Practical Linux Command-Line Techniques: Using xargs, ps, and netstat for File Classification, Resource Monitoring, and Network Inspection

The article introduces the xargs command as a convenient way to pass the output of one command as arguments to another, reducing the need for intermediate files. For example, to find all files ending with .conf under the root directory and classify them, you can run:

find / -name *.conf -type f -print | xargs file

To archive those .conf files directly, combine find with tar via xargs :

find / -name *.conf -type f -print | xargs tar cjf test.tar.gz

Section 2 shows how to list processes that consume the most memory. The command sorts the process list by the fourth column (memory usage percentage) and shows the top 20 entries:

ps -aux | sort -rnk 4 | head -20

The fourth column of the output represents memory usage, while the last column shows the corresponding process name.

Section 3 explains how to list processes with the highest CPU usage, using a similar approach but sorting by the third column:

ps -aux | sort -rnk 3 | head -20

Section 4 describes checking TCP connection states, particularly for port 80, which helps analyze whether connections are being released or if an attack is occurring. The command extracts the sixth field from netstat -nat output and aggregates the results:

netstat -nat | awk '{print $6}' | sort | uniq -c | sort -rn

Section 5 provides a method to identify the top 20 IP addresses generating the most requests, useful for spotting potential attacks. The pipeline filters TCP connections on port 80, extracts the remote IP, counts occurrences, and sorts them in descending order:

netstat -anlp | grep 80 | grep tcp | awk '{print $5}' \
| awk -F: '{print $1}' | sort | uniq -c | sort -nr | head -n20

The article concludes with a reminder to like or share the content if it was helpful.