Solaris OK prompt commands

OK show-disks  ——> To show the disks
OK probe-scsi  ——> To search the scsi devices attached to the primary scsi controller
OK probe-scsi-all —> To search all the scsi devices
OK devalias   —-> to list device alias names
OK devalias <alias> <path> —>To temporarily create a device alias
OK printenv            —->To view the current NVRAM settings
OK setenv <env> <value> —–> To set the envirement variables
OK set-defaults                 —–> To set the open boot prompt settings to the factory default
OK nvalias <alias> <path>  —>To set the device alias permanently to NVRAM
OK nvunalias cdrom1  —-> To remove the nvalias ‘cdrom1’ from NVRAMRC
OK .version   ——> To find out the Open boot prompt version
OK .ent_addr —–> To find out the ethernet MAC address
OK .speed    —–> To find out the CPU and PCI bus speeds
OK banner    —–> To display the Model,Architecture,processor,openboot version,ethernet address,hostid and etc
OK set-defaults —-> To reset variable values to the factory defaults
OK reset-all —–> To reboot the system from OK Prompt
OK show-devs  —–>To show the PCI devices
OK boot   —> boot the system from the default boot devices
OK boot cdrom —-> to boot from cdrom
OK boot disk —-> boots the system from device as specified by the disk device alias
OK boot device-path —->boot from the full device mentioned
OK boot net —-> network boot .boots from a TFTP boot server or Jumpstart server
OK boot net -install  —–> Jumpstart boot.
OK boot tape —–> Tape off a SCSI tape if available
OK boot -h —-> boot halted .boot into a halted state(ok prompt) intersting for troubleshooting boot at the lowest level
OK boot -r —-> Reconfiguration boot.Boot and search for all attached device.useful when new device attached to the system
OK boot -s —-> Single the system to run level 1
OK boot -v —-> verbose good debugging information.
OK boot -F failsafe   —> to boot the server to failsafe mode

Displaying System Information
Commands to display additional system related information .Not all commands work on all Platforms
OK .idprom  ——–> Display ID PROM contents
OK .traps  ——–> Display a list of processor-dependent trap types
OK show-devs —–>display list of installed and probed devices
OK eject floppy —-> Eject the floppy
OK eject cdrom ——>eject the cdrom
OK sync —–> call the operating system to write information to hard disk

Emergency Keyboard Commands
These are key sequences recognized by the system to perform predetermined
actions at boot time or during normal operation.

Stop     —> Bypass POST .(This command does not depend on security-mode)
Stop-A —> Abort.(This will also stop a running system. You can
resume normal operations if you enter go at the prompt.
Enter anything else and you will stay halted)
Stop-D  —> Enter diagnostic mode(set diag-switch?to true)
Stop-N  —> Reset NVRAM contents to default values.


Ref: Suresh-Solaris

netstat – Find number of active connections in Linux using netstat

The “netstat” command is quite useful for checking connections to your machine. If we wanted to see ALL of the connections (which i really recommend you don’t do unless you’re trying to debug something and then you should probably pipe it to a file) we could use the “netstat -a” command.

Using “netstat -a” will give you something like this:


tcp	 0	 0	 SYN_RECV
tcp	 0	 0	 SYN_RECV
tcp	 0	 0 SYN_RECV
tcp	 0	 0 SYN_RECV
tcp	 0	 0 SYN_RECV
tcp	 0	 0	 SYN_RECV
tcp	 0	 0 SYN_RECV
tcp	 0	 0	 41-135-22-100.dsl.mwe:64774 SYN_RECV

As you can see it does name resolving for us and all that good stuff. Sometimes very hand but that’s not what this is about.

Total connections Count

We want to get some solid numbers so we can take a broader perspective. To do this we can use the following command:

netstat -an | wc -l

This will show us a count of all connections that we presently have to our machine.

Connections on specific port

We can take this one step further even. Lets say you only wanted to see traffic coming across port 80 (standard HTTP). We can grep our netstat then count it like so:

netstat -an | grep :80 | wc -l

Connections Count based on Connection state

Finally, lets take a look at the big picture in a category form. It is often extremely useful to see what those connections are doing, especially when you think you might just have tons of open connections that are idle and are trying to tweak your settings. It’s been known to happen where you have a really busy web server for instance, and maybe it’s running a lot of database connections to the same box, then stopping. That often causes things like the TIME_WAIT to pile up and a large number for any of these may be an indication that you need to adjust your tcp timeout settings.

netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n
      1 CLOSING
      1 established
      1 FIN_WAIT2
      1 Foreign
      2 CLOSE_WAIT
      6 FIN_WAIT1
      7 LAST_ACK
      7 SYN_RECV
     44 LISTEN
    297 TIME_WAIT

So there you have it. A quick way to return counts on your connections in your linux environment.

Check opened ports on server

Occasionally, when using netstat you may only care about ports that you are listening on. This is especially important if you are running a server that isn’t behind a firewall because it helps you determine what you may be vulnerable to that you aren’t aware of. using the netstat -l provides us with an excellent way to view this information.

[email protected] [~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:mysql                     *:*                         LISTEN
tcp        0      0 *:submission                *:*                         LISTEN
tcp        0      0 *:pop3                      *:*                         LISTEN
tcp        0      0 localhost:783               *:*                         LISTEN


Statistics by Protocol

Another very common thing and powerful tool that netstat has built in is to show you network statistics in an overview fashion. If you’re just trying to get a good idea about packet statistics then the netstat -s command may be what you’re looking for. Here is some sample output. Keep in mind that netstat -s will show statistics broken down by protocol, so the fewer protocol stacks you are running the more compacted this summary will be.

netstat -s
    139502653 total packets received
    28 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    133312468 incoming packets delivered
    84570989 requests sent out
    366 outgoing packets dropped
    50 reassemblies required
    25 packets reassembled ok
    110 fragments received ok
    220 fragments created
    180285 ICMP messages received
    1586 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 9516
        timeout in transit: 331
        echo requests: 170151
        echo replies: 284
    172009 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 1818
        echo request: 40
        echo replies: 170151
        InType0: 284
        InType3: 9516
        InType8: 170151
        InType11: 331
        OutType0: 170151
        OutType3: 1818
        OutType8: 40
    1104118 active connections openings
    2918161 passive connection openings
    26607 failed connection attempts
    256788 connection resets received
    10 connections established
    128535136 segments received
    78146054 segments send out
    1645036 segments retransmited
    0 bad segments received.
    185776 resets sent
    5125395 packets received
    1867 packets to unknown port received.
    0 packet receive errors
    5158639 packets sent
    511 SYN cookies sent
    511 SYN cookies received
    12748 invalid SYN cookies received
    14894 resets received for embryonic SYN_RECV sockets
    159972 packets pruned from receive queue because of socket buffer overrun
    2 packets pruned from receive queue
    73 ICMP packets dropped because they were out-of-window
    1965839 TCP sockets finished time wait in fast timer
    78 time wait sockets recycled by time stamp
    36503 packets rejects in established connections because of timestamp
    2487605 delayed acks sent
    33477 delayed acks further delayed because of locked socket
    Quick ack mode was activated 45146 times
    233 times the listen queue of a socket overflowed
    233 SYNs to LISTEN sockets ignored
    9643039 packets directly queued to recvmsg prequeue.
    7969358 packets directly received from backlog
    3291115817 packets directly received from prequeue
    24087199 packets header predicted
    5532135 packets header predicted and directly queued to user
    30481401 acknowledgments not containing data received
    42935286 predicted acknowledgments
    814 times recovered from packet loss due to fast retransmit
    339835 times recovered from packet loss due to SACK data
    336 bad SACKs received
    Detected reordering 2070 times using FACK
    Detected reordering 854 times using SACK
    Detected reordering 10 times using reno fast retransmit
    Detected reordering 1840 times using time stamp
    3234 congestion windows fully recovered
    20175 congestion windows partially recovered using Hoe heuristic
    TCPDSACKUndo: 11509
    14757 congestion windows recovered after partial ack
    1004274 TCP data loss events
    TCPLostRetransmit: 54568
    129 timeouts after reno fast retransmit
    33120 timeouts after SACK recovery
    31346 timeouts in loss state
    885023 fast retransmits
    93299 forward retransmits
    337378 retransmits in slow start
    128472 other TCP timeouts
    TCPRenoRecoveryFail: 356
    35936 sack retransmits failed
    9 times receiver scheduled too late for direct processing
    57242284 packets collapsed in receive queue due to low socket buffer
    49286 DSACKs sent for old packets
    157 DSACKs sent for out of order packets
    95033 DSACKs received
    2091 DSACKs for out of order packets received
    39363 connections reset due to unexpected data
    35517 connections reset due to early user close
    12861 connections aborted due to timeout
    6 times unable to send RST due to no memory
    TCPSACKDiscard: 60
    TCPDSACKIgnoredOld: 2937
    TCPDSACKIgnoredNoUndo: 38596
    TCPSpuriousRTOs: 2925
    TCPSackShifted: 1905464
    TCPSackMerged: 2048679
    TCPSackShiftFallback: 995770
    TCPBacklogDrop: 41842
    InBcastPkts: 20
    InOctets: 60455654365
    OutOctets: 154094094438
    InBcastOctets: 6560

Process Information

Another extremely useful tool for server administrators who are trying to track down processes that have run amuck is the netstat -p command. This returns the PID of the process that has the connection. It’s also quite useful if you’ve got someone abusing a PID and you need to find out what IP it is so that you can get in touch with that individual or to block connections from that IP in the future. Here’s some sample output from netstat -p.

netstat -p
tcp        0      0 localhost:56423 ESTABLISHED 27911/java
tcp        0     52 localhost:ssh    oh-76-76-76-76.dhcp.e:51653 ESTABLISHED 3344/sshd
tcp        0      0 localhost:imaps  76.sub-76-76-76.myvz:9258 ESTABLISHED 14501/dovecot/imap-

Ref: Exchange Core

The difference between fork(), vfork(), exec() and clone()


The fork call basically makes a duplicate of the current process, identical in almost every way (not everything is copied over, for example, resource limits in some implementations but the idea is to create as close a copy as possible).

The new process (child) gets a different process ID (PID) and has the the PID of the old process (parent) as its parent PID (PPID). Because the two processes are now running exactly the same code, they can tell which is which by the return code of fork – the child gets 0, the parent gets the PID of the child. This is all, of course, assuming the fork call works – if not, no child is created and the parent gets an error code.


The basic difference between vfork and fork is that when a new process is created with vfork(), the parent process is temporarily suspended, and the child process might borrow the parent’s address space. This strange state of affairs continues until the child process either exits, or calls execve(), at which point the parent process continues.

This means that the child process of a vfork() must be careful to avoid unexpectedly modifying variables of the parent process. In particular, the child process must not return from the function containing the vfork() call, and it must not call exit() (if it needs to exit, it should use _exit(); actually, this is also true for the child of a normal fork()).


The exec call is a way to basically replace the entire current process with a new program. It loads the program into the current process space and runs it from the entry point. exec() replaces the current process with a the executable pointed by the function. Control never returns to the original program unless there is an exec() error.


Clone, as fork, creates a new process. Unlike fork, these calls allow the child process to share parts of its execution context with the calling process, such as the memory space, the table of file descriptors, and the table of signal handlers.

When the child process is created with clone, it executes the function application fn(arg). (This differs from fork, where execution continues in the child from the point of the original fork call.) The fn argument is a pointer to a function that is called by the child process at the beginning of its execution. The arg argument is passed to the fn function.

When the fn(arg) function application returns, the child process terminates. The integer returned by fn is the exit code for the child process. The child process may also terminate explicitly by calling exit(2) or after receiving a fatal signal.