To identify and monitor who is running what applications, which the application is listening to what port, established what connections, we can use lsof. lsof (List Open Files) are use for listing all current opened files. Besides the file name, it includes info such as who open it, what command use to open it, what type of file is it etc.
To list all Internet or network related opened files.
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME ktorrent 5220 mysurface 14u IPv4 13129 TCP *:6881 (LISTEN) ktorrent 5220 mysurface 15u IPv6 13152 UDP *:6881 ktorrent 5220 mysurface 16u IPv4 41606 TCP 192.168.1.101:43234->188.8.131.52:32006 (SYN_SENT) ktorrent 5220 mysurface 17u IPv4 41597 TCP 192.168.1.101:59485->host-63-239-252-1.tetonwireless.com:6881 (SYN_SENT) ktorrent 5220 mysurface 18u IPv4 36757 TCP 192.168.1.101:42724->203-36-217-77.dsl.dodo.com.au:25423 (ESTABLISHED) ...
You might facing some latency while listing them, the reason is, lsof cleverly replace your IP with DNS, so it need times to resolve DNS. To ask it stop to act smart and display with only numerical IP addresses, specified -n.
lsof -i -n
You may want to list open files with root permission, which returns you more entries.
sudo lsof -i -n
lsof list both IPv6 and IPv4 related files by default. You specified -i4 if you want entries with IPv4 only, same thing to IPv6, specified -i6.
sudo lsof -i4 -n
Okay, If you just want to list files which triggers by a specific user only, you can do this:
sudo lsof -i -n -a -u toydi
-a indicate AND logic, the entire line simply means, I want to list Internet related open files and these files must be trigger by toydi.
Again, lsof capable of doing more, check out the manuals for more details.
[tags]networks, internet, network monitoring, security [/tags]