WHATS USING SAMBA
##################
LSOF ARTICLE: Here
—-cheat sheet—-
lsof -c smbd
for i in `pidof smbd`; do echo “====PID $i====”; echo COUNT: `ls /proc/$i/fd | wc -w`; ls -lah /proc/$i/fd/; done
cd /tmp
smbstatus > t1; watch -n1 “smbstatus > t2; head -n1 t1; diff t1 t2 | egrep -v ‘smbstatus|watch'”
watch “smbstatus > tnew; (diff tnew told | egrep -v ‘smbstatus|watch’;);cat tnew > told”
watch “smbstatus > tnew; (comm -13 tnew told | egrep -v ‘smbstatus|watch’;);cat tnew > told”
watch “smbstatus > tnew; (comm -23 tnew told| egrep -v ‘smbstatus|watch’;); cat tnew > told”
watch “smbstatus > tnew; (comm -3 tnew told | egrep -v ‘smbstatus|watch’;); cat tnew > told”
watch “smbstatus > tnew; (comm -3 tnew told | sed ‘s/^\t//’ | egrep -v ‘smbstatus|watch’;); cat tnew > told”
cd /tmp
lsof -c smbd > t1; watch -n1 “lsof -c smbd> t2; head -n1 t1; diff t1 t2 | egrep -v ‘lsof|watch'”
watch “lsof -c smbd > tnew; (diff tnew told | egrep -v ‘lsof|watch’;);cat tnew > told”
watch “lsof -c smbd > tnew; (comm -13 tnew told | egrep -v ‘lsof|watch’;);cat tnew > told”
watch “lsof -c smbd > tnew; (comm -23 tnew told| egrep -v ‘lsof|watch’;); cat tnew > told”
watch “lsof -c smbd > tnew; (comm -3 tnew told | egrep -v ‘lsof|watch’;); cat tnew > told”
watch “lsof -c smbd > tnew; (comm -3 tnew told | sed ‘s/^\t//’ | egrep -v ‘lsof|watch’;); cat tnew > told”
INTRO
#####
lsof is a great tool to see information about whats being used
each samba client opens a new pid on the server
each used file is kept track of in /proc/PID/fd/#### folder as a file descriptor
ls -lisah the /proc/PID/fd/##### shows the link to the file that is being used
EDIT SOURCES.LIST
#################
edit /etc/apt/sources.list
on last line, remove the # from
#deb http://mirrors.kernel.org/debian wheezy main
so it says:
deb http://mirrors.kernel.org/debian wheezy main
DOWNLOAD LSOF IF ITS NOT THERE
##############################
vi /etc/apt/sources.list
apt-get update
apt-get install lsof
HOW TO USE
##########
lsof -c PROGNAME
lsof -c smbd
pidof smbd
lsof -p PID
lsof -p 1234
SCRIPTS
########
* each pid uses files, it keeps track of it in its proc folder in the fd (file descriptor folder)
PIDS=`pidof smbd`
for i in $PIDS
do
echo “====PID $i====”
echo COUNT: `ls /proc/$i/fd | wc -w`
ls -lah /proc/$i/fd/
netstat -ntp | egrep $i
done
SINGLE LINE SCRIPT
##################
* in single like
for i in `pidof smbd`; do echo “====PID $i====”; echo COUNT: `ls /proc/$i/fd | wc -w`; ls -lah /proc/$i/fd/; done
SMBSTATUS IS ALSO NICE
######################
smbstatus
* note each client computer opens up its own PID to the server
smbstatus | less
WATCH SCRIPT
############
watch -n1 smbstatus
watch -n1 “lsof -c smbd”
**** NOTE NEXT 2 SECTIONS EXPLAIN THE ALGORTHIMS OF THE FINAL SECTIONS AND ALSO EXPLAIN THE comm COMMAND, SO THE NEXT 2 SECTIONS “EXPLANATION OF THE UPCOMING WATCH DIFFERENCE SCRIPTS” & “EXPLANATION OF COMM COMMAND” ARE OPTIONAL
EXPLANATION OF THE UPCOMING WATCH DIFFERENCE SCRIPTS
####################################################
2 algorithms
—
* This one is unlike the rest, when you run the command it uses that as a reference point for noticing differences.
* Mathematical explanation: So when you click enter that is time 0 and it compares everything to time 0
Take snapshot of output before you begin the loop
start the loop
and then every second take a snapshot of new output
only show the difference between first snapshot and current
EXAMPLE: Breaking down SMBSTATUS number #1 formula from below (smbstatus > t1; watch -n1 “smbstatus > t2; head -n1 t1; diff t1 t2 | egrep -v ‘smbstatus|watch'”)
smbstatus > t1; # Take the very first snapshot
watch -n1 ” # start the looping mechanism, one loop per second
smbstatus > t2; # take a new snapshot
head -n1 t1; # display the header so that information on the screen makes sense, this is an optional line
diff t1 t2 | egrep -v ‘smbstatus|watch'” # show the difference between current and first ever output
—-
* The next scriptlets update their refrence point continously so you see the difference between each iteration, the first iteration is useless so you have to wait at least 2 seconds for good results.
* Mathematical explanation: This compares current time N to previous time N-1, not to time 0
Take snapshot of output
Then compare the snapshot of output to previous output
Take one loop around of the iteration to start seeing results
EXAMPLE: Breaking down SMBSTATUS number #2 formula from below (watch “smbstatus > tnew; (diff tnew told | egrep -v ‘smbstatus|watch’;);cat tnew > told”)
cd /tmp # go to directory where we can generate temporary files
watch ” # start a looping mechanism, that also clears screen in between iterations (and also give a header with current time)
smbstatus > tnew; # take a snapshot
(diff tnew told | egrep -v ‘smbstatus|watch’;); # compare it to previous snapshot
cat tnew > told” # store current snapshot into previous snapshot, so that next time around, the current snapshot is the previous snapshot
EXPLANATION OF COMM COMMAND
###########################
Im going to use the comm command
comm Another way to look at it:
Show lines that only exist in file a:
comm -23 a b
Show lines that only exist in file b:
comm -13 a b
Show lines that only exist in one file or the other:
comm -3 a b | sed ‘s/^\t//’
WATCH DIFFERENCE SCRIPTS WITH SMBSTATUS
#######################################
* Pick any of the methods, they all work great
—
* This one is unlike the rest, when you run the command it uses that as a reference point for noticing differences.
* Mathematical explanation: So when you click enter that is time 0 and it compares everything to time 0
(#1)
cd /tmp
smbstatus > t1; watch -n1 “smbstatus > t2; head -n1 t1; diff t1 t2 | egrep -v ‘smbstatus|watch'”
—
* The next scriptlets update their refrence point continously so you see the difference between each iteration, the first iteration is useless so you have to wait at least 2 seconds for good results.
* Mathematical explanation: This compares current time N to previous time N-1, not to time 0
(#2)
cd /tmp
watch “smbstatus > tnew; (diff tnew told | egrep -v ‘smbstatus|watch’;);cat tnew > told”
(#3)
cd /tmp
watch “smbstatus > tnew; (comm -13 tnew told | egrep -v ‘smbstatus|watch’;);cat tnew > told”
(#4)
cd /tmp
watch “smbstatus > tnew; (comm -23 tnew told| egrep -v ‘smbstatus|watch’;); cat tnew > told”
(#5)
cd /tmp
watch “smbstatus > tnew; (comm -3 tnew told | egrep -v ‘smbstatus|watch’;); cat tnew > told”
(#6)
—MY FAVORITE:—
cd /tmp
watch “smbstatus > tnew; (comm -3 tnew told | sed ‘s/^\t//’ | egrep -v ‘smbstatus|watch’;); cat tnew > told”
WATCH DIFFERENCE SCRIPTS WITH LSOF
##################################
* Pick any of the methods, they all work great
—
* This one is unlike the rest, when you run the command it uses that as a reference point for noticing differences.
* Mathematical explanation: So when you click enter that is time 0 and it compares everything to time 0
(#1)
cd /tmp
lsof -c smbd > t1; watch -n1 “lsof -c smbd> t2; head -n1 t1; diff t1 t2 | egrep -v ‘lsof|watch'”
—
* The next scriptlets update their refrence point continously so you see the difference between each iteration, the first iteration is useless so you have to wait at least 2 seconds for good results.
* Mathematical explanation: This compares current time N to previous time N-1, not to time 0
(#2)
cd /tmp
watch “lsof -c smbd > tnew; (diff tnew told | egrep -v ‘lsof|watch’;);cat tnew > told”
(#3)
cd /tmp
watch “lsof -c smbd > tnew; (comm -13 tnew told | egrep -v ‘lsof|watch’;);cat tnew > told”
(#4)
cd /tmp
watch “lsof -c smbd > tnew; (comm -23 tnew told| egrep -v ‘lsof|watch’;); cat tnew > told”
(#5)
cd /tmp
watch “lsof -c smbd > tnew; (comm -3 tnew told | egrep -v ‘lsof|watch’;); cat tnew > told”
(#6)
—MY FAVORITE:—
cd /tmp
watch “lsof -c smbd > tnew; (comm -3 tnew told | sed ‘s/^\t//’ | egrep -v ‘lsof|watch’;); cat tnew > told”