‘TOP’: A Powerful Command for your macOS Terminal
Following my recent articles on the magic of your Mac Terminal, it is time to look at one power user command that will teach you a lot of what is happening in your Mac.
The command is the TOP command, just type top on your terminal and you will be overwhelmed, with the amount of data exposed. this is your processes list view:
What are the processes?
The short answer is, that when your app (any app) loads into the memory, it uses different processes to accomplish its task, usually, a process is made up of multiple threads running (more on that later) which can be viewed using your Mac activity monitor:
But here we will look at them through the terminal
Processes are key to understanding if there is some major app that consumes your CPU or memory resources, and needs to be terminated, but they also provide a view to internal happenings that can tell you if there is malware that pretends to be a legit process.
Some Facts
- Every operating system has a user process and a system process (background services, updates …)
- Each process has allocated CPU resources and memory
- Each process can be in different states, either running, sleeping
- Each process has what is known as a process ID (in case you will want to terminate the process)
- Each process has a parent process, the master process that actually triggered him
- Processes run in their own memory space
- Threads run in a shared memory space
- Each process consists of one or more threads, think of them as a subset of the process, they actually do the task of executing the app
So let’s analyze what we are seeing
At the top of our screen, we get information on the total amount of processes running, 430 total, 2 running, and the other ones sleeping, we can also see that we have 1830 threads of all the processes that are running.
Moving to the second line we can see the CPU utilization for our user processes and system processes, what are these?
System processes
are the processes that take care of things behind the scenes, for example, process number 1 the launchd process, the service management process responsible for demons, agents, scripts running on your Mac.
Above it, you can see a user process, like google chrome browser, which is initiated by the user.
There is also information on total memory used by the processes, but let’s move to the table of processes and learn of the more important columns.
The first one is the PID, that is the process ID, you can use the PID to terminate processes if you see that it consumes, too much memory or CPU resources.
How to terminate a process
Write down its PID And use the following command “kill <PID Number>”:
1547 is the terminal process ID, so by doing so, I’m actually terminating the terminal
The next column is the command, where you will find the process name, either user process or system process:
Next is the CPU column, where you will see how each process is taking CPU resources, the windowserver that consumes so much memory is actually a core part of the macOS, so don’t be surprised:
Now let’s move some places to the PPID.
That is the parent of the process, every process has a parent process that started it. why it is so important:
There are cases where malware, will try to pretend to be legit processes, one way to notice them, is to look ar their parent process and see, if it fits.
Here, for example, we can see that our terminal parent process is launchd:
More on Top and other power user commands can be found here:
You can subscribe to my channel at youtube.com/fortitip or join my FortiGate courses at https://www.udemy.com/course/fortigate-admin-crash-course/?referralCode=0B534DCF7A6D8BD3417E
