Tutorial list open files & network connections using LSOF
Oggi impariamo a usare il comando lsof, molto utile per scovare informazioni riguardanti il nostro sistema soprattutto quando si vuole sapere qualcosa di piu’ del solito ip connesso, porta, ecc..
Con il comando lsof si puo’ infatti scoprire diverse cose interessanti ma in generale e’ usato per listare le informazioni riguardanti file aperti dai vari processi eseguiti nella nostra macchina, ma vediamo come funziona con qualche comando di esempio:
Show all connections with
lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
portmap 2663 daemon 3u IPv4 6687 UDP *:sunrpc
portmap 2663 daemon 4u IPv4 6690 TCP *:sunrpc (LISTEN)
Show only TCP (works the same for UDP)
lsof -iTCP
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
portmap 2663 daemon 4u IPv4 6690 TCP *:sunrpc (LISTEN)
named 2858 root 21u IPv4 6987 TCP localhost:domain (LISTEN)
lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 3304 root 3u IPv6 7934 TCP *:ssh (LISTEN)
sshd 8975 root 3r IPv6 7347496 TCP anjuna.befree.it:ssh->ip-***-***.sn2.eutelia.it:38118 (ESTABLISHED)
To show connections to a specific host, use
lsof -i@212.***.3.**2
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
apache2 19525 www-data 140u IPv6 7353240 TCP anjuna.befree.it:www->212.***.3.**2:4319 (ESTABLISHED)
apache2 19534 www-data 140u IPv6 7353096 TCP anjuna.befree.it:www->212.***.3.**2:4476 (ESTABLISHED)
Show connections based on the host and the port using
lsof -i@10.99.99.11:domain
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 2858 root 24u IPv4 6990 UDP 10.99.99.11:domain
named 2858 root 25u IPv4 6991 TCP 10.99.99.11:domain (LISTEN)
lsof -i
portmap 2663 daemon 4u IPv4 6690 TCP *:sunrpc (LISTEN)
named 2858 root 21u IPv4 6987 TCP localhost:domain (LISTEN)
Greppinging for “ESTABLISHED” shows current active connections
lsof -i
postmaste 8244 postgres 6u IPv4 7345796 TCP localhost:postgresql->localhost:36157 (ESTABLISHED)
postmaste 8814 postgres 6u IPv4 7347013 TCP localhost:postgresql->localhost:36170 (ESTABLISHED)
Show what a given user has open using -u
lsof -u www-data
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
apache2 12747 www-data rtd DIR 8,4 848 2 /
apache2 12747 www-data txt REG 8,4 324284 392401 /usr/sbin/apache2
See what files and network connections a command is using with -c
lsof -c spamd
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
spamd 11328 spamd rtd DIR 8,4 848 2 /
spamd 11328 spamd txt REG 8,4 1061668 391879 /usr/bin/perl
See what are the files opened by users who are surfing your web server (your grep could be different)
lsof -c apache2|grep -v ".log"|grep home
apache2 19524 www-data 143u REG 8,4 201088 1289960 /home/michelem/htdocs/wp-content/wallpaper/squares_girl_1024x768.jpg
apache2 19563 www-data 143r REG 8,4 919033 1289963 /home/michelem/htdocs/wp-content/wallpaper/old_girlfriend_photo_1280x1024.jpg
Questi sono solo alcuni degli utilizzi che ne potete fare, per tutti gli altri affidatevi al man di lsof e a qualche ricerca su Google.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
09:07 on March 25th, 2012
[...] lsof [...]
14:56 on November 26th, 2010
Hell, very nice overview.
Post ranges workes to e.g.: lsof -i UDP:1000-3025
I’v postet simmilar
08:50 on October 30th, 2010
You you could edit the blog name Tutorial list open files & network connections using LSOF to more better for your content you make. I loved the post all the same.
17:28 on December 18th, 2009
Hello, Very nice article thanks.
10:03 on December 2nd, 2009
my God, i thought you were going to chip in with some decisive insght at the end there, not leave it with ‘we leave it to you to decide?