Please see top CPU consumers or top RAM consumers for commands to find the offending processes
Example Process:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND apache 1234 99.0 40.6 4704844 400260 ? S 11:08 0:08 /usr/sbin/httpd
First we need to find out if the process is an Established connection (replace 1234 with the PID):
netstat -pant | grep 1234
An important column to look into is the 'State' column. This tells you what the process is currently doing:
| State | Definition |
|---|---|
| D | uninterruptible sleep (usually IO) |
| R | running or runnable (on run queue) |
| S | interruptible sleep (waiting for an event to complete) |
| T | stopped, either by a job control signal or because it is being traced |
| X | dead (should never be seen) |
| Z | defunct (“zombie”) process, terminated but not reaped by its parent |
| < | high-priority (not nice to other users) |
| N | low-priority (nice to other users) |
| L | has pages locked into memory (for real-time and custom IO) |
| s | is a session leader |
| l | is multi-threaded (using CLONE_THREAD, like NPTL pthreads do) |
| + | is in the foreground process group |
Once you have a process to investigate, we will need to find out if the process is alive/active.
We can run an strace command for a certain amount of time for this.
The command below runs strace for 3 seconds and then terminates the command. Replace 1234 with the PID number you are investigating:
timeout 5 strace -p 1234If there is some for out output on the screen, this means the process is active.
Process 1 attached <detached ...>If the process is not active and the output from the netstat command does not return anything then the process could be dead.