Monitor who runs what, listen to what ports, established what connections.
March 8th, 2007 mysurface Posted in Admin, lsof | Hits: 104780 | 5 Comments »
To identify and monitor who is running what applications, which the application is listening to what port, established what connections, we can use lsof. lsof (List Open Files) are use for listing all current opened files. Besides the file name, it includes info such as who open it, what command use to open it, what type of file is it etc.
To list all Internet or network related opened files.
lsof -ioutput:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
ktorrent 5220 mysurface 14u IPv4 13129 TCP *:6881 (LISTEN)
ktorrent 5220 mysurface 15u IPv6 13152 UDP *:6881
ktorrent 5220 mysurface 16u IPv4 41606 TCP 192.168.1.101:43234->122.49.147.27:32006 (SYN_SENT)
ktorrent 5220 mysurface 17u IPv4 41597 TCP 192.168.1.101:59485->host-63-239-252-1.tetonwireless.com:6881 (SYN_SENT)
ktorrent 5220 mysurface 18u IPv4 36757 TCP 192.168.1.101:42724->203-36-217-77.dsl.dodo.com.au:25423 (ESTABLISHED)
...
You might facing some latency while listing them, the reason is, lsof cleverly replace your IP with DNS, so it need times to resolve DNS. To ask it stop to act smart and display with only numerical IP addresses, specified -n.
lsof -i -nYou may want to list open files with root permission, which returns you more entries.
sudo lsof -i -nlsof list both IPv6 and IPv4 related files by default. You specified -i4 if you want entries with IPv4 only, same thing to IPv6, specified -i6.
sudo lsof -i4 -nOkay, If you just want to list files which triggers by a specific user only, you can do this:
sudo lsof -i -n -a -u toydi-a indicate AND logic, the entire line simply means, I want to list Internet related open files and these files must be trigger by toydi.
Again, lsof capable of doing more, check out the manuals for more details.
[tags]networks, internet, network monitoring, security [/tags]
March 9th, 2007 at 9:04 pm
this is really great explanation, thanks!
May 23rd, 2007 at 12:32 am
[…] Wanna try out tcpdump but donno what’s the port to try on? You can obtain a lots of packets flows while you hook up to the Internet. Search a port through lsof to practise your tcpdump and have fun. Read Monitor who runs what, listen to what ports, established what connections for lsof examples. […]
October 8th, 2008 at 10:18 am
Hi!
I would like improve my SQL experience.
I red really many SQL resources and want to
get more about SQL for my occupation as db2 database manager.
What would you recommend?
Thanks,
Werutz
December 3rd, 2008 at 10:37 pm
Actually, I don’t quite understand about how tcpdump is…
But, your explanation is quite clear for me. thanks
March 29th, 2014 at 10:23 am
Downloading Dice entire world normally charges funds.
I will provide you Dice Globe entire edition which you
can obtain listed here for cost-free. Of course you will be capable to enjoy Dice Entire world in a
few minutes listed here for totally free, all you have to do is download Dice
Globe with the hyperlink offered right here. We incorporated Cube Globe crack so following you
set up Dice Planet Alpha, you can perform it quickly.
Cube Entire world is a 3D motion RPG variety match that is made/developed by Wollay and his spouse.
Cube Entire world was started out in June 2011 and now,
the Alpha edition is out currently.