03 0.00 11158 S 5 1.05h slimjet 2.02 1.01 1.01 11076 S 6 41.00m slimjet 2.02 2.02 0.00 11009 S 2 41.42m slimjet 2.02 2.02 0.00 13996 S 1 1.04h java 2.02 1.01 1.01 2679 S 3 49.22m Xorg 1.01 1.01 0.00 11485 S 7 7.12m slimjet 1.01 0.00 1.01 11197 S 6 25.11m slimjet 1.01 1.01 0.00 12468 S 6 36.72s slimjet 1.01 1.01 0.00 262429 S 6 20.49m seamonkey 1.01 0.00 1.01 368505 R 6 0.02s cpustat 1.01 1.01 0.00 106032 S 3 5.19m slimjet 1.01 1.01 0.00 10578 S 0 3.07m Web Content %CPU %USR %SYS PID S CPU Time Task 17.00 1.00 16.00 9982 S 1 8.11h VirtualBoxVM 6.00 1.00 5.00 107700 S 6 2.25h VirtualBoxVM 6.00 6.00 0.00 366129 S 6 8.96s slimjet 5.00 5.00 0.00 11485 S 7 7.12m slimjet 5.00 3.00 2.00 107641 S 3 2.21h VirtualBoxVM 4.00 4.00 0.00 11322 S 0 1.05h slimjet 3.00 3.00 0.00 11184 S 4 2.27h slimjet 3.00 2.00 1.00 11486 S 4 7.06m slimjet 3.00 2.00 1.00 13996 S 1 1.04h java 3.00 3.00 0.00 11158 S 5 1.05h slimjet 2.00 1.00 1.00 11633 S 5 1.30m slimjet 2.00 1.00 1.00 9954 S 5 15.46m VBoxSVC 2.00 2.00 0.00 11076 S 6 41.00m slimjet 2.00 1.00 1.00 105632 S 4 12.19m Telegram 2.00 1.00 1.00 368505 R 6 0.04s cpustat 1.00 1.00 0.00 11467 S 4 7.31m slimjet 1.00 1.00 0.00 11483 S 0 7.09m slimjet 1.00 1.00 0.00 11197 S 6 25.11m slimjet 1.00 1.00 0.00 10656 S 0 2.05m Web Content 1.00 0.00 1.00 9267 S 1 18.08m pulseaudio %CPU %USR %SYS PID S CPU Time Task 15.84 0.99 14.85 9982 S 1 8.11h VirtualBoxVM 5.94 1.98 3.96 107641 S 3 2.21h VirtualBoxVM 4.95 0.99 3.96 107700 S 6 2.25h VirtualBoxVM 4.95 2.97 1.98 11322 S 0 1.05h slimjet 3.96 3.96 0.00 11184 S 4 2.27h slimjet 2.97 2.97 0.00 11158 S 5 1.05h slimjet 2.97 1.98 0.99 2679 S 3 49.22m Xorg 1.98 0.99 0.99 9599 S 0 10.36m top 1.98 0.99 0.99 11076 S 6 41.00m slimjet 1.98 0.99 0.99 262429 S 6 20.49m seamonkey 1.98 0.99 0.99 11009 S 2 41.42m slimjet 1.98 0.99 0.99 13996 S 1 1.04h java 0.99 0.99 0.00 11485 S 7 7.12m slimjet 0.99 0.99 0.00 11483 S 0 7.09m slimjet 0.99 0.99 0.00 11197 S 6 25.11m slimjet 0.99 0.99 0.00 105632 S 4 12.19m Telegram 0.99 0.99 0.00 107380 S 2 1.03m mate-terminal 0.99 0.99 0.00 9670 S 0 18.13m mate-cpufreq-ap 0.99 0.99 0.00 366129 S 6 8.97s slimjet 0.99 0.00 0.99 368505 R 6 0.05s cpustat ^C %CPU %USR %SYS PID S CPU Time Task 16.13 9.68 6.45 9982 S 1 8.11h VirtualBoxVM 6.45 4.84 1.61 11322 S 0 1.05h slimjet 6.45 3.23 3.23 107641 S 3 2.21h VirtualBoxVM 4.84 4.84 0.00 262429 S 6 20.49m seamonkey 3.23 1.61 1.61 107700 S 6 2.25h VirtualBoxVM 3.23 3.23 0.00 11184 S 4 2.27h slimjet 3.23 1.61 1.61 107380 S 2 1.03m mate-terminal 3.23 1.61 1.61 2679 S 3 49.22m Xorg 1.61 1.61 0.00 11467 S 4 7.31m slimjet 1.61 0.00 1.61 14051 S 3 8.50m java 1.61 1.61 0.00 11076 S 6 41.00m slimjet 1.61 0.00 1.61 105632 S 4 12.19m Telegram 1.61 1.61 0.00 9670 S 0 18.13m mate-cpufreq-ap 1.61 1.61 0.00 9462 S 7 6.56s goa-identity-se 1.61 1.61 0.00 12635 S 7 13.22m slimjet 1.61 1.61 0.00 2519 S 3 10.22m teamviewerd 1.61 0.00 1.61 368505 R 6 0.06s cpustat 1.61 1.61 0.00 13996 S 1 1.04h java 1.61 1.61 0.00 11158 S 5 1.05h slimjet Grand Total (from 5 samples, 4.6 seconds): %CPU %USR %SYS PID S CPU Time Task 16.38 1.94 14.44 9982 S 1 8.11h VirtualBoxVM 6.25 2.37 3.88 107641 S 3 2.21h VirtualBoxVM 4.74 1.08 3.66 107700 S 6 2.25h VirtualBoxVM 4.74 3.66 1.08 11322 S 0 1.05h slimjet 3.88 3.66 0.22 11184 S 4 2.27h slimjet 2.59 2.59 0.00 11158 S 5 1.05h slimjet 2.16 1.72 0.43 262429 S 6 20.49m seamonkey 2.16 1.51 0.65 13996 S 1 1.04h java 2.16 1.51 0.65 2679 S 3 49.22m Xorg 1.94 1.51 0.43 11076 S 6 41.00m slimjet 1.72 1.72 0.00 366129 S 6 8.97s slimjet 1.51 1.51 0.00 11485 S 7 7.12m slimjet 1.29 0.65 0.65 105632 S 4 12.19m Telegram 1.08 0.22 0.86 368505 R 6 0.06s cpustat 1.08 0.86 0.22 107380 S 2 1.03m mate-terminal 1.08 0.86 0.22 11009 S 2 41.42m slimjet 0.86 0.65 0.22 11197 S 6 25.11m slimjet 0.86 0.43 0.43 9954 S 5 15.46m VBoxSVC 0.86 0.65 0.22 9670 S 0 18.13m mate-cpufreq-ap 0.65 0.43 0.22 11486 S 4 7.06m slimjet 0.65 0.22 0.43 9599 S 0 10.36m top 0.65 0.22 0.43 9267 S 1 18.08m pulseaudio 0.65 0.43 0.22 9262 S 7 14.43m marco 0.43 0.00 0.43 14051 S 3 8.50m java 0.43 0.22 0.22 11633 S 5 1.30m slimjet 0.43 0.43 0.00 11483 S 0 7.09m slimjet 0.43 0.43 0.00 11467 S 4 7.31m slimjet 0.43 0.43 0.00 11262 S 0 6.26m slimjet 0.43 0.43 0.00 11081 S 5 15.46m slimjet 0.43 0.22 0.22 2519 S 3 10.22m teamviewerd 0.22 0.22 0.00 262070 S 4 22.99s slimjet 0.22 0.22 0.00 106032 S 3 5.19m slimjet 0.22 0.22 0.00 18661 S 0 1.22m Privileged Cont 0.22 0.22 0.00 12635 S 7 13.22m slimjet 0.22 0.22 0.00 12468 S 6 36.72s slimjet 0.22 0.22 0.00 10656 S 0 2.05m Web Content 0.22 0.22 0.00 10630 S 3 1.30m Web Content 0.22 0.22 0.00 10578 S 0 3.07m Web Content 0.22 0.00 0.22 9948 S 5 5.46m VBoxXPCOMIPCD 0.22 0.22 0.00 9462 S 7 6.56s goa-identity-se 0.22 0.22 0.00 9381 S 3 1.47m mate-terminal 0.22 0.00 0.22 1737 S 6 5.57s php-fpm Distribution of CPU utilisation (per Task): % CPU Utilisation Count (%) 0.00 - 1.37 1921 97.02 1.37 - 2.74 0 0.00 2.74 - 4.11 35 1.77 4.11 - 5.48 0 0.00 5.48 - 6.85 7 0.35 6.85 - 8.22 7 0.35 8.23 - 9.60 4 0.20 9.60 - 10.97 0 0.00 10.97 - 12.34 1 0.05 12.34 - 13.71 0 0.00 13.71 - 15.08 0 0.00 15.08 - 16.45 1 0.05 16.45 - 17.82 0 0.00 17.82 - 19.19 0 0.00 19.19 - 20.56 0 0.00 20.56 - 21.93 0 0.00 21.94 - 23.31 0 0.00 23.31 - 24.68 0 0.00 24.68 - 26.05 2 0.10 26.05 - 27.42 2 0.10 Distribution of CPU utilisation (per CPU): CPU# USR% SYS% 0 6.03 1.72 1 3.66 15.52 2 1.72 0.43 3 4.74 5.17 4 5.39 1.08 5 3.66 0.86 6 7.11 5.82 7 2.37 0.22 [xtrnaw7@t540p /var/tmp/jwm/src]$

darkstat

darkstat captures network traffic, calculates statistics about usage, and serves reports over HTTP.

darkstat usage

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ darkstat --help darkstat 3.0.719 (using libpcap version 1.0.0) usage: darkstat [ -i interface ] [ -f filter ] [ -r capfile ] [ -p port ] [ -b bindaddr ] [ -l network/netmask ] [ --base path ] [ --local-only ] [ --snaplen bytes ] [ --pppoe ] [ --syslog ] [ --verbose ] [ --no-daemon ] [ --no-promisc ] [ --no-dns ] [ --no-macs ] [ --no-lastseen ] [ --chroot dir ] [ --user username ] [ --daylog filename ] [ --import filename ] [ --export filename ] [ --pidfile filename ] [ --hosts-max count ] [ --hosts-keep count ] [ --ports-max count ] [ --ports-keep count ] [ --highest-port port ] [ --wait secs ] [ --hexdump ] [ --version ] [ --help ] Please refer to the darkstat(8) manual page for further documentation and usage examples. [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$

To use it start it with for example

sudo darkstat -i eth0 -p 9999

Then use a Webbrowser with the URL <hostname:9999> to monitor the network traffic, e.g.

Note:

To save the captured output also in a file use the start parameter:

--chroot <outputdir> --export <outputfile> --user <run_user>

e.g.

--chroot /var/tmp/jwm/data --export darkstat.data --user xtrnaw7

The user <run_user> must have write access to the directory <outputdir>

You may use darkstat.sh to start or stop the darkstat daemon.

Usage examples from the darkstat manpage

USAGE EXAMPLES
       To gather statistics on the fxp0 interface:

              darkstat -i fxp0

       We want to account for traffic on the Internet-facing interface, but only serve web pages to our private local network where we have the IP address 192.168.0.1:

              darkstat -i fxp0 -b 192.168.0.1

       We want to serve web pages on the standard HTTP port:

              darkstat -i fxp0 -p 80

       We are on Optus (cable) and don't want to account for the constant ARP traffic we are receiving:

              darkstat -i fxp0 -f "not arp"

       We only want to account for SSH traffic:

              darkstat -i fxp0 -f "port 22"

       We don't want to account for traffic between internal IPs:

              darkstat -i fxp0 -f "not (src net 192.168.0 and dst net 192.168.0)"

       (For a full reference on filter syntax, refer to the tcpdump(1) manpage)

       We have a network consisting of a gateway server (192.168.1.1) and a few workstations (192.168.1.2, 192.168.1.3, etc.) and we want to graph all traffic entering and leaving the local net‐
       work, not just the gateway server (which is running darkstat):

              darkstat -i fxp0 -l 192.168.1.0/255.255.255.0

       On some systems, we can't capture on a "decoded" interface but only on nas0 which returns PPPoE encapsulated packets. Do PPPoE decoding, and override the local IP manually since it cannot
       be automatically detected. Note the /32 netmask:

              darkstat -i nas0 --pppoe -l 192.168.1.1/255.255.255.255

darkstat.sh

darkstat.sh is a script to start or stop the darkstat daemon

The current version of the script is always available here.

darkstat.sh usage

The usage of the script is:

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo scripts/darkstat.sh --help [25.10.2016 18:40 ] ### darkstat.sh started at Tue Oct 25 18:40:31 CEST 2016 darkstat.sh Function: start or stop darkstat Usage: darkstat.sh [-v|--verbose] [-q|--quiet] [-f|--force] [-p|--port darkstat_port] [-i|--interface interface] [-d|--datadir|--chroot datadirectory] [start [darkstat_options]|stop|restart [darkstat_options]|status|daemon_help] Parameter -v - verbose mode -q - quiet mode -f - force execution -p - port for darkstat (default: 667) -i - interface, default: interface used for the first default route in the output of "netstat -rn" -d - data directory for darkstat, default: /tmp or ${JWM_DIR}/data/darkstat if JWM_DIR is set darkstat_options - additional options for starting the darkstat daemon_help - list the usage help for the darkstat daemon To save the output also in a file use the start parameter: --chroot <outputdir> --export <outputfile> --user <run_user> e.g. --chroot /var/tmp/jwm/data --export darkstat.data --user xtrnaw7 The user <run_user> must have write access to the directory <outputdir> The script searches the darkstat binary in these directories: - the current working directory - the directory with this script - the directory ${JWM_DIR}/sbin - the directory ${PWD}/../sbin Author: Bernd Schemmer (Bernd.Schemmer@gmx.de) [25.10.2016 18:40 ] ### darkstat.sh ended at Tue Oct 25 18:40:31 CEST 2016

darkstat.sh examples

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo scripts/darkstat.sh status [25.10.2016 18:40 ] ### darkstat.sh started at Tue Oct 25 18:40:54 CEST 2016 [25.10.2016 18:40 ] Environment variable JWM_DIR not set - using the directory based on the script directory (scripts) [25.10.2016 18:40 ] The darkstat base directory is /var/tmp/jwm [25.10.2016 18:40 ] The interface used by darkstart is enp0s25 [25.10.2016 18:40 ] The data directory used by darkstat is /tmp [25.10.2016 18:40 ] The darkstat daemon is NOT running (well, it may be running but it was not started by this script) [25.10.2016 18:40 ] ### darkstat.sh ended at Tue Oct 25 18:40:54 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo scripts/darkstat.sh start [25.10.2016 18:41 ] ### darkstat.sh started at Tue Oct 25 18:41:01 CEST 2016 [25.10.2016 18:41 ] Environment variable JWM_DIR not set - using the directory based on the script directory (scripts) [25.10.2016 18:41 ] The darkstat base directory is /var/tmp/jwm [25.10.2016 18:41 ] The interface used by darkstart is enp0s25 [25.10.2016 18:41 ] The data directory used by darkstat is /tmp [25.10.2016 18:41 ] Starting the darkstat daemon ... [25.10.2016 18:41 ] The port to use for the darkstat daemon is 667 + ./sbin/darkstat -p 667 -i enp0s25 --chroot /tmp --pidfile darkstat.667_enp0s25.pid + 2>& 1 [25.10.2016 18:41 ] darkstat daemon started; the PID is 31824 [25.10.2016 18:41 ] Use http://localhost:667 or http://t540p:667 to access darkstat in your Webbrowser [25.10.2016 18:41 ] ### darkstat.sh ended at Tue Oct 25 18:41:01 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo scripts/darkstat.sh status [25.10.2016 18:41 ] ### darkstat.sh started at Tue Oct 25 18:41:07 CEST 2016 [25.10.2016 18:41 ] Environment variable JWM_DIR not set - using the directory based on the script directory (scripts) [25.10.2016 18:41 ] The darkstat base directory is /var/tmp/jwm [25.10.2016 18:41 ] The interface used by darkstart is enp0s25 [25.10.2016 18:41 ] The data directory used by darkstat is /tmp [25.10.2016 18:41 ] The darkstat daemon is running; the PID is 31824 UID PID PPID C STIME TTY TIME CMD nobody 31824 1 0 18:41 ? 00:00:00 ./sbin/darkstat -p 667 -i enp0s25 --chroot /tmp --pidfile darkstat.667_enp0s25.pid [25.10.2016 18:41 ] The darkstat daemon is listening on these ports: tcp 0 0 0.0.0.0:667 0.0.0.0:* LISTEN 31824/./sbin/darkst tcp6 0 0 :::667 :::* LISTEN 31824/./sbin/darkst [25.10.2016 18:41 ] ### darkstat.sh ended at Tue Oct 25 18:41:07 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo scripts/darkstat.sh stop [25.10.2016 18:41 ] ### darkstat.sh started at Tue Oct 25 18:41:10 CEST 2016 [25.10.2016 18:41 ] Environment variable JWM_DIR not set - using the directory based on the script directory (scripts) [25.10.2016 18:41 ] The darkstat base directory is /var/tmp/jwm [25.10.2016 18:41 ] The interface used by darkstart is enp0s25 [25.10.2016 18:41 ] The data directory used by darkstat is /tmp [25.10.2016 18:41 ] The darkstat daemon is running; the PID is 31824 [25.10.2016 18:41 ] Stopping the darkstat daemon ... [25.10.2016 18:41 ] ### darkstat.sh ended at Tue Oct 25 18:41:11 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo scripts/darkstat.sh status [25.10.2016 18:41 ] ### darkstat.sh started at Tue Oct 25 18:41:14 CEST 2016 [25.10.2016 18:41 ] Environment variable JWM_DIR not set - using the directory based on the script directory (scripts) [25.10.2016 18:41 ] The darkstat base directory is /var/tmp/jwm [25.10.2016 18:41 ] The interface used by darkstart is enp0s25 [25.10.2016 18:41 ] The data directory used by darkstat is /tmp [25.10.2016 18:41 ] The darkstat daemon is NOT running (well, it may be running but it was not started by this script) [25.10.2016 18:41 ] ### darkstat.sh ended at Tue Oct 25 18:41:14 CEST 2016

Start darkstat and save the captured data to a file:

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo scripts/darkstat.sh start --export darkstat.data --user xtrnaw7 [25.10.2016 18:45 ] ### darkstat.sh started at Tue Oct 25 18:45:16 CEST 2016 [25.10.2016 18:45 ] Environment variable JWM_DIR not set - using the directory based on the script directory (scripts) [25.10.2016 18:45 ] The darkstat base directory is /var/tmp/jwm [25.10.2016 18:45 ] The interface used by darkstart is enp0s25 [25.10.2016 18:45 ] The data directory used by darkstat is /tmp [25.10.2016 18:45 ] Starting the darkstat daemon ... [25.10.2016 18:45 ] The port to use for the darkstat daemon is 667 [25.10.2016 18:45 ] The additional options to use for the darkstat daemon are "--export darkstat.data --user xtrnaw7" + ./sbin/darkstat -p 667 -i enp0s25 --chroot /tmp --pidfile darkstat.667_enp0s25.pid --export darkstat.data --user xtrnaw7 + 2>& 1 [25.10.2016 18:45 ] darkstat daemon started; the PID is 32261 [25.10.2016 18:45 ] Use http://localhost:667 or http://t540p:667 to access darkstat in your Webbrowser [25.10.2016 18:45 ] ### darkstat.sh ended at Tue Oct 25 18:45:17 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo scripts/darkstat.sh stop [25.10.2016 18:45 ] ### darkstat.sh started at Tue Oct 25 18:45:36 CEST 2016 [25.10.2016 18:45 ] Environment variable JWM_DIR not set - using the directory based on the script directory (scripts) [25.10.2016 18:45 ] The darkstat base directory is /var/tmp/jwm [25.10.2016 18:45 ] The interface used by darkstart is enp0s25 [25.10.2016 18:45 ] The data directory used by darkstat is /tmp [25.10.2016 18:45 ] The darkstat daemon is running; the PID is 32261 [25.10.2016 18:45 ] Stopping the darkstat daemon ... [25.10.2016 18:45 ] ### darkstat.sh ended at Tue Oct 25 18:45:37 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ ls -l /tmp/darkstat.data -rw------- 1 xtrnaw7 xtrnaw7 3402 Oct 25 18:45 /tmp/darkstat.data [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$

Or to use another data directory ( /var/tmp/test in this example):

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo scripts/darkstat.sh --chroot /var/tmp/test/ start --export darkstat.data --user xtrnaw7 [25.10.2016 18:46 ] ### darkstat.sh started at Tue Oct 25 18:46:52 CEST 2016 [25.10.2016 18:46 ] Environment variable JWM_DIR not set - using the directory based on the script directory (scripts) [25.10.2016 18:46 ] The darkstat base directory is /var/tmp/jwm [25.10.2016 18:46 ] The interface used by darkstart is enp0s25 [25.10.2016 18:46 ] The data directory used by darkstat is /var/tmp/test/ [25.10.2016 18:46 ] Starting the darkstat daemon ... [25.10.2016 18:46 ] The port to use for the darkstat daemon is 667 [25.10.2016 18:46 ] The additional options to use for the darkstat daemon are "--export darkstat.data --user xtrnaw7" + ./sbin/darkstat -p 667 -i enp0s25 --chroot /var/tmp/test/ --pidfile darkstat.667_enp0s25.pid --export darkstat.data --user xtrnaw7 + 2>& 1 [25.10.2016 18:46 ] darkstat daemon started; the PID is 32500 [25.10.2016 18:46 ] Use http://localhost:667 or http://t540p:667 to access darkstat in your Webbrowser [25.10.2016 18:46 ] ### darkstat.sh ended at Tue Oct 25 18:46:52 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ # Note: You must use the --chroot parameter for every call of the script (because the PID filename is relative to the directory in the --chroot parameter) [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo scripts/darkstat.sh stop [25.10.2016 18:47 ] ### darkstat.sh started at Tue Oct 25 18:47:01 CEST 2016 [25.10.2016 18:47 ] Environment variable JWM_DIR not set - using the directory based on the script directory (scripts) [25.10.2016 18:47 ] The darkstat base directory is /var/tmp/jwm [25.10.2016 18:47 ] The interface used by darkstart is enp0s25 [25.10.2016 18:47 ] The data directory used by darkstat is /tmp [25.10.2016 18:47 ] The darkstat daemon is NOT running (well, it may be running but it was not started by this script) [25.10.2016 18:47 ] ### darkstat.sh ended at Tue Oct 25 18:47:01 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo scripts/darkstat.sh --chroot /var/tmp/test/ stop [25.10.2016 18:47 ] ### darkstat.sh started at Tue Oct 25 18:47:14 CEST 2016 [25.10.2016 18:47 ] Environment variable JWM_DIR not set - using the directory based on the script directory (scripts) [25.10.2016 18:47 ] The darkstat base directory is /var/tmp/jwm [25.10.2016 18:47 ] The interface used by darkstart is enp0s25 [25.10.2016 18:47 ] The data directory used by darkstat is /var/tmp/test/ [25.10.2016 18:47 ] The darkstat daemon is running; the PID is 32500 [25.10.2016 18:47 ] Stopping the darkstat daemon ... [25.10.2016 18:47 ] ### darkstat.sh ended at Tue Oct 25 18:47:15 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ ls -l /var/tmp/test/darkstat.data -rw------- 1 xtrnaw7 xtrnaw7 3877 Oct 25 18:47 /var/tmp/test/darkstat.data [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$

The known parameter of the darkstat daemon are:

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$ sudo ./darkstat.sh daemon_help [25.10.2016 19:07 ] ### darkstat.sh started at Tue Oct 25 19:07:02 CEST 2016 [25.10.2016 19:07 ] Environment variable JWM_DIR not set - using the directory based on the script directory (.) [25.10.2016 19:07 ] The darkstat base directory is /var/tmp/jwm [25.10.2016 19:07 ] The interface used by darkstart is enp0s25 [25.10.2016 19:07 ] The data directory used by darkstat is /tmp [25.10.2016 19:07 ] Additional parameter supported by the darkstat daemon are: darkstat 3.0.719 (using libpcap version 1.0.0) usage: darkstat [ -i interface ] [ -f filter ] [ -r capfile ] [ -p port ] [ -b bindaddr ] [ -l network/netmask ] [ --base path ] [ --local-only ] [ --snaplen bytes ] [ --pppoe ] [ --syslog ] [ --verbose ] [ --no-daemon ] [ --no-promisc ] [ --no-dns ] [ --no-macs ] [ --no-lastseen ] [ --chroot dir ] [ --user username ] [ --daylog filename ] [ --import filename ] [ --export filename ] [ --pidfile filename ] [ --hosts-max count ] [ --hosts-keep count ] [ --ports-max count ] [ --ports-keep count ] [ --highest-port port ] [ --wait secs ] [ --hexdump ] [ --version ] [ --help ] Please refer to the darkstat(8) manual page for further documentation and usage examples. [25.10.2016 19:07 ] ### darkstat.sh ended at Tue Oct 25 19:07:02 CEST 2016 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/scripts]$

dhtest

dhtest is DHCP test program.

dhtest usage

[xtrnaw7@t540p /data/download/dhtest-master]$ ./dhtest -h Usage: ./dhtest [ options ] -m mac_address -N # always use interface's MAC address in Ethernet frame -r, --release # Releases obtained DHCP IP for corresponding MAC -L, --option51-lease_time [ Lease_time ] # Option 51. Requested lease time in secondes -I, --option50-ip [ IP_address ] # Option 50 IP address on DHCP discover -o, --option60-vci [ VCI_string ] # Vendor Class Idendifier string -h, --option12-hostname [ hostname_string ] # Client hostname string -c, --custom-dhcp-option [ option_format ] # option_format - option_number,type_of_option_value(str|num|hex|ip),option_value -v, --vlan [ vlan_id ] # VLAN ID. Range(1 - 4094) -t, --tos [ TOS_value ] # IP header TOS value -i, --interface [ interface ] # Interface to use. Default eth0 -T, --timeout [ cmd_timeout ] # Command returns within specified timout in seconds -b, --bind-ip # Listens on the obtained IP. Supported protocols - ARP and ICMP -k, --bind-timeout [ timeout ] # Listen timout in seconds. Default 3600 seconds -f, --bcast_flag # Sets broadcast flag on DHCP discover and request -d, --fqdn-domain-name [ fqdn ] # FQDN domain name to use -n, --fqdn-server-not-update # Sets FQDN server not update flag -s, --fqdn-server-update-a # Sets FQDN server update flag -p, --padding # Add padding to packet to be at least 300 bytes -P, --port [ port ] # Use port instead of 67 -g, --giaddr [ giaddr ] # Use giaddr instead of 0.0.0.0 -u, --unicast [ ip ] # Unicast request, IP is optional. If not specified, the interface address will be used. -a, --nagios # Nagios output format. -S, --server [ address ] # Use server address instead of 255.255.255.255 -j, --json # Set the output format to json -D, --decline # Declines obtained DHCP IP for corresponding MAC -V, --verbose # Prints DHCP offer and ack details dhtest version 1.5 [xtrnaw7@t540p /data/download/dhtest-master]$

dmidecode

"dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB)."

dmidecode usage

[xtrnaw7@t15g /var/tmp/jwm/src]$ ../sbin/dmidecode -h Usage: dmidecode [OPTIONS] Options are: -d, --dev-mem FILE Read memory from device FILE (default: /dev/mem) -h, --help Display this help text and exit -q, --quiet Less verbose output --no-quirks Decode everything without quirks -s, --string KEYWORD Only display the value of the given DMI string -t, --type TYPE Only display the entries of given type -H, --handle HANDLE Only display the entry of given handle -u, --dump Do not decode the entries --dump-bin FILE Dump the DMI data to a binary file --from-dump FILE Read the DMI data from a binary file --no-sysfs Do not attempt to read DMI data from sysfs files --oem-string N Only display the value of the given OEM string -V, --version Display the version and exit [xtrnaw7@t15g /var/tmp/jwm/src]$

dropwatch

dropwatch is a tool to improve the ability for developers and system administrator to diagnose problems in the Linux Networking stack, specifically in our ability to diagnose where packets are getting dropped.

dropwatch usage

[xtrnaw7@t540p /var/tmp/jwm/bin]$ ./dropwatch -h ./dropwatch: invalid option -- 'h' dropwatch [-l|--lmethod <method | list>] [xtrnaw7@t540p /var/tmp/jwm/bin]$

dropwatch example

[xtrnaw7@t540p /var/tmp/jwm/bin]$ ./dropwatch -l kas Initalizing kallsyms db dropwatch> help Command Syntax: exit - Quit dropwatch help - Display this message set: alertlimit <number> - caputre only this many alert packets start - start capture stop - stop capture dropwatch> start Enabling monitoring... Kernel monitoring activated. Issue Ctrl-C to stop monitoring Error Scanning File: : Success 2 drops at location 0xffffffffac9103a8 Error Scanning File: : Success 4 drops at location 0xffffffffac9103a8 Error Scanning File: : Success 2 drops at location 0xffffffffac9103a8 ^CGot a stop message dropwatch> exit Shutting down ... [xtrnaw7@t540p /var/tmp/jwm/bin]$

dnscap

"dnscap is a network capture utility designed specifically for DNS traffic. It produces binary data in pcap(3) and other format. This utility is similar to tcpdump(1), but has a number of features tailored to DNS transactions and protocol options. DNS-OARC uses dnscap for DITL data collections."

dnscap usage

[xtrnaw7@t15g /var/tmp/jwm/src/dnscap-2.2.0]$ ../../bin/dnscap -? dnscap: version 2.2.0 usage: dnscap [-?VbNpd1gfTISMD] [-o option=value]+ [-i <if>]+ [-r <file>]+ [-l <vlan>]+ [-L <vlan>]+ [-u <port>] [-m [qun]] [-e [nytfsxir]] [-h [ir]] [-s [ir]] [-a <host>]+ [-z <host>]+ [-A <host>]+ [-Z <host>]+ [-Y <host>]+ [-w <base> [-W <suffix>] [-k <cmd>] -F <format>] [-t <lim>] [-c <lim>] [-C <lim>] [-x <pat>]+ [-X <pat>]+ [-B <datetime>] [-E <datetime>] [-U <str>] [-q <num|str>] [-Q <num|str>] [-P plugin.so <plugin options...>] options: -? or -\? print these instructions and exit -V print version and exit -o opt=val extended options, see man page for list of options -b run in background as daemon -N do not attempt to drop privileges, this is implicit if only reading offline pcap files -p do not put interface in promiscuous mode -d dump verbose trace information to stderr, specify multiple times to increase debugging -1 flush output on every packet -g dump packets dig-style on stderr -f include fragmented packets -T include TCP packets (DNS header filters will inspect only the first DNS header, and the result will apply to all messages in the TCP stream; DNS payload filters will not be applied.) -I include ICMP and ICMPv6 packets -i <if> select this live interface(s) -r <file> read this pcap file -l <vlan> select only these vlan(s) (4095 for all) -L <vlan> select these vlan(s) and non-VLAN frames (4095 for all) -u <port> dns port (default: 53) -m [qun] select messages: query, update, notify -e [nytfsxir] select error/response code n = no error y = any error t = truncated response f = format error (rcode 1) s = server failure (rcode 2) x = nxdomain (rcode 3) i = not implemented (rcode 4) r = refused (rcode 5) -h [ir] hide initiators and/or responders -s [ir] select sides: initiations, responses -a <host> want messages from these initiator(s) -z <host> want messages from these responder(s) -A <host> want messages NOT to/from these initiator(s) -Z <host> want messages NOT to/from these responder(s) -Y <host> drop responses from these responder(s) -w <base> dump to <base>.<timesec>.<timeusec> -W <suffix> add suffix to dump file name, e.g. '.pcap' -k <cmd> kick off <cmd> when each dump closes -F <format> dump format: pcap (default), cbor, cds -t <lim> close dump or exit every/after <lim> secs -c <lim> close dump or exit every/after <lim> pkts -C <lim> close dump or exit every/after <lim> bytes captured -x <pat> select messages matching regex <pat> -X <pat> select messages not matching regex <pat> -S show summarized statistics -B <datetime> begin collecting at this date and time -E <datetime> end collecting at this date and time -M set monitor mode on interfaces -D set immediate mode on interfaces -U <str> append 'and <str>' to the pcap filter -q <num|str> select messages based on QTYPE -Q <num|str> filter out messages based on QTYPE -P <plugin.so> load plugin, any argument after this is sent to the plugin! [xtrnaw7@t15g /var/tmp/jwm/src/dnscap-2.2.0]$

dnscap example

[xtrnaw7@t15g /var/tmp/jwm]$ sudo bin/dnscap -i enp11s0 -P ./lib/dnscap/eventlog.soDNS event logging started.src=192.168.1.108 spt=37330 dst=192.168.1.240 dpt=53 proto=UDP mid=12510 op=0 fl=|RD| rc=OK cl=IN tp=A name=conncheck.opensuse.org.src=192.168.1.240 spt=53 dst=192.168.1.108 dpt=37330 proto=UDP mid=12510 op=0 fl=|QR|RD|RA| rc=OK cl=IN tp=A name=conncheck.opensuse.org. ans=91.193.113.65,195.135.223.50src=192.168.1.108 spt=53565 dst=192.168.1.240 dpt=53 proto=UDP mid=62121 op=0 fl=|RD| rc=OK cl=IN tp=A name=conncheck.opensuse.org.src=192.168.1.240 spt=53 dst=192.168.1.108 dpt=53565 proto=UDP mid=62121 op=0 fl=|QR|RD|RA| rc=OK cl=IN tp=A name=conncheck.opensuse.org. ans=195.135.223.50,91.193.113.65src=192.168.1.164 spt=40648 dst=192.168.1.240 dpt=53 proto=UDP mid=26757 op=0 fl=|RD| rc=OK cl=IN tp=A name=www.heise.de.src=192.168.1.164 spt=40648 dst=192.168.1.240 dpt=53 proto=UDP mid=59524 op=0 fl=|RD| rc=OK cl=IN tp=AAAA name=www.heise.de.src=192.168.1.240 spt=53 dst=192.168.1.164 dpt=40648 proto=UDP mid=26757 op=0 fl=|QR|RD|RA| rc=OK cl=IN tp=A name=www.heise.de. ans=193.99.144.85src=192.168.1.240 spt=53 dst=192.168.1.164 dpt=40648 proto=UDP mid=59524 op=0 fl=|QR|RD|RA| rc=OK cl=IN tp=AAAA name=www.heise.de. ans=2a02:2e0:3fe:1001:7777:772e:2:85src=192.168.1.164 spt=51446 dst=192.168.1.240 dpt=53 proto=UDP mid=33468 op=0 fl=|RD| rc=OK cl=IN tp=PTR name=85.144.99.193.in-addr.arpa.src=192.168.1.240 spt=53 dst=192.168.1.164 dpt=51446 proto=UDP mid=33468 op=0 fl=|QR|RD|RA| rc=OK cl=IN tp=PTR name=85.144.99.193.in-addr.arpa.src=192.168.1.164 spt=38124 dst=192.168.1.240 dpt=53 proto=UDP mid=10613 op=0 fl=|RD| rc=OK cl=IN tp=PTR name=85.144.99.193.in-addr.arpa.src=192.168.1.240 spt=53 dst=192.168.1.164 dpt=38124 proto=UDP mid=10613 op=0 fl=|QR|RD|RA| rc=OK cl=IN tp=PTR name=85.144.99.193.in-addr.arpa.^Cdnscap: signalled break[xtrnaw7@t15g /var/tmp/jwm]$

dstat

"dstat is a versatile replacement for vmstat, iostat, netstat and ifstat. Dstat overcomes some of their limitations and adds some extra features, more counters and flexibility. Dstat is handy for monitoring systems during performance tuning tests, benchmarks or troubleshooting.

Dstat allows you to view all of your system resources in real-time, you can eg. compare disk utilization in combination with interrupts from your IDE controller, or compare the network bandwidth numbers directly with the disk throughput (in the same interval). "

dstat usage

The usage for dstat is: xtrnaw7@t61p Thu Oct 31 20:29:18 /var/tmp/jwm/bin $ ./dstat --help Usage: dstat [-afv] [options..] [delay [count]] Versatile tool for generating system resource statistics Dstat options: -c, --cpu enable cpu stats -C 0,3,total include cpu0, cpu3 and total -d, --disk enable disk stats -D total,hda include hda and total -g, --page enable page stats -i, --int enable interrupt stats -I 5,eth2 include int5 and interrupt used by eth2 -l, --load enable load stats -m, --mem enable memory stats -n, --net enable network stats -N eth1,total include eth1 and total -p, --proc enable process stats -r, --io enable io stats (I/O requests completed) -s, --swap enable swap stats -S swap1,total include swap1 and total -t, --time enable time/date output -T, --epoch enable time counter (seconds since epoch) -y, --sys enable system stats --aio enable aio stats --fs, --filesystem enable fs stats --ipc enable ipc stats --lock enable lock stats --raw enable raw stats --socket enable socket stats --tcp enable tcp stats --udp enable udp stats --unix enable unix stats --vm enable vm stats --plugin-name enable plugins by plugin name (see manual) --list list all available plugins -a, --all equals -cdngy (default) -f, --full automatically expand -C, -D, -I, -N and -S lists -v, --vmstat equals -pmgdsc -D total --float force float values on screen --integer force integer values on screen --bw, --blackonwhite change colors for white background terminal --nocolor disable colors (implies --noupdate) --noheaders disable repetitive headers --noupdate disable intermediate updates --output file write CSV output to file delay is the delay in seconds between each update (default: 1) count is the number of updates to display before exiting (default: unlimited)

fiemap

fiemap reads file extents using the FIEMAP ioctl.

Usage: fiemap <file>

fiemap examples

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/src]$ fiemap /boot/initramfs-4.7.7-100.fc23.x86_64.img File /boot/initramfs-4.7.7-100.fc23.x86_64.img has 2 extents: # Logical Physical Length Flags 0: 0000000000000000 0000000007600400 0000000000a00000 0000 1: 0000000000a00000 000000000a800400 0000000000833800 0001 [JWM session] [xtrnaw7@t540p /var/tmp/jwm/src]$ fiemap /data/VirtualBox_Harddisks/sles11/SLES\ 11.vdi File /data/VirtualBox_Harddisks/sles11/SLES 11.vdi has 48 extents: # Logical Physical Length Flags 0: 0000000000000000 0000009bd3800000 0000000008000000 0000 1: 0000000008000000 0000009bdb800000 0000000008000000 0000 2: 0000000010000000 0000009be3800000 0000000008000000 0000 3: 0000000018000000 0000009beb800000 0000000008000000 0000 4: 0000000020000000 0000009bf3800000 0000000008000000 0000 5: 0000000028000000 0000009bfb800000 0000000004800000 0000 6: 000000002c800000 0000009c08000000 0000000008000000 0000 7: 0000000034800000 0000009c10000000 0000000008000000 0000 8: 000000003c800000 0000009c18000000 0000000008000000 0000 9: 0000000044800000 0000009c20000000 0000000008000000 0000 10: 000000004c800000 0000009c28000000 0000000008000000 0000 11: 0000000054800000 0000009c30000000 0000000008000000 0000 12: 000000005c800000 0000009c38000000 0000000008000000 0000 13: 0000000064800000 0000009c40000000 0000000008000000 0000 14: 000000006c800000 0000009c48000000 0000000008000000 0000 15: 0000000074800000 0000009c50000000 0000000008000000 0000 16: 000000007c800000 0000009c58000000 0000000008000000 0000 17: 0000000084800000 0000009c60000000 0000000008000000 0000 18: 000000008c800000 0000009c68000000 0000000008000000 0000 19: 0000000094800000 0000009c70000000 0000000008000000 0000 20: 000000009c800000 0000009c78000000 0000000008000000 0000 21: 00000000a4800000 0000009c88000000 0000000008000000 0000 22: 00000000ac800000 0000009c90000000 0000000008000000 0000 23: 00000000b4800000 0000009c98000000 0000000008000000 0000 24: 00000000bc800000 0000009ca0000000 0000000008000000 0000 25: 00000000c4800000 0000009ca8000000 0000000008000000 0000 26: 00000000cc800000 0000009cb0000000 0000000008000000 0000 27: 00000000d4800000 0000009cb8000000 0000000008000000 0000 28: 00000000dc800000 0000009cc0000000 0000000008000000 0000 29: 00000000e4800000 0000009cc8000000 0000000008000000 0000 30: 00000000ec800000 0000009cd0000000 0000000008000000 0000 31: 00000000f4800000 0000009cd8000000 0000000008000000 0000 32: 00000000fc800000 0000009ce0000000 0000000008000000 0000 33: 0000000104800000 0000009ce8000000 0000000008000000 0000 34: 000000010c800000 0000009cf0000000 0000000008000000 0000 35: 0000000114800000 0000009cf8000000 0000000008000000 0000 36: 000000011c800000 0000009d08000000 0000000008000000 0000 37: 0000000124800000 0000009d10000000 0000000008000000 0000 38: 000000012c800000 0000009d18000000 0000000008000000 0000 39: 0000000134800000 0000009d20000000 0000000008000000 0000 40: 000000013c800000 0000009d28000000 0000000008000000 0000 41: 0000000144800000 0000009d30000000 0000000008000000 0000 42: 000000014c800000 0000009d38000000 0000000008000000 0000 43: 0000000154800000 0000009d40000000 0000000008000000 0000 44: 000000015c800000 0000009d48000000 0000000008000000 0000 45: 0000000164800000 0000009d50000000 0000000008000000 0000 46: 000000016c800000 0000009d58000000 0000000008000000 0000 47: 0000000174800000 0000009d60000000 0000000005d09000 0001

fnotifystat

"fnotifystat is a program that dumps the file system activity in a given period of time."

fnotifystat usage

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/src]$ fnotifystat -h fnotifystat, version 0.01.16 Options are: -c cumulative totals over time -d strip directory off the filenames -D order stats by unique device -f force output -h show this help -i specify pathnames to include on path events -I order stats by unique device and inode -m merge events on same file and pid in same second -n no stats, just -v verbose mode only -p PID collect stats for just process with pid PID -P sort stats by process ID -s disable scaling of file counts -t N show just the busiest N files -T show timestamp -v verbose mode, dump out all file activity -x specify pathnames to exclude on path events [JWM session] [xtrnaw7@t540p /var/tmp/jwm/src]$

fnotifystat example

[JWM session] [xtrnaw7@t540p /var/tmp/jwm/src]$ sudo ../sbin/fnotifystat -i /var/log Total Open Close Read Write PID Process Pathname 4.0 1.0 1.0 2.0 0.0 24828 <unknown> /var/log 4.0 1.0 1.0 2.0 0.0 24827 <unknown> /var/log Total Open Close Read Write PID Process Pathname 4.0 1.0 1.0 2.0 0.0 24831 <unknown> /var/log Total Open Close Read Write PID Process Pathname 6.0 0.0 0.0 0.0 6.0 1335 rsyslogd /var/log/messages 6.0 0.0 0.0 0.0 6.0 1335 rsyslogd /var/log/secure 3.0 0.0 0.0 0.0 3.0 1257 auditd /var/log/audit/audit.log 2.0 1.0 0.0 1.0 0.0 24852 more /var/log/messages Total Open Close Read Write PID Process Pathname 4.0 0.0 0.0 0.0 4.0 1335 rsyslogd /var/log/messages 2.0 0.0 0.0 0.0 2.0 1257 auditd /var/log/audit/audit.log 2.0 0.0 0.0 0.0 2.0 1335 rsyslogd /var/log/secure 1.0 0.0 1.0 0.0 0.0 24852 more /var/log/messages ^C[JWM session] [xtrnaw7@t540p /var/tmp/jwm/src]$

forkstat

"forkstat is a program that logs process fork(), exec() and exit() activity. It is useful for monitoring system behaviour and to track down rogue processes that are spawning off processes and potentially abusing the system.

Note that forkstat uses the Linux netlink connector to gather process activity and this may miss events if the system is overly busy. Netlink connector also requires root privilege."

forkstat usage

[xtrnaw7@t15g /var/tmp/jwm/src]$ ../sbin/forkstat -h forkstat, version 0.03.02 usage: ../sbin/forkstat [-c|-d|-D|-e|-E|-g|-h|-l|-s|-S|-q|-x|-X] -c use task comm field for process name. -d strip off directory path from process name. -D specify run duration in seconds. -e select which events to monitor. -E equivalent to -e all. -g show glyphs for event types. -h show this help. -l force stdout line buffering. -r run with real time FIFO scheduler. -s show short process name. -S show event statistics at end of the run. -q run quietly and enable -S option. -x show extra process information. -X equivalent to -EgrSx. [xtrnaw7@t15g /var/tmp/jwm/src]$

forkstat example

[JWM session] [xtrnaw7@t540p /var/tmp/jwm]$ sudo sbin/forkstat -sS -D 5 Time Event PID Info Duration Process 21:20:43 fork 1944 parent bash 21:20:43 fork 5562 child bash 21:20:43 exec 5562 /usr/sbin/tc 21:20:43 exit 5562 0 0.001 /usr/sbin/tc 21:20:44 fork 1944 parent bash 21:20:44 fork 5563 child bash 21:20:44 exec 5563 /usr/sbin/tc 21:20:44 exit 5563 0 0.001 /usr/sbin/tc 21:20:44 clone 1 parent /usr/lib/systemd/systemd 21:20:44 clone 5564 thread /usr/lib/systemd/systemd 21:20:44 exit 5564 0 0.000 /usr/lib/systemd/systemd 21:20:45 fork 1944 parent bash 21:20:45 fork 5565 child bash 21:20:45 exec 5565 /usr/sbin/tc 21:20:45 exit 5565 0 0.001 /usr/sbin/tc 21:20:45 clone 1 parent /usr/lib/systemd/systemd 21:20:45 clone 5566 thread /usr/lib/systemd/systemd 21:20:45 exit 5566 0 0.000 /usr/lib/systemd/systemd 21:20:45 clone 1422 parent /usr/sbin/NetworkManager 21:20:45 clone 5567 thread /usr/sbin/NetworkManager 21:20:45 exit 5554 0 unknown sleep 21:20:45 fork 4711 parent /bin/bash 21:20:45 fork 5568 child /bin/bash 21:20:45 exit 5568 0 0.000 /bin/bash 21:20:45 fork 4711 parent /bin/bash 21:20:45 fork 5569 child /bin/bash 21:20:45 exec 5569 /usr/bin/esmtp 21:20:45 exit 5569 19968 0.002 /usr/bin/esmtp 21:20:45 fork 4711 parent /bin/bash 21:20:45 fork 5570 child /bin/bash 21:20:45 exec 5570 expr 21:20:45 exit 5570 0 0.001 expr 21:20:45 fork 4711 parent /bin/bash 21:20:45 fork 5571 child /bin/bash 21:20:45 exec 5571 sleep 21:20:46 fork 1944 parent bash 21:20:46 fork 5572 child bash 21:20:46 exec 5572 /usr/sbin/tc 21:20:46 exit 5572 0 0.001 /usr/sbin/tc 21:20:46 clone 1 parent /usr/lib/systemd/systemd 21:20:46 clone 5573 thread /usr/lib/systemd/systemd 21:20:46 exit 5573 0 0.000 /usr/lib/systemd/systemd 21:20:46 fork 2 parent [kthreadd] 21:20:46 fork 5574 child [kworker/u16:7] 21:20:46 exit 5479 0 unknown /usr/lib64/firefox/firefox 21:20:47 fork 1944 parent bash Time Event PID Info Duration Process 21:20:47 fork 5575 child bash 21:20:47 exec 5575 /usr/sbin/tc 21:20:47 exit 5575 0 0.001 /usr/sbin/tc 21:20:47 clone 1 parent /usr/lib/systemd/systemd 21:20:47 clone 5576 thread /usr/lib/systemd/systemd 21:20:47 exit 5576 0 0.000 /usr/lib/systemd/systemd [JWM session] [xtrnaw7@t540p /var/tmp/jwm]$

eventstat

"eventstat periodically dumps out the current kernel event state. It keeps track of current events an