network system descounters are a subset of an object. for any given object, you will have multiple...

7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

1/28

j

Network System Design Assgnment 3

Name SLIIT ID CURTIN ID

T.M.G Buddhika DCN/09/C4-0780 15649142

K.E.H Peiris DIT/07C1-0040 14250860

P.A .D.K Ponnamperuma DCN/09/C3-0611 15647272

1


2/28

Windows Performance Monitor (PerfMon) has been around for several generations of

Windows and allows you to monitor, either over time or in real-time, the performance

statistics of a Windows server.

Performance Monitor can capture a plethora of information on a Windows Server and is

useful in diagnosing performance problems. However, to meaningfully analyze the PerfMondata captured when troubleshooting performance issues, it is critical that you have a baseline

of normal system performance for comparison. This article focuses on using PerfMon to

create a performance baseline on a Windows Terminal Server, but the following information

also applies to baselining any Windows-based server.

Using Performance Monitor, performance data can be captured in a variety of granularity,

from total processor utilization on a server down to the processor time used by an individual

Windows process. However, to understand how to obtain the information you want, it is

important to understand the three fundamental levels of monitoring criteria. These three

levels are detailed below:

Objects: Objects are the top-most criteria for monitoring a set of attributes on the server.

Typical objects include Memory, Network, Paging File, Processor, etc.

Counters: Counters are a subset of an object. For any given object, you will have multiple

counters. For example, the Processor object has various counters to choose from: %

processor time, % privileged time, % user time, interrupts/second, etc.

Instances: Each counter can have one or more instances. Using the example above of the

processor object, % processor time would have two instances in a dual-processor system

one for each processor (0 and 1). You have the ability to monitor only one instance of a given

counter if you wish.

Another way to look at this relationship is as follows (figure 1):

Figure 1

You can select the object itself, which includes all counters and all instances of each counter,

a specific counter for an object, which includes all instances for that counter, or you can

select only to view/track a specific instance of a given counter (for example, instance 0 of the

% Processor Time counter of theProcessorobject).

Using Performance Monitor

2


3/28

The default screen shows current activity on the system, measuring pages/sec, average disk

queue length and processor utilization.

1. To baseline a system, select Counter Logs underPerformance Logs and Alerts. By

default, there is a basic counter log that measures the same three counters as listed

above. Although you cant delete the sample, you can create your own custom counterlog.

2. Right click on Counter Logs and selectNew Log Settings TheNew Log Settings

screen comes up and prompts you to name the job. As a good rule of thumb, it is best

to make the job name as descriptive as possible to make future references easier.

Include things like the server name and the date that the baseline is being taken.

Enter the job name and clickOK.

3. Now its time to set up the counters. You will notice that there are two buttons

available Add Objects andAdd Counters. Most of the time, you will find that adding

entire objects will result in too much data being collected. For a proper baseline, you

only need to capture the basic information about the performance of a server.Granular items (such asProcessor\Pool Paged Bytes) will have no bearing on the

baseline, so its overkill. Also, with each additional counter added, the server has to

use resources to track that performance data. Adding too many counters by selecting

entire objects can easily put undue strain on a server and skew your baseline results.

Therefore, its best to only add the counters you wish to track.

ClickingAdd Counters button will bring up the following screen (figure 2)

3


4/28

Figure 2

By selecting a performance object from the drop-down list, you can drill down to specific

counters and instances of that object.

Below is a list of object counters that make up a good, well-rounded baseline. You should

include all instances of each counter except for the Network counters; they should only

monitor the instances for the NICs that will be included in the baseline (if appropriate). The

details on what each counter gathers will be discussed in part 2 of this article.

Memory

Pages/Sec

Take care to distinguish between these two paging counters:

1) Pages /sec (Hard page faults)

2) Page Faults /sec counter is likely to be at least twice the value of the above.

Two problems with monitoring in general, firstly no counter should be taken in isolation,

secondly spikes should be ignored, or at least played down.

The less paging the better your server's performance. Most authorities agree that Memory:Pages / sec is a key memory counter. This counter measures 'hard' page faults, in other words

4


5/28

the page in nowhere in memory, so the VMM (Virtual Memory Manager) has to fetch the

data from the pagefile on the disk; in computing terms that takes an age.

I am reluctant to disagree with other authorities, but from my experience, I would put the

threshold as high as 20 pages /sec, before blaming paging as the bottleneck. Moreover, I

would not trust pages /sec as an indicator of a bottleneck without confirmation from lowAvailable bytes. (see above)

In truth, if you put 5 experts in the same room, they could all spot a memory bottleneck, but

when they wrote up their notes, they would use different time slices and different thresholds,

consequently, it would seem that there was a conflict where none actually existed.

Available Mbytes

Committed Bytes

If the value for committed bytes is greater than physical memory, then more RAM would

help.

Page Faults/Sec

Page faults / sec is the sum of hard and soft page faults. Soft page faults are where the data is

found elsewhere in RAM. For example, Word has opened the spellchecker, and now Outlook

wishes to use it, there is no need for another call to the disk as the spellchecker is already inmemory.

Network Interface

Bytes Total/Sec

Packets/Sec

Paging File

% Usage

Physical Disk

% Disk Time

Avg Disk Bytes/Transfer

Avg Disk Queue Length

Avg Disk Sec/Transfer

Disk Transfers/Sec

5


6/28

Processor

% Processor Time

This counter provides a measure of how much time the processor actually spends working on

productive threads and how often it was busy servicing requests. This counter actuallyprovides a measurement of how often the system is doing nothing subtracted from 100%.

This is a simpler calculation for the processor to make. The processor can never be sitting

idle waiting to the next task, unlike our cashier. The CPU must always have something to do.

It's like when you turn on the computer, the CPU is a piece of wire that electric current is

always running through, thus it must always be doing something. NT give the CPU

something to do when there is nothing else waiting in the queue. This is called the idle thread.

The system can easily measure how often the idle thread is running as opposed to having to

tally the run time of each of the other process threads. Then , the counter simply subtracts the

percentage from 100%.

% Privilege Time

This is the total privledge time for all processors on the system collectively. See Processor :

% Privledge Time for more details.

% User Time

The value of this counter helps to determine the kind of processing that is affecting the

system. Of course the resulting value is the total amount of non-idle time that was spent onUser mode operations. This generally means application code.

Interrupts/Sec

The numbers of interrupts the processor was asked to respond to. Interrupts are generated

from hardware components like hard disk controller adapters and network interface cards. A

sustained value over 1000 is usually an indication of a problem. Problems would include a

poorly configured drivers, errors in drivers, excessive utilization of a device (like a NIC on an

IIS server), or hardware failure. Compare this value with the System : Systems Calls/sec. Ifthe Interrupts/sec is much larger over a sustained period, you probably have a hardware issue.

System

Context Switches/Sec

Processes

Processor Queue Length

6


7/28

The following counters are for Terminal Servers specifically, and will aid in translating the

output into meaningful information:

Terminal Services

Active Sessions

Total Sessions

Terminal Services Session

% Processor Time

Page Faults/Sec

4. Once you have added any appropriate counters, you can select the sample interval.

The default setting of 15 seconds is usually sufficient, but if the server is utilized

rather heavily, then set the sampling interval to 30 seconds or more to cut down on the

impact that performance monitor may have on normal running conditions.

To set the interval, on the General Tab (figure 3), set theSample data every:

parameter to the desired setting, and the corresponding Units (inseconds, by default).

7


8/28

Figure 3

5. On the Log Files tab (figure 4), you can change the type of log file and where they arestored.

8


9/28

Figure 4

Typically, a binary log file is sufficient if you will be reviewing the data in PerfMon (typical).However you have the option of using a delimited text file (however, delimited files cannot

be read by PerfMon) or even streaming the data to an SQL database. For the purposes of this

article, we will stick to a binary file.

Clicking on the Configure button will allow you to set both the file name prefix (which

defaults to the job name) and the location of the files. You can also set a maximum size for

your log files to prevent them from growing too large. The default of Maximum limit will

allow the log file to continue to grow until it consumes all space on the drive, so it might be a

good idea to set a maximum file size to prevent this if drive space is short or you will not be

setting an end time/date for the job on the Schedule tab. Once the log file reaches the

specified size, PerfMon will stop logging information.

Another option, however, is to use aBinary Circular File for the log file. Once the log file

grows to the size specified, PerfMon will begin flushing the oldest information in the log file

to make room for the new data. This will ensure you always have the latest performance

statistics when you stop the log, and the log file will never grow beyond the specified size.

6. Finally, the Schedule tab (figure 5) allows you to decide whether the PerfMon job will

start and stop at specified times or will require manual intervention. For baselining,

you would typically set a start and stop time/date. It is always good to set a stop time

if you dont set a maximum log file size. This will prevent the logs from accidentally

filling the drive if you forget to turn off PerfMon. In this example below, Perfmon isset to log data for seven days.

9


10/28

Figure 5

7. All that is left is to start collecting data. To manually start the job, right click the jobname in the Counter Logs screen and selectStart. Otherwise, the job will start

automatically when the scheduled time arrives.

Note: No one needs to be logged on to the server for data collection. PerfMon will

automatically start and stop jobs without a user being logged on.

Once the job is started, its icon will turn green in the Counter Logs screen. You can

also view the log file location in Windows Explorer to see the actual log files as they

grow in size.

With the job now running, the PerfMon is collecting data. The best way to get the mostreliable data is to run the server in production as usual. The idea is to allow Performance

Monitor to capture performance statistics as the server is under normal use. This will provide

a good baseline for future comparison.

Part 2 of this article will go into depth on how to interpret the data gathered and how to

effectively use a baseline to troubleshoot future issue.

Netstat

10


11/28

Netstat is a useful tool for checking network and Internet connections. Some

useful applications for the average PC user are considered, including

checking for malware connections.

Syntax and switches

The command syntax is netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-

t] [-v] [interval] A brief description of the switches is given in Table I below. Some

switches are only in certain Windows versions, as noted in the table..Note that switches for

Netstat use the dash symbol "-" rather than the slash "/".

Table I. Switches for Netstat command

Switch Description

-a Displays all connections and listening ports

-b Displays the executable involved in creating each connection or listening port.

(Added in XP SP2.)

-e Displays Ethernet statistics

-fDisplays Fully Qualified Domain Names for foreign addresses. (In Windows

Vista/7 only)

-n Displays addresses and port numbers in numerical form

-o Displays the owning process ID associated with each connection

-p protoShows connections for the protocol specified by proto; proto may be any of:

TCP, UDP, TCPv6, or UDPv6.

-r Displays the routing table

-s Displays per-protocol statistics

11


12/28

-t Displays the current connection offload state, (Windows Vista/7)

-v

When used in conjunction with -b, will display sequence of components

involved in creating the connection or listening port for all executables.

(Windows XP SP2, SP3)

[interval]

An integer used to display results multiple times with specified number of

seconds between displays. Continues until stopped by command ctrl+c.

Default setting is to display once,

Applications of Netstat

Netstat is one of a number of command-line tools available to check the functioning of a

network. (See this page for discussion of other tools.) It provides a way to check if various

aspects of TCP/IP are working and what connections are present. In Windows XP SP2, a

new switch "-B" was added that allows the actual executable file that has opened a

connection to be displayed. This newer capability provides a chance to catch malware that

may be phoning home or using your computer in unwanted ways on the Internet. There are

various ways that a system administrator might use the assortment of switches but I will give

two examples that might be useful to home PC users.

Checking TCP/IP connections

TCP and UDP connections and their IP and port addresses can be seen by entering a

command combining two switches: netstat -an An example of the output that is obtained is

shown in Figure 1.

Figure 1. Example output for command "netstat -an"

12
http://commandwindows.com/tcpiputil.htmhttp://commandwindows.com/tcpiputil.htm


13/28

The information that is displayed includes the protocol, the local address, the remote

(foreign) address, and the connection state. Note that the various IP addresses include port

information as well. An explanation of the different connection states is given in Table II>

Table II. Description of various connection states

State Description

CLOSEDIndicates that the server has received an ACK signal from the client and

the connection is closed

CLOSE_WAIT

Indicates that the server has received the first FIN signal from the client

and the connection is in the process of being closed

ESTABLISHEDIndicates that the server received the SYN signal from the client and the

session is established

FIN_WAIT_1 Indicates that the connection is still active but not currently being used

FIN_WAIT_2Indicates that the client just received acknowledgment of the first FIN

signal from the server

13


14/28

LAST_ACK Indicates that the server is in the process of sending its own FIN signal

LISTENING Indicates that the server is ready to accept a connection

SYN_RECEIVED Indicates that the server just received a SYN signal from the client

SYN_SEND Indicates that this particular connection is open and active

TIME_WAITIndicates that the client recognizes the connection as still active but not

currently being used

Checking for malware by looking at which programs initiate connections

To find out which programs are making connections with the outside world, we can use the

command netstat -b (Note that for Windows Vista/7, this particular switch requires that the

command prompt have elevated privileges.) Actually, it is better to check over a period of

time and we can add a number that sets the command to run at fixed intervals. Also, it is

best to create a written record of the connections that are made over some period of time.

The command can then be written netstat -b 5 >> C:\connections.txt Note that as

written, this command will run with five-second intervals until stopped by entering "Ctrl+c",

which is a general command to exit. (Some reports say that this can be fairly CPU intensive

so it may cause a slower, single-core machine to run sluggishly. It was not noticeable on my

dual-core machine.) A simple example of the type of output is shown in Figure 2. Note that

the Process ID (PID) is given when using Windows XP. In Windows Vista/7, the switch "o'

has to be added to display PIDs. This command can be combined with other tools such as

Task Manager to analyze what executable files and processes are active and are trying to

make Internet connections.

Figure 2. Sample output for command "netstat -b" in Windows XP

14


15/28

Windows XP batch program to check connections and terminate

automatically

The previous example of using "netstat -b" to check connections at intervals has the

disadvantage that it requires manual termination. It is also possible to use a batch file that

runs a specified number of times with a given time interval and then terminates

automatically. In Windows XP we can make use of a command from the Windows 2003

Server Tools called "Sleep". A possible batch file is: @echo off

echo Checking connections

for /L %%X in (1,1,100) do (netstat -b >> C:\connections.txt)&&(sleep 5)

This particular example does 100 iterations of the netstatcommand at 30 second intervals

and writes the results to a file C:\connections.txt. By using different combinations of the

switches in Table I, the type of output can be varied

Batch program to check connections in Windows Vista and Windows 7

Windows Vista and Windows 7 do not require installing the "Sleep" file. A command "

timeout" has been added to these operating systems that serves a similar purpose. A

possible batch file for Windows Vista/7 is:

@echo off

echo Checking connections

for /L %%X in (1,1,100) do (netstat -b >> "%USERPROFILE%\connections.txt")&&

((timeout /t 5 /nobreak)>nul)

This batch file has to be run with administrator privileges.

15
http://commandwindows.com/vista-tips.htm#timeouthttp://commandwindows.com/vista-tips.htm#timeout


16/28

vmstat command

The first tool to use is the vmstat command, which quickly provides compact information

about various system resources and their related performance problems.

The vmstat command reports statistics about kernel threads in the run and wait queue,memory, paging, disks, interrupts, system calls, context switches, and CPU activity. The

reported CPU activity is a percentage breakdown of user mode, system mode, idle time,and waits for disk I/O.Note: If the vmstat command is used without any interval, then it generates a singlereport. The single report is an average report from when the system was started. Youcan specify only the Count parameter with the Interval parameter. If the Intervalparameter is specified without the Count parameter, then the reports are generatedcontinuously.As a CPU monitor, the vmstat command is superior to the iostat command in that its

one-line-per-report output is easier to scan as it scrolls and there is less overheadinvolved if there are many disks attached to the system. The following example can help

you identify situations in which a program has run away or is too CPU-intensive to run in

a multiuser environment.

# vmstat 2

kthr memory page faults cpu

----- ----------- ------------------------ ------------ -----------

r b avm fre re pi po fr sr cy in sy cs us sy id wa

1 0 22478 1677 0 0 0 0 0 0 188 1380 157 57 32 0 10

1 0 22506 1609 0 0 0 0 0 0 214 1476 186 48 37 0 16

0 0 22498 1582 0 0 0 0 0 0 248 1470 226 55 36 0 9

2 0 22534 1465 0 0 0 0 0 0 238 903 239 77 23 0 0

2 0 22534 1445 0 0 0 0 0 0 209 1142 205 72 28 0 0

2 0 22534 1426 0 0 0 0 0 0 189 1220 212 74 26 0 0

3 0 22534 1410 0 0 0 0 0 0 255 1704 268 70 30 0 0

2 1 22557 1365 0 0 0 0 0 0 383 977 216 72 28 0 0

2 0 22541 1356 0 0 0 0 0 0 237 1418 209 63 33 0 4

1 0 22524 1350 0 0 0 0 0 0 241 1348 179 52 32 0 16

1 0 22546 1293 0 0 0 0 0 0 217 1473 180 51 35 0 14

This output shows the effect of introducing a program in a tight loop to a busy multiuser

system. The first three reports (the summary has been removed) show the system

balanced at 50-55 percent user, 30-35 percent system, and 10-15 percent I/O wait.

When the looping program begins, all available CPU cycles are consumed. Because the

looping program does no I/O, it can absorb all of the cycles previously unused because

of I/O wait. Worse, it represents a process that is always ready to take over the CPUwhen a useful process relinquishes it. Because the looping program has a priority equal

16


17/28

to that of all other foreground processes, it will not necessarily have to give up the CPU

when another process becomes dispatchable. The program runs for about 10 seconds

(five reports), and then the activity reported by the vmstat command returns to a more

normal pattern.

Optimum use would have the CPU working 100 percent of the time. This holds true in

the case of a single-user system with no need to share the CPU. Generally, ifus + sy

time is below 90 percent, a single-user system is not considered CPU constrained.

However, ifus + sy time on a multiuser system exceeds 80 percent, the processes may

spend time waiting in the run queue. Response time and throughput might suffer.

To check if the CPU is the bottleneck, consider the four cpu columns and the two kthr

(kernel threads) columns in the vmstat report. It may also be worthwhile looking at the

faults column:

cpu

Percentage breakdown of CPU time usage during the interval. The cpu columns are

as follows:

us

The us column shows the percent of CPU time spent in user mode. A UNIX

process can execute in either user mode or system (kernel) mode. When in

user mode, a process executes within its application code and does not require

kernel resources to perform computations, manage memory, or set variables.

sy

The sy column details the percentage of time the CPU was executing a process

in system mode. This includes CPU resource consumed by kernel processes

(kprocs) and others that need access to kernel resources. If a process needs

kernel resources, it must execute a system call and is thereby switched to

system mode to make that resource available. For example, reading or writing

of a file requires kernel resources to open the file, seek a specific location, and

read or write data, unless memory mapped files are used.

id

The id column shows the percentage of time which the CPU is idle, or waiting,

without pending local disk I/O. If there are no threads available for execution

(the run queue is empty), the system dispatches a thread called wait, which is

also known as the idle kproc. On an SMP system, one wait thread per

processor can be dispatched. The report generated by the ps command (with

the -k or -g 0 option) identifies this as kproc or wait. If the ps report shows a

high aggregate time for this thread, it means there were significant periods of

time when no other thread was ready to run or waiting to be executed on the

CPU. The system was therefore mostly idle and waiting for new tasks.

17


18/28

wa

The wa column details the percentage of time the CPU was idle with pending

local disk I/O and NFS-mounted disks. If there is at least one outstanding I/O

to a disk when wait is running, the time is classified as waiting for I/O. Unless

asynchronous I/O is being used by the process, an I/O request to disk causes

the calling process to block (or sleep) until the request has been completed.

Once an I/O request for a process completes, it is placed on the run queue. If

the I/Os were completing faster, more CPU time could be used.

A wa value over 25 percent could indicate that the disk subsystem might not be

balanced properly, or it might be the result of a disk-intensive workload.

For information on the change made to wa, see Wait I/O time reporting.

kthr

Number of kernel threads in various queues averaged per second over the sampling

interval. The kthr columns are as follows:

r

Average number of kernel threads that are runnable, which includes threads

that are running and threads that are waiting for the CPU. If this number is

greater than the number of CPUs, there is at least one thread waiting for a CPU

and the more threads there are waiting for CPUs, the greater the likelihood of a

performance impact.

b

Average number of kernel threads in the VMM wait queue per second. This

includes threads that are waiting on filesystem I/O or threads that have been

suspended due to memory load control.

If processes are suspended due to memory load control, the blocked column

(b) in the vmstat report indicates the increase in the number of threads rather

than the run queue.

p

For vmstat -I The number of threads waiting on I/Os to raw devices per

second. Threads waiting on I/Os to filesystems would not be included here.

faults

Information about process control, such as trap and interrupt rate. The faults

columns are as follows:

in

18
http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/wait_io_time_reporting.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/wait_io_time_reporting.htm


19/28

Number of device interrupts per second observed in the interval. Additional

information can be found in Assessing disk performance with the vmstat

command.

sy

The number of system calls per second observed in the interval. Resources are

available to user processes through well-defined system calls. These calls

instruct the kernel to perform operations for the calling process and exchange

data between the kernel and the process. Because workloads and applications

vary widely, and different calls perform different functions, it is impossible to

define how many system calls per-second are too many. But typically, when

the sy column raises over 10000 calls per second on a uniprocessor, further

investigations is called for (on an SMP system the number is 10000 calls per

second per processor). One reason could be "polling" subroutines like the

select() subroutine. For this column, it is advisable to have a baseline

measurement that gives a count for a normal sy value.

cs

Number of context switches per second observed in the interval. The physical

CPU resource is subdivided into logical time slices of 10 milliseconds each.

Assuming a thread is scheduled for execution, it will run until its time slice

expires, until it is preempted, or until it voluntarily gives up control of the CPU.

When another thread is given control of the CPU, the context or working

environment of the previous thread must be saved and the context of thecurrent thread must be loaded. The operating system has a very efficient

context switching procedure, so each switch is inexpensive in terms of

resources. Any significant increase in context switches, such as when cs is a lot

higher than the disk I/O and network packet rate, should be cause for further

investigation

Important stages of vmstat usage.

The vmstat command includes information that you can use to diagnose CPU and virtual

memory problems. The following fields are particularly important:

1. Virtual memory information (memory), including the number of pages that are on the

active list, including inactive pages and Unified Buffer Cache least-recently used

(UBC LRU) pages (act); the number of pages on the free list (free), and the number

of pages on the wire list (wire). Pages on the wire list cannot be reclaimed.

2. The number of pages that have been paged out (pout).

3. Interrupt information (intr), including the number of nonclock device interrupts per

second (in), the number of system calls called per second (sy), and the number of

task and thread context switches per second (cs).

19
http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htm


20/28

4. CPU usage information (cpu), including the percentage of user time for normal and

priority processes (us), the percentage of system time (sy), and the percentage of idle

time (id). User time includes the time the CPU spent executing library routines.

System time includes the time the CPU spent executing system calls.

df (Unix)

df (abbreviation fordiskfree) is a standardUnixcomputer program used to display the

amount of available disk space forfilesystems on which the invoking user has appropriate

read access. df is usually implemented by reading the mtabfile or using statfs.

df first appeared in Version 1 AT&T UNIX.

o

Usage

The Single UNIX Specification specifications fordf are:

df [-k] [-P|-t] [-del] [file...]

-k

Use 1024-byte units, instead of the default 512-byte units, when writing space figures.-P

Use a standard, portable, output format

-tIfXSI compliant, show allocated space as well[dubiousdiscuss]

-h

Display in Kb, Mb, or Gbfile

Write the amount of free space of the file system containing the specified file

Most Unix and Unix-like operating systems add extra options. The BSD and GNU coreutils

versions include -h, where free space is listed in human readable format, adding units with

the appropriate SI prefix (e.g. 10MB), -i, listing inode usage, and -l, restricting display to

only local filesystems. GNUdf includes -T as well, listing filesystem type information, but

the GNU df shows the sizes in 1K blocks by default.

Specification

The Single Unix Specification (SUS) specifies by default space is reported in blocks of 512

bytes, and that at a minimum, the file system names and the amount of free space.

The use of 512-byte units is historical practice and maintains compatibility with ls and other

utilities. This does not mandate that the file system itself be based on 512-byte blocks. The -k

option was added as a compromise measure. It was agreed by the standard developers that

512 bytes was the best default unit because of its complete historical consistency on SystemV (versus the mixed 512/1024-byte usage on BSD systems), and that a -k option to switch to

20
http://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Filesystemshttp://en.wikipedia.org/wiki/Mtabhttp://en.wikipedia.org/wiki/Mtabhttp://en.wikipedia.org/w/index.php?title=Statfs&action=edit&redlink=1http://en.wikipedia.org/wiki/AT%26T_UNIXhttp://en.wikipedia.org/wiki/Single_UNIX_Specificationhttp://en.wikipedia.org/w/index.php?title=X/Open_System_Interfaces_Extension&action=edit&redlink=1http://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Unix-likehttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/GNU_coreutilshttp://en.wikipedia.org/wiki/SI_prefixhttp://en.wikipedia.org/wiki/Inodehttp://en.wikipedia.org/wiki/GNUhttp://en.wikipedia.org/wiki/Single_Unix_Specificationhttp://en.wikipedia.org/wiki/Lshttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Filesystemshttp://en.wikipedia.org/wiki/Mtabhttp://en.wikipedia.org/w/index.php?title=Statfs&action=edit&redlink=1http://en.wikipedia.org/wiki/AT%26T_UNIXhttp://en.wikipedia.org/wiki/Single_UNIX_Specificationhttp://en.wikipedia.org/w/index.php?title=X/Open_System_Interfaces_Extension&action=edit&redlink=1http://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Unix-likehttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/GNU_coreutilshttp://en.wikipedia.org/wiki/SI_prefixhttp://en.wikipedia.org/wiki/Inodehttp://en.wikipedia.org/wiki/GNUhttp://en.wikipedia.org/wiki/Single_Unix_Specificationhttp://en.wikipedia.org/wiki/Lshttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/BSD


21/28

1024-byte units was a good compromise. Users who prefer the more logical 1024-byte

quantity can easily aliasdf to df -k without breaking many historical scripts relying on the

512-byte units.

The output with -P shall consist of one line of information for each specified file system.

These lines shall be formatted as follows:

, , , , ,

In the following list, all quantities expressed in 512-byte units (1024-byte when -k is

specified) shall be rounded up to the next higher unit. The fields are:

The name of the file system, in an implementation-defined format.

total space>

The total size of the file system in 512-byte units. The exact meaning of this figure is

implementation-defined, but should include , , plus any

space reserved by the system not normally available to a user.

The total amount of space allocated to existing files in the file system, in 512-byte

units.

The total amount of space available within the file system for the creation of new files

by unprivileged users, in 512-byte units. When this figure is less than or equal to zero,

it shall not be possible to create any new files on the file system without first deleting

others, unless the process has appropriate privileges. The figure written may be less

than zero.

The percentage of the normally available space that is currently allocated to all fileson the file system. This shall be calculated using the fraction:

/ (+ )

expressed as a percentage. This percentage may be greater than 100 if is

less than zero. The percentage value shall be expressed as a positive integer, with any

fractional result causing it to be rounded to the next highest integer.

The directory below which the file system hierarchy appear

21
http://en.wikipedia.org/wiki/Alias_(Unix_shell)http://en.wikipedia.org/wiki/Alias_(Unix_shell)


22/28

Example

$ df -k

Filesystem 1024-blocks Free %Used Iused %Iused Mounted on

/dev/hd4 32768 16016 52% 2271 14% /usr

/dev/hd2 4587520 1889420 59% 37791 4% /usr/dev/hd9var 65536 12032 82% 518 4% /var

/dev/hd3 819200 637832 23% 1829 1% /tmp

/dev/hd1 524288 395848 25% 421 1% /home

/proc - - - - - /proc

/dev/hd10opt 65536 26004 61% 654 4% /opt

ifconfig Command

About ifconfig

The "ifconfig" command allows the operating system to setup network interfaces and allow

the user to view information about the configured network interfaces.

Syntax

ifconfig [-L] [-m] interface [create] [address_family] [address[/prefixlength]

[dest_address]] [parameters]

ifconfig interface destroy

ifconfig -a [-L] [-d] [-m] [-u] [address_family]

ifconfig -l [-d] [-u] [address_family]

ifconfig [-L] [-d] [-m] [-u] [-C]

address For the DARPA-Internet family, the address is either a host name

present in the host name data base, or a DARPA Internet address

expressed in the Internet standard ``dot notation''.

It is also possible to use the CIDR notation (also known as the slash

notation) to include the netmask. That is, one can specify an address

like 192.168.0.1/16.

addres_family Specify the address family which affects interpretation of the

remaining parameters. Since an interface can receive transmissions in

differing protocols with different naming schemes, specifying the

address family is recommended. The address or protocol families

currently supported are ``inet'', ``inet6'',

dest_address Specify the address of the correspondent on the other end of a point to

point link.

22


23/28

interface This parameter is a string of the form `name unit'', for example,

``en0''.

add Another name for thealias parameter. Introduced for compatibility

with BSD/OS.

alias Establish an additional network address for this interface. This is

sometimes useful when changing network numbers, and one wishes to

accept packets addressed to the old interface. If the address is on the

same subnet as the first network address for this interface, a netmask

of 0xffffffff has to be specified.

-alias Remove the network address specified. This would be used if you

incorrectly specified an alias, or it was no longer needed. If you have

incorrectly set an NS address having the side effect of specifying the

host portion, removing all NS addresses will allow you to respecify

the host portion.

anycast (Inet6 only.) Specify that the address configured is an anycast address.

Based on the current specification, only routers may configure anycast

addresses. Anycast address will not be used as source address of any

of outgoing IPv6 packets.

arp Enable the use of the Address Resolution Protocol in mapping

between network level addresses and link level addresses (default).

This is currently implemented for mapping between DARPA Internet

addresses and IEEE 802 48-bit MAC addresses (Ethernet, FDDI, and

Token Ring addresses).

-arp Disable the use of the Address Resolution Protocol

broadcast (Inet only.) Specify the address to use to represent broadcasts to the

network. The default broadcast address is the address with a host part

of all 1's.

debug Enable driver dependent debugging code; usually, this turns on extra

console error logging.

-debug Disable driver dependent debugging code.

delete Another name for the -alias parameter.

down Mark an interface `down''. When an interface is marked `down'', thesystem will not attempt to transmit messages through that interface. If

possible, the interface will be reset to disable reception as well. This

action does not automatically disable routes using the interface.

ether Another name for the lladdr parameter.

lladdraddr Set the link-level address on an interface. This can be used to e.g. set a

new MAC address on an ethernet interface, though the mechanism

used is not ethernet-specific. The address addris specified as a series

of colon-separated hex digits. If the interface is already up when this

option is used, it will be briefly brought down and then brought

backup again in order to ensure that the receive filter in the underlying

23
http://www.computerhope.com/unix/ualias.htmhttp://www.computerhope.com/unix/ualias.htmhttp://www.computerhope.com/unix/ualias.htm


24/28

ethernet hardware is properly reprogrammed.

media type If the driver supports the media selection system, set the media type of

the interface to type. Some interfaces support the mutually exclusive

use of one of several different physical media connectors. For

example, a 10Mb/s Ethernet interface might support the use of eitherAUI or twisted pair connectors. Setting the media type to

``10base5/AUI'' would change the currently active connector to the

AUI port. Setting it to ``10baseT/UTP'' would activate twisted pair.

Refer to the interfaces' driver specific documentation or man page for

a complete list of the available types.

-mediaopt opts If the driver supports the media selection system, set the specified

media options on the interface. The opts argument is a comma

delimited list of options to apply to the interface. Refer to the

interfaces' driver specific man page for a complete list of available

options.tunnelsrc_addr

dest_addr

(IP tunnel devices only.) Configure the physical source and

destination address for IP tunnel interfaces. The argumentssrc_addr

and dest_addrare interpreted as the outer source/destination for the

encapsulating IPv4/IPv6 header.

deletetunnel Unconfigure the physical source and destination address for IP tunnel

interfaces previously configured with tunnel.

create Create the specified network pseudo-device. If the interface is given

without a unit number, try to create a new device with an arbitrary

unit number. If creation of an arbitrary device is successful, the new

device name is printed to standard output.

destroy Destroy the specified network pseudo-device.

plumb Another name for the create parameter. Included for Solaris

compatibility.

unplumb Another name for the destroy parameter. Included for Solaris

compatibility.

metric n Set the routing metric of the interface to n, default 0. The routing

metric is used by the routing protocol. Higher metrics have the effect

of making a route less favorable; metrics are counted as addition hopsto the destination network or host.

mtu n Set the maximum transmission unit of the interface to n, default is

interface specific. The MTU is used to limit the size of packets that

are transmitted on an interface. Not all interfaces support setting the

MTU, and some interfaces have range restrictions.

netmaskmask (Inet only.) Specify how much of the address to reserve for

subdividing networks into subnetworks. The mask includes the

network part of the local address and the subnet part, which is taken

from the host field of the address. The mask can be specified as a

single hexadecimal number with a leading `0x', with a dot-notationInternet address, or with a pseudo-network name listed in the network

24


25/28

table. The mask contains 1's for the bit positions in the 32-bit address

which are to be used for the network and subnet parts, and 0's for the

host part. The mask should contain at least the standard network

portion, and the subnet field should be contiguous with the network

portion. The netmask can also be specified in CIDR notation after the

address. See the address option above for more information.

prefixlen len (Inet6 only.) Specify that len bits are reserved for subdividing

networks into sub-networks. The len must be integer, and for

syntactical reason it must be between 0 to 128. It is almost always 64

under the current IPv6 assignment rule. If the parameter is omitted, 64

is used.

remove Another name for the -alias parameter. Introduced for compatibility

with BSD/OS.

link[0-2] Enable special processing of the link level of the interface. These

three options are interface specific in actual effect, however, they arein general used to select special modes of operation. An example of

this is to enable SLIP compression, or to select the connector type for

some Ethernet cards. Refer to the man page for the specific driver for

more information.

-link[0-2] Disable special processing at the link level with the specified

interface.

Up Mark an interface `up''. This may be used to enable an interface after

an ``ifconfigdown''. It happens automatically when setting the first

address on an interface. If the interface was reset when previously

marked down, the hardware will be re-initialized.

Examples

ifconfig eth0

View the network settings on the first Ethernet adapter installed in the computer.

ifconfig -a

Display info on all network interfaces on server, active or inactive.

ifconfig eth0 down

If eth0 exists would take it down causing it cannot send or receive any information.

ifconfig eth0 up

If eth0 exists and in the down state would return it back to the up state allowing to to send

and receive information.

ifconfig eth0 192.168.1.102 netmask 255.255.255.0 broadcast 192.168.1.255

25


26/28

Assign eth0 with the above values forIP, netmaskandbroadcast address

du Command

Purpose

Summarizes disk usage.

Syntax

du [ -a | -s ] [ -k ] [ -m ] [ -g ][ -l ] [ -r ] [ -x ] [ -H | -L ]

Description

The du command displays the number of blocks used for files. If the File parameterspecified is actually a directory, all files within the directory are reported on. If no Fileparameter is provided, the du command uses the files in the current directory.

If the File parameter is a directory, then the number of blocks reported is the sum ofblocks allocated for the files in the directory and the blocks allocated for the directoryitself.

If the object of the du command is a file or directory that exists inside a JFS2 snapshot,the du command gives information for the point-in-time object when the snapshot is

created. This information does not include how much space is recovered if the snapshotitself is deleted.

Specifying the -a flag reports the number of blocks in individual files. Whether the -aflag is used or not, individual files specified by the File parameter are always listed.

Specifying the -s flag reports the total blocks for all specified files or all files in adirectory.

The block count includes indirect blocks of each file. Block count is calculated in 512-byte

units independent of the cluster size used by the system. Specifying the -k flagcalculates the block count in 1024-byte units.

Notes:

1. Files with multiple links are counted and written for only one entry.

2. Block counts are based only on file size; therefore, unallocated blocks are not

accounted for in the reported block counts.

3. If du cannot obtain the file attributes or cannot read directories, it reports an

error and the exit status of the command is affected.

26
http://www.computerhope.com/jargon/i/ip.htmhttp://www.computerhope.com/jargon/n/netmask.htmhttp://www.computerhope.com/jargon/b/broadcas.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be3http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be6http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#w6c340bobhttp://www.computerhope.com/jargon/i/ip.htmhttp://www.computerhope.com/jargon/n/netmask.htmhttp://www.computerhope.com/jargon/b/broadcas.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be3http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be6http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#w6c340bob


27/28

Flags

-a

For each file specified, displays the disk usage of the file. For each directory

specified, displays the disk usage of each individual file within the directory,including all subdirectories. Contrast this flag with the -s flag.

-gCalculates the block count in GB units rather than the default 512-byte units.The output values for the disk usage would be in floating point numbers asvalue of each unit in bytes is significantly high.

-HIf a symbolic link is specified on the command line, the du command shall

count the size of the file or file hierarchy referenced by the link.

-kCalculates the block count in 1024-byte units rather than the default 512-

byte units.

-lAllocates blocks evenly among the links for files with multiple links. Bydefault, a file with two or more links is counted only once.

-L

If a symbolic link is specified on the command line or encountered during the

traversal of a file hierarchy, the du command shall count the size of the fileor file hierarchy referenced by the link.

-mCalculates the block count in MB units rather than the default 512-byte units.The output values for the disk usage would be in floating point numbers asvalue of each unit in bytes is significantly high.

-r Reports names of inaccessible files and directories. This is the default.

-sFor each file specified, displays the disk usage of the file. For each directoryspecified, displays the total disk usage of all files within the directory,

including all subdirectories. Contrast this flag with the -a flag.

-x

When evaluating file sizes, evaluates only those files that reside on the samedevice as the file or directory specified by the File parameter. For example,you may specify a directory that contains files on several devices. In thiscase, the -x flag displays block sizes for all files that reside on the same

device as the directory.

If all or any two of the -k, -m and -g flags are specified, the last one specified takes

effect. The output of the disk usage with the flags -m and -g would be rounded off to

the nearest second decimal digit.

Exit Status

This command returns the following exit values:

0 Successful completion.

>0 An error occurred.

Examples

1. To summarize the disk usage of a directory tree and each of its subtrees, enter:

du /home/fran

This displays the number of disk blocks in the /home/fran directory and each of its

subdirectories.

2. To summarize the disk usage of a directory tree and each of its subtrees in 1024-byte blocks, enter:

27


28/28

du -k /home/fran

This displays the number of 1024-byte disk blocks in the /home/fran directory

and each of its subdirectories.

3. To summarize the disk usage of a directory tree and each of its subtrees in MB

blocks, enter:

du -m /home/fran

This displays the number of MB disk blocks rounded off to nearest 2nd decimal digit

in the /home/fran directory and each of its subdirectories.

4. To summarize the disk usage of a directory tree and each of its subtrees in GB

blocks, enter:

du -g /home/fran

This displays the number of GB disk blocks rounded off to nearest 2nd decimal digit

in the /home/fran directory and each of its subdirectories.

5. To display the disk usage of each file, enter:

du -a /home/fran

This displays the number of disk blocks contained in each file and subdirectory of

the /home/fran directory. The number beside a directory is the disk usage of that

directory tree. The number beside a regular file is the disk usage of that file alone.

6. To display only the total disk usage of a directory tree, enter:

du -s /home/fran

The -s flag instructs the du command to display only the sum total disk usage of

the /home/fran directory and the files it contains. By default, the du command

displays an error message if it cannot read a file or directory.

7. To display the disk usage of the files and file hierarchies referenced by all the

symbolic links in addition to the normal files found during traversal of a the

/home/fran directory, type:

du -L /home/fran

8. To report the disk usage of the file or file hierarchy referenced by the symbolic

link mylink, type:

du -H mylink

network system descounters are a subset of an object. for any given object, you will have multiple...

Documents