How to find and diagnose processes on Linux

Topic: Servers linux

List and filter processes with ps, pgrep, and top; find what is using CPU or memory; send signals (kill, killall) and interpret state (D, Z, R). Use this to debug high load, stuck processes, or what is bound to a port.

Intent: How-to

Quick answer

  • ps aux or ps -ef for full list; pgrep -a name to find by name; top or htop for live CPU/memory; sort by %CPU or %MEM to find heavy processes.
  • Process state: R running, D uninterruptible sleep, Z zombie; kill PID (SIGTERM) or kill -9 PID (SIGKILL); kill -0 PID to check if process exists.
  • Find process on port: ss -tlnp or lsof -i :80; find parent of zombies (PPID) and fix or restart the parent.

Prerequisites

Steps

  1. List processes

    ps aux | head; pgrep -a nginx; top (then P for CPU, M for memory); use ps -ef for PPID and full command line.

  2. Find resource usage

    top or htop; sort by CPU or MEM; ps -o pid,ppid,%cpu,%mem,cmd -p PID for one process; read /proc/PID/status for details.

  3. Find process using a port

    ss -tlnp | grep :80 or lsof -i :80; note the PID and process name; then kill or restart that process if needed.

  4. Send signals

    kill PID (SIGTERM, graceful); kill -9 PID (SIGKILL, force); killall -9 name; for zombies, kill the parent so the kernel reaps them.

Summary

You will find processes by name or port, see CPU and memory use, and stop or signal them with kill. Use this when the system is slow, a port is in use, or a process is stuck or zombie.

Prerequisites

  • Shell access; root or same user to signal other processes.

Steps

Step 1: List processes

ps aux
pgrep -a nginx
top   # q to quit, P sort by CPU, M by MEM

Use ps -ef to see PPID (parent process ID).

Step 2: Find resource usage

top -o %CPU
cat /proc/PID/status

Identify the PID that is using the most CPU or memory.

Step 3: Find process using a port

ss -tlnp
ss -tlnp | grep :80
lsof -i :80

Note the PID; use with kill or systemctl restart if it is a service.

Step 4: Send signals

kill PID
kill -9 PID
killall -9 nginx

Prefer kill (SIGTERM) first; use -9 only if the process does not exit. Zombies (state Z) must be reaped by the parent; kill the parent to clear them.

Verification

  • You can list processes, find the one on a port or using CPU, and stop it; zombies decrease after parent is restarted or killed.

Troubleshooting

Process respawns immediately — It is managed by systemd or another supervisor; stop the unit (systemctl stop) or disable the service, then fix config.

Cannot kill process — Process may be in D state (uninterruptible); find what I/O it is waiting on (disk, NFS); fix the underlying resource or reboot if stuck.

Next steps

Continue to