System Monitoring
The goal of this assignment is to �peek under the hood� by using various user level tools that monitor system state in both Linux and Windows.� You will be asked to use various tools to see how many processes are running, how much memory those processes are using, etc. The questions themselves should be fairly straightforward (especially if you�ve used these tools before). Hopefully, everyone will learn at least a few tools that they didn�t know before!
You may want to consider making a copy of this document (even a text copy if necessary) and cutting and pasting answers from the screen into the document. We may ask you to submit a hardcopy, but it will still make doing the exercise easier.
The point of this exercise is not really to answer the questions correctly but rather to familiarize you with system monitoring tools that will be helpful in illustrating various aspects of this course.� So don�t worry too much about the details and don�t spend too much time on it!� I would expect the entire exercise to take no more than 1 - 1 � hours.
SYSTEM MONITORING ON A LINUX PLATFORM
Unix variants (like Solaris, BSD, etc.) and even Linux distributions can vary immensely. You will find these monitoring tools or similar ones on most Unix/Linux platforms, but for your sanity I recommend that you actually use {csug01-csug04}.csuglab.cornell.edu. If this is difficult/inconvenient, you can try the exercise on another system, but realize that the details may be quite different!
For each question, you may need to consult the man page
for the command referenced.
Linux 1.
Use
the hostname command to find the name of
the computer you are using.
Linux 2.
Use
the uname command to determine the following:
a)
Which
version of Linux are you using? (uname �sr)
b)
What
is hardware type of your machine? (uname �m)
c)
What
information does uname �n return?
Linux 3.
Using
the uptime command determine the following:
a)
How
long has the system been running?
b)
What
is the load average on this machine for the past 1, 5 and 15 minutes?
c)
How
many users are currently logged on?
Linux 4.
Use
the mount and the df commands (df
�h is
especially nice if it works) to determine the following:
a)
How
much total space is reserved for the root filesystem (/)? How much of that
space is free?
b)
What
type of filesystem is the root file system? (mount)
�����������������������������������������������������������������������������������������������������������������������������
c)
Which
mounted file system currently has the most free space? How much?
d)
Which
mounted file system currently has the most total space? How much?
Linux 5.
Use
the vmstat command to determine the following:
a)
How
much virtual memory is currently is use? (swpd)
b)
How
many processes are swapped out but otherwise runnable (w)?
c)
How
many context switches are being performed per second (cs)?
d)
How
many interrupts are occurring per second? (in)
e)
Use� vmstat -n to report statistics
several times in a row. Which, if any, of the statistics reported change during
the time you watch?
Linux 6.
Bring
up another command window. In the first, run the command top. (Note: Cntrl-C or q will
exit top.)
a)
How
many processes are running? Of these, how many are sleeping ? How many are
runnable? How many are zombie processes? How many are stopped? (Note the
summary information at the top J of the display.)
b)
What
percentage of time is the CPU spending in user mode, is system mode? How much
of the time is it idle?
c)
In
the second command window, experiment with starting a variety (3-4) of
processes (netscape, an editor like emacs, running a grep or a find etc.).
Describe changes in the top output.
������������������������������������������������������������������������������������������������ o
Linux 7.
Run
gtop, a GUI version of top (Note: You will need to be sitting at the
machine or able to run a remote Xserver). Experiment with the Processes Tab,
the Memory Usage Tab and the Filesystems (free) tab. Look in the preferences to
see the explanation of the colors in the various color bars.
a)
Which
processes are using the most physical memory (i.e. resident size)?
Linux 8.
Use
the ps command to determine the following information.
(Try �ps� and �ps �efl� or maybe �ps �aux�). (You might like xps better if it
is available.)
a)
Consult
the manpage for ps to determine what the process state abbreviations S, R and Z
mean?� Which process is in state R? Why
must this be the case?
b)
Which
process has the smallest process id? What is that id and how long has the
process been running?
c)
Can
you find any children of the process with the smallest process id? List some of
them and their process ids. (ps �efl will show process id,
PID,� as well as parent process id,
PPID. pstree described below will also help you with this.)
d)
How
many processes are running under your user name? (ps
�aux | grep your_username) You can find your username using whoami. Do you recognize all these
processes?
e)
Start
a variety of processes you run regularly (vi, find / -name
foo �print, emacs, netscape etc.). Rerun ps and find them in the
output. Note their start time and running time.
Linux 9. Use the pstree command to examine the family tree of all the processes in the system.
a)
What
process is at the root of the tree? Run �ps� again and find this process in the
output. Record all of its attributes.
b)
Record
the longest �branch� in the tree.
c)
Make
a really long branch by spawning one xterm from another, then another from that
one, etc. Rerun pstree and record the branch with the processes you just
created.
Linux 10.
Use
the netstat command.
a)
Use
netstat alone to list the open connections. If you are logged in remotely find
the connections to the machine you are connecting from. If you are sitting at
the machine, try logging in remotely to another machine and locating that
connection. Record the properties of one such connection.
b)
Use
netstat �rn to display the routing table. What is the default gateway for this
machine?
Linux 11.
Many
of these monitoring utilities find the information they provide via the /proc
file system. /proc contains file and directories which export some kernel level
variables.
a)
Examine
the contents of the file /proc/stat. What does ctxt mean? (man
proc)
b)
Execute
ls in /proc. Notice all the numbered directories. Each number corresponds
to a process id. Determine the process id of your command shell. Execute ls then ls
�al of� /proc/PROCESSIDOFYOURSHELL/fd. What do each
of the entries in this directory indicate?
c)
What
are the contents of /proc/PROCESSIDOFYOURSHELL/cwd?
d)
How
do you think the ps command is implemented?
e)
What
information would you expect to find in /proc/net?
Linux 12.
OPTIONAL:
If you have access to� xosview, answer the following
questions. (xosview is not available in the CSUG lab.)
a)
Look
at the INTs display line. It shows when various interrupts occur. What happens
when you move the mouse? Type on the keyboard?
b)
One
of the interrupts should appear to be constantly on. What do you think that is?
Look at the file /proc/interrupts to see if you are right.
�
Linux 13.
OPTIONAL:
You may also want to experiment with some of the following commands: kill (can you make a zombie
process?), dmesg, procinfo, hdparm, sysinfo, truss.
Linux 14.
OPTIONAL:
You may also want to experiment with some interesting network commands: route,
arp, ifconfig, rarp, ipchains,� tcpdump,
host, traceroute, nslookup.
SYSTEM MONITORING ON A WINDOWS PLATFORM
These exercises should be done on a Windows NT/2000/XP machine. Most of these tools are not available for Windows 98/ME. The Windows machines in the CSUG lab would be the best bet.
Windows 1.
Open
a command prompt (Start..Programs�Accessories..Command Prompt). Run hostname and record the name of the
computer you are using.
Windows 2.
�Run winmsd and explore the variety of
information available.
a)
What
is the type and speed of the CPU in your machine?
b)
How
much space is formatted into your c: drive? (Components..Storage..Drives)
c)
How
much space is used on your c: drive? How much of it is free?
d)
How
much physical memory is there?
e)
What
is the paging file and how big is it?
Windows 3.
Run
taskmgr (You can also start the task manager by typing Cntl-Alt-Delete).
a)
What
is the process id of the system idle process?
b)
Does
the task manager itself appear in the list of processes?
c)
What
task has the largest memory usage?
d)
How
many processes are running in the system (Note: Look on the performance tab
rather than counting)? Are there that many applications running?
e)
What
percentage of the total memory is non-paged kernel memory?
Windows 4.
Run perfmon. Within the chart, right
click and select �Add Counter�.� Notice
that there are a variety of performance objects.
a)
Add
a counter for SystemCalls/sec from the System object. What happens to this
quantity if you Search for a file on the C drive? (Note: you may need to change
the maximum value using the Properties of the graph to get a good view.) Why?
b)
For
some objects, there are many instances. Note that for the Process object you
may choose to graph a quantity based on all instances or on one particular
process. Start a program like Microsoft Word or Winzip and open a large file.
Find its instance in the process list and graph its working set. Then open a
large file. What happens to its working set. Why?
Windows 5.
Map
the network drive \\crane\Ntfiles\ProcessViewer
and execute pview. You will need to be in the CSUG lab to do this.
a)
Find
the idle process. What fraction of the time does the idle process spend in
Privileged and User time?
b)
What
is the priority of the thread running in the idle process?
c)
Find
the PVIEW process. How many threads are running in the PVIEW process?
d)
Which
process has the most threads? How many?
e)
Start
up a variety of applications that you use regularly (Word, netscape, IE, etc.)
and record how many new threads they have.�
Do any of those applications cause the creation of more than one new
process?
Windows 6.
Run
netstat at the command prompt.
a)
Use
netstat alone to list the open connections. If you are logged in remotely find
the connections to the machine you are connecting from. If you are sitting at
the machine, try logging in remotely to another machine and locating that
connection. Record the properties of one such connection.
b)
Use
netstat �rn to display the routing table. What is the default gateway for this
machine?
c)
Did
you notice any differences in the output of netstat on Windows versus the Linux
version?
Windows 7.
OPTIONAL:
Explore the following tools if available: sc (service control) for manipulating
services, cacls\xcacls for manipulating file permissions, netcps (freeware) for
diagnosing networking performance issues, cpustres for creating cpu load,
diruse for returning the size of a directory and all its children, top (much
like on UNIX), qslice, showacls, srvnay, uptime (try also �uptime \\anothermachine�), where, kernprof, i386kd
and windbg.
Consult� http://www.microsoft.com/windows2000/techinfo/reskit/rktour/server/S_tools.asp
for a list of Microsoft resource kit tools and http://www.sysinternals.com for a nice
collection of non-Microsoft monitoring tools like DebugView and Filemon.
FEEDBACK
Feedback 1.
What
percentage of these commands were new to you?
Feedback 2.
Do
you have suggestions for improving this assignment?