USER The user who invoked the process
PID The process ID
%CPU The percent of CPU this process is using
%MEM The percent of memory this process is using
COMMAND The name of the command that started the process
In general, to perform any action on a process, we must specify its PID.
Let’s see how to use this identifier to our advantage.
Filtering by Process Name When we inquire about or perform an action on processes, we usually don’t
want all of the processes displayed on the screen. It’s simply a problem of
too much information. Most often, we want to find information on a single process. To do so, we can use the filtering command
grep
, which I intro
duced in Chapter 1.
To demonstrate, we’ll use the Metasploit exploitation framework, the
most widely used exploitation framework and nearly every hacker’s good
friend. This comes installed on your Kali system, so start Metasploit with
the following:
kali >msfconsole Once the exploitation framework has been started, let’s see whether
we can find it in the list of processes. Metasploit has now taken over this
terminal, so open another terminal. Now, use the
ps aux
command and
then pipe it (
|
) to
grep
looking for the string
msfconsole
, as in Listing 62.
kali >ps aux | grep msfconsole 1:36 ruby /usr/bin/msfconsole
root 39892 0.0 0.0 4304 940 pts/2 S+ 15:18 0:00 grep msfconsole
Listing 6-2: Filtering a ps search to find a particular process From the filtered output in this listing, you should see all the processes
that match the term
msfconsole
. Here, you see the
msfconsole
program itself
from /usr/bin/msfconsole, and then you should see the
grep
command you
used to look for
msfconsole
. Notice that the output did not include the column
header list from
ps
. Since the keyword,
msfconsole
, is not in the header, it is not
displayed. Even so, the results are displayed in the same format.
From this, you can learn some important information. If, for example,
you need to know how many resources Metasploit is using, you can consult
64 Chapter 6
the third column (the CPU column), to see that it’s using 35.1 percent of
your CPU, and consult the fourth column to see that it’s using 15.2 percent
of your system memory. That’s quite a bit. It’s a demanding beast!