Live Chat!

Monitor who runs what, listen to what ports, established what connections.

          0 votos

March 8th, 2007 mysurface Posted in Admin, lsof | Hits: 13401 |

To identify and monitor who is running what applications, which the application is listening to what port, established what connections, we can use lsof. lsof (List Open Files) are use for listing all current opened files. Besides the file name, it includes info such as who open it, what command use to open it, what type of file is it etc.

To list all Internet or network related opened files.

lsof -i

output:


COMMAND    PID  USER   FD   TYPE DEVICE SIZE NODE NAME
ktorrent  5220 mysurface   14u  IPv4  13129       TCP *:6881 (LISTEN)
ktorrent  5220 mysurface   15u  IPv6  13152       UDP *:6881
ktorrent  5220 mysurface   16u  IPv4  41606       TCP 192.168.1.101:43234->122.49.147.27:32006 (SYN_SENT)
ktorrent  5220 mysurface   17u  IPv4  41597       TCP 192.168.1.101:59485->host-63-239-252-1.tetonwireless.com:6881 (SYN_SENT)
ktorrent  5220 mysurface   18u  IPv4  36757       TCP 192.168.1.101:42724->203-36-217-77.dsl.dodo.com.au:25423 (ESTABLISHED)
...

You might facing some latency while listing them, the reason is, lsof cleverly replace your IP with DNS, so it need times to resolve DNS. To ask it stop to act smart and display with only numerical IP addresses, specified -n.

lsof -i -n

You may want to list open files with root permission, which returns you more entries. 

sudo lsof -i -n

lsof list both IPv6 and IPv4 related files by default. You specified -i4 if you want entries with IPv4 only, same thing to IPv6, specified -i6.

sudo lsof -i4 -n

Okay, If you just want to list files which triggers by a specific user only, you can do this:

sudo lsof -i -n -a -u toydi

-a indicate AND logic, the entire line simply means, I want to list Internet related open files and these files must be trigger by toydi.

Again, lsof capable of doing more, check out the manuals for more details.

[tags]networks, internet, network monitoring, security [/tags]

Related Posts
simple usage of tcpdump
This is what I learn from geek00l today. Tcpdump is a really great tool for network security analyst, you can dump packe...

scan tcp and udp open ports using netcat
Netcat is a very powerful tools to setup a TCP/UDP connections and listens deamon. I am here to show you how to perform ...

chatting and transfer file with netcat
netcat, or sometimes the command known as nc capable of doing a lots of thing. The examples of how to use nc to scan ope...

3 Responses to “Monitor who runs what, listen to what ports, established what connections.”

  1. Linux Tips and Tech Says:
    March 9th, 2007 at 9:04 pm

    this is really great explanation, thanks!

  2. simple usage of tcpdump » Linux by Examples Says:
    May 23rd, 2007 at 12:32 am

    [...] Wanna try out tcpdump but donno what’s the port to try on? You can obtain a lots of packets flows while you hook up to the Internet. Search a port through lsof to practise your tcpdump and have fun. Read Monitor who runs what, listen to what ports, established what connections for lsof examples. [...]

  3. werutzb Says:
    October 8th, 2008 at 10:18 am

    Hi!

    I would like improve my SQL experience.
    I red really many SQL resources and want to
    get more about SQL for my occupation as db2 database manager.

    What would you recommend?

    Thanks,
    Werutz

Leave a Reply