Tutorial list open files & network connections using LSOF
Ciao! E’ la prima volta che ti vedo qua, se vuoi seguirmi sottoscrivi il feed RSS.
If you’re new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Oggi impariamo a usare il comando lsof, molto utile per scovare informazioni riguardanti il nostro sistema soprattutto quando si vuole sapere qualcosa di piu’ del solito ip connesso, porta, ecc..
Con il comando lsof si puo’ infatti scoprire diverse cose interessanti ma in generale e’ usato per listare le informazioni riguardanti file aperti dai vari processi eseguiti nella nostra macchina, ma vediamo come funziona con qualche comando di esempio:
Show all connections with
lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
portmap 2663 daemon 3u IPv4 6687 UDP *:sunrpc
portmap 2663 daemon 4u IPv4 6690 TCP *:sunrpc (LISTEN)
Show only TCP (works the same for UDP)
lsof -iTCP
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
portmap 2663 daemon 4u IPv4 6690 TCP *:sunrpc (LISTEN)
named 2858 root 21u IPv4 6987 TCP localhost:domain (LISTEN)
lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 3304 root 3u IPv6 7934 TCP *:ssh (LISTEN)
sshd 8975 root 3r IPv6 7347496 TCP anjuna.befree.it:ssh->ip-***-***.sn2.eutelia.it:38118 (ESTABLISHED)
To show connections to a specific host, use
lsof -i@212.***.3.**2
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
apache2 19525 www-data 140u IPv6 7353240 TCP anjuna.befree.it:www->212.***.3.**2:4319 (ESTABLISHED)
apache2 19534 www-data 140u IPv6 7353096 TCP anjuna.befree.it:www->212.***.3.**2:4476 (ESTABLISHED)
Show connections based on the host and the port using
lsof -i@10.99.99.11:domain
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 2858 root 24u IPv4 6990 UDP 10.99.99.11:domain
named 2858 root 25u IPv4 6991 TCP 10.99.99.11:domain (LISTEN)
lsof -i
portmap 2663 daemon 4u IPv4 6690 TCP *:sunrpc (LISTEN)
named 2858 root 21u IPv4 6987 TCP localhost:domain (LISTEN)
Greppinging for “ESTABLISHED” shows current active connections
lsof -i
postmaste 8244 postgres 6u IPv4 7345796 TCP localhost:postgresql->localhost:36157 (ESTABLISHED)
postmaste 8814 postgres 6u IPv4 7347013 TCP localhost:postgresql->localhost:36170 (ESTABLISHED)
Show what a given user has open using -u
lsof -u www-data
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
apache2 12747 www-data rtd DIR 8,4 848 2 /
apache2 12747 www-data txt REG 8,4 324284 392401 /usr/sbin/apache2
See what files and network connections a command is using with -c
lsof -c spamd
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
spamd 11328 spamd rtd DIR 8,4 848 2 /
spamd 11328 spamd txt REG 8,4 1061668 391879 /usr/bin/perl
See what are the files opened by users who are surfing your web server (your grep could be different)
lsof -c apache2|grep -v ".log"|grep home
apache2 19524 www-data 143u REG 8,4 201088 1289960 /home/michelem/htdocs/wp-content/wallpaper/squares_girl_1024×768.jpg
apache2 19563 www-data 143r REG 8,4 919033 1289963 /home/michelem/htdocs/wp-content/wallpaper/old_girlfriend_photo_1280×1024.jpg
Questi sono solo alcuni degli utilizzi che ne potete fare, per tutti gli altri affidatevi al man di lsof e a qualche ricerca su Google.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
No Responses to “Tutorial list open files & network connections using LSOF”
No comments yet.
Leave a comment