Exploring /proc/ - tips and tricks for the procfs

28-01-2013 | Remy van Elst

Table of Contents

procfs (or the proc filesystem) is a special filesystem in UNIX-like operating systems that presents information about processes and other system information in a hierarchical file-like structure, providing a more convenient and standardized method for dynamically accessing process data held in the kernel than traditional tracing methods or direct access to kernel memory. Typically, it is mapped to a mount point named /proc at boot time.

Note that most /proc/ entries are separated by null characters, and there may be a null character at the end. Where applicable the tr command is used to replace these.


Inside the /proc directory every process has a folder, named after its process ID. For example, my nagios3 program has the following process ID:

ps aux | grep [n]agios3 | awk '{ print $2 }'

So it has its own special folder: /proc/3363. Every process has a folder like /proc/$PID where $PID is its process ID.

I'll cover a few specific files of a process folder below.


This is a symlink to the process binary:

sudo ls -l /proc/3363/exe
lrwxrwxrwx 1 root root 0 2013-01-26 15:18 /proc/3363/exe -> /usr/sbin/nagios3


This shows the command which started the process:

(sudo cat /proc/3363/cmdline; echo) | tr "\000" " "
/usr/sbin/nagios3 -d /etc/nagios3/nagios.cfg


This is a symlink to the process current working directory:

sudo ls -la /proc/3363/cwd
lrwxrwxrwx 1 root root 0 2013-01-26 15:18 /proc/3363/cwd -> /


This gives us the environment of the command (your env) which also shows us all the user variables and such:

(sudo cat /proc/3363/environ; echo) | tr "\000" "\n"
[output truncated]


This gives us a ps like information overview for the process:

cat /proc/3363/status
Name:   nagios3
State:  S (sleeping)
Tgid:   3363
Pid:    3363
PPid:   1
TracerPid:      0    
[output truncated]


This gives the limits the process has, which can be set and tweaked using ulimit:

sudo cat /proc/3363/limits
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        0                    unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             unlimited            unlimited            processes 
[output truncated]

Non Processes

There are also a lot of "general" files which give you system information.


This gives a list of all the filesystems supported by the current kernel:

cat /proc/filesystems 
nodev   sysfs
nodev   rootfs
nodev   bdev
nodev   proc
nodev   cgroup

When it has nodev before it, it means it is a non-physical filesystems such as network filesystems and proc.


This return a lot of info about the processor(s).

cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 15
model           : 3
model name      : Intel(R) Xeon(TM) CPU 2.60GHz
stepping        : 9


This returns the uptime as two decimal values in seconds, separated by a space, the amount of time since the kernel was started and the amount of time that the kernel has been idle.

cat /proc/uptime
3121129.58 4100521.65


This gives the current command line passed to the running kernel (by GRUB/lilo):

cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-2.6.18-21-generic-pae root=UUID=[...] ro quiet


This gives very detailed kernel version information. More than with uname -a, see the comparison:

cat /proc/version
Linux version 2.6.18-21-custom-pae-bfs (remy@solaris3) (gcc version 4.4.3 (Ubuntu 4.2-ubuntu5.1) ) #101-Ubuntu SMP Mon Dec 3 15:56:38 UTC 2012

uname -a
Linux solaris3 2.6.18-21-custom-pae-bfs #101-Ubuntu SMP Mon Dec 3 15:56:38 UTC 2012 i686 GNU/Linux

(Note that this is a custom kernel, hence the remy@solaris3).


This returns a list of currently loaded kernel modules:

cat /proc/modules
btrfs 462393 0 - Live 0xf908d000
zlib_deflate 19568 1 btrfs, Live 0xf87e9000
crc32c 2519 1 - Live 0xf8410000


This gives information on the attached SCSI devices (handy on servers, also does SAS):

cat /proc/scsi/scsi 
Attached devices:
Host: scsi1 Channel: 00 Id: 00 Lun: 00
  Vendor: TEAC     Model: CD-224E          Rev: K.9A
  Type:   CD-ROM                           ANSI  SCSI revision: 05


This gives the same result as the uptime command, with two extra's. The fourth field consists of two numbers separated by a slash, the first one represents the number of currently executing processes/threads. This number will not exceed the number of processors cores the system has.The second number (the one after the slash) represents the number of processes/threads currently existing on the system. The fifth field has the most reced PID created (probably of the cat command you just did.)

cat /proc/loadavg 
1.02 1.43 1.40 1/132 16254

The /proc/net folder

This folder has information about the network stack.


This is the systems routing table, in HEX format:

cat /proc/net/route
Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT                                                       
eth0    0EF1D9C2        00000000        0001    0       0       0       00FFFFFF        0       0       0                                                                               
eth0    00000000        0EF1D9C2        0003    0       0       100     00000000        0       0       0  


This has the system ARP table, also in HEX format. Using the arp -a command gives more readable output.

cat /proc/net/arp
IP address       HW type     Flags       HW address            Mask     Device        0x1         0x2         00:11:22:33:44:55     *        eth0        0x1         0x2         00:11:11:11:44:55     *        eth0


This has information about sent and received packages for all interfaces. ifconfig gives a more readable output.

cat /proc/net/dev
Inter-|   Receive                                                     |Transmit
 face |bytes    packets      errs drop fifo frame compressed multicast|bytes      packets    errs drop fifo colls carrier compressed
    lo:775661077  998843        0    0    0     0          0         0 775661077  998843       0    0    0     0       0          0
  eth0:2914473149 1605253769    1    0    0     1          0         0 3861718441 884372746    0    0    0     0       0          0



This value controls how willing the kernel will be to swap memory. If you raise this number, the kernel will want to swap more often, while lowering it will decrease his tendency to swap.

cat /proc/sys/vm/swappiness 


This value is the maximum number of processes/threads that can exist at any given time on the system.

cat /proc/sys/kernel/threads-max


This file controls if the kernel forwards packets. If your system is not acting as a router or firewall this should be off (0). You can change it by echo 1 > /proc/sys/net/ipv4/conf/default/forwarding or by setting it in /etc/sysctl.conf.

cat /proc/sys/net/ipv4/conf/default/forwarding


Writing to this file causes the kernel to drop clean caches, dentries and inodes from memory, causing that memory to become free. To free pagecache, dentries and inodes, use echo 3 > /proc/sys/vm/drop_caches. Because this is a nondestructive operation and dirty objects are not freeable, you should run sync first!


Writing a character to this file triggers the SysRq function sent by the key.

This file is only writable by root.

If you don't know what sysreq is, read the wikipedia page to find out more.


This controls the ports locally available for opening. If you use for example an apache or nginx proxy, that service will have to open two connections for each request (one to the client, one to the backend). Setting this value higher will in heavy load environments give a performance boost.

cat /proc/sys/net/ipv4/ip_local_port_range 
32768   61000

Tags: command-line, kernel, linux, proc, procfs,