Monitor who runs what, listen to what ports, established what connections.

March 8th, 2007 mysurface Posted in Admin, lsof | Hits: 89082 | 5 Comments »

To identify and monitor who is running what applications, which the application is listening to what port, established what connections, we can use lsof. lsof (List Open Files) are use for listing all current opened files. Besides the file name, it includes info such as who open it, what command use to open it, what type of file is it etc.

To list all Internet or network related opened files.

lsof -i

output:


COMMAND    PID  USER   FD   TYPE DEVICE SIZE NODE NAME
ktorrent  5220 mysurface   14u  IPv4  13129       TCP *:6881 (LISTEN)
ktorrent  5220 mysurface   15u  IPv6  13152       UDP *:6881
ktorrent  5220 mysurface   16u  IPv4  41606       TCP 192.168.1.101:43234->122.49.147.27:32006 (SYN_SENT)
ktorrent  5220 mysurface   17u  IPv4  41597       TCP 192.168.1.101:59485->host-63-239-252-1.tetonwireless.com:6881 (SYN_SENT)
ktorrent  5220 mysurface   18u  IPv4  36757       TCP 192.168.1.101:42724->203-36-217-77.dsl.dodo.com.au:25423 (ESTABLISHED)
...

You might facing some latency while listing them, the reason is, lsof cleverly replace your IP with DNS, so it need times to resolve DNS. To ask it stop to act smart and display with only numerical IP addresses, specified -n.

lsof -i -n

You may want to list open files with root permission, which returns you more entries.

sudo lsof -i -n

lsof list both IPv6 and IPv4 related files by default. You specified -i4 if you want entries with IPv4 only, same thing to IPv6, specified -i6.

sudo lsof -i4 -n

Okay, If you just want to list files which triggers by a specific user only, you can do this:

sudo lsof -i -n -a -u toydi

-a indicate AND logic, the entire line simply means, I want to list Internet related open files and these files must be trigger by toydi.

Again, lsof capable of doing more, check out the manuals for more details.

[tags]networks, internet, network monitoring, security [/tags]

5 Responses to “Monitor who runs what, listen to what ports, established what connections.”

  1. this is really great explanation, thanks!

  2. [...] Wanna try out tcpdump but donno what’s the port to try on? You can obtain a lots of packets flows while you hook up to the Internet. Search a port through lsof to practise your tcpdump and have fun. Read Monitor who runs what, listen to what ports, established what connections for lsof examples. [...]

  3. Hi!

    I would like improve my SQL experience.
    I red really many SQL resources and want to
    get more about SQL for my occupation as db2 database manager.

    What would you recommend?

    Thanks,
    Werutz

  4. Actually, I don’t quite understand about how tcpdump is…
    But, your explanation is quite clear for me. thanks

  5. Downloading Dice entire world normally charges funds.
    I will provide you Dice Globe entire edition which you
    can obtain listed here for cost-free. Of course you will be capable to enjoy Dice Entire world in a
    few minutes listed here for totally free, all you have to do is download Dice
    Globe with the hyperlink offered right here. We incorporated Cube Globe crack so following you
    set up Dice Planet Alpha, you can perform it quickly.

    Cube Entire world is a 3D motion RPG variety match that is made/developed by Wollay and his spouse.
    Cube Entire world was started out in June 2011 and now,
    the Alpha edition is out currently.

Leave a Reply