I spend a surprising amount of time pawing through process tables on various UNIX boxes. The biggest problem I run into is that the
grep process itself generally shows up in the process table while the search is running, so it gets picked up. The downside there is that grep still finds stuff, even if the process doesn’t exist!
→ ps -ef | grep 12345 501 71075 70391 0 10:49AM ttys015 0:00.00 grep 12345
See? There is no process 12345, but there is a grep for it.
The naive solution (which I used for years) is to grep out the grep:
→ ps -ef | grep 12345 | grep -v grep
It works (unless process 12345 is itself a
grep), but it feels bad.
A while back, I picked up a technique that uses the power of regular expressions:
→ ps -ef | grep 1345
This works because
 in grep’s implementation of regular expression is a character class match; it matches any character in the set ‘2’ (which is just a literal ‘2’). However, in the process table entry for the searching
grep, the literal command line is
1345, which doesn’t match.
I call this “The [P]ID Trick” because I usually employ it to find processes by their process ID (almost always from a pidfile somewhere).
You can put the brackets anywhere. You don’t even have to be looking for a process ID! This finds all SSH processes (client and server):
→ ps -ef | grep s[s]h