Tutorial list open files & network connections using LSOF

Oggi impariamo a usare il comando lsof, molto utile per scovare informazioni riguardanti il nostro sistema soprattutto quando si vuole sapere qualcosa di piu’ del solito ip connesso, porta, ecc..

Con il comando lsof si puo’ infatti scoprire diverse cose interessanti ma in generale e’ usato per listare le informazioni riguardanti file aperti dai vari processi eseguiti nella nostra macchina, ma vediamo come funziona con qualche comando di esempio:

Show all connections with -i

lsof -i

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
portmap 2663 daemon 3u IPv4 6687 UDP *:sunrpc
portmap 2663 daemon 4u IPv4 6690 TCP *:sunrpc (LISTEN)

Show only TCP (works the same for UDP)

lsof -iTCP

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
portmap 2663 daemon 4u IPv4 6690 TCP *:sunrpc (LISTEN)
named 2858 root 21u IPv4 6987 TCP localhost:domain (LISTEN)

-i :port shows all networking related to a given port

lsof -i :22

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 3304 root 3u IPv6 7934 TCP *:ssh (LISTEN)
sshd 8975 root 3r IPv6 7347496 TCP anjuna.befree.it:ssh->ip-***-***.sn2.eutelia.it:38118 (ESTABLISHED)

To show connections to a specific host, use @host

lsof -i@212.***.3.**2

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
apache2 19525 www-data 140u IPv6 7353240 TCP anjuna.befree.it:www->212.***.3.**2:4319 (ESTABLISHED)
apache2 19534 www-data 140u IPv6 7353096 TCP anjuna.befree.it:www->212.***.3.**2:4476 (ESTABLISHED)

Show connections based on the host and the port using @host:port

lsof -i@10.99.99.11:domain

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 2858 root 24u IPv4 6990 UDP 10.99.99.11:domain
named 2858 root 25u IPv4 6991 TCP 10.99.99.11:domain (LISTEN)

Grepping for “LISTEN” shows what ports your system is waiting for connections on

lsof -i| grep LISTEN

portmap 2663 daemon 4u IPv4 6690 TCP *:sunrpc (LISTEN)
named 2858 root 21u IPv4 6987 TCP localhost:domain (LISTEN)

Greppinging for “ESTABLISHED” shows current active connections

lsof -i| grep ESTABLISHED

postmaste 8244 postgres 6u IPv4 7345796 TCP localhost:postgresql->localhost:36157 (ESTABLISHED)
postmaste 8814 postgres 6u IPv4 7347013 TCP localhost:postgresql->localhost:36170 (ESTABLISHED)

Show what a given user has open using -u

lsof -u www-data

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
apache2 12747 www-data rtd DIR 8,4 848 2 /
apache2 12747 www-data txt REG 8,4 324284 392401 /usr/sbin/apache2

See what files and network connections a command is using with -c

lsof -c spamd

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
spamd 11328 spamd rtd DIR 8,4 848 2 /
spamd 11328 spamd txt REG 8,4 1061668 391879 /usr/bin/perl

See what are the files opened by users who are surfing your web server (your grep could be different)

lsof -c apache2|grep -v ".log"|grep home

apache2 19524 www-data 143u REG 8,4 201088 1289960 /home/michelem/htdocs/wp-content/wallpaper/squares_girl_1024x768.jpg
apache2 19563 www-data 143r REG 8,4 919033 1289963 /home/michelem/htdocs/wp-content/wallpaper/old_girlfriend_photo_1280x1024.jpg

Questi sono solo alcuni degli utilizzi che ne potete fare, per tutti gli altri affidatevi al man di lsof e a qualche ricerca su Google.

Tags: , , , , , , , , , ,

Post simili:

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

5 Responses to “Tutorial list open files & network connections using LSOF”
  1. Monitoraggio utilizzo rete in Linux: 5 programmi utili (ma poco noti)
    09:07 on March 25th, 2012

    […] lsof […]

  2. shuron
    14:56 on November 26th, 2010

    Hell, very nice overview.
    Post ranges workes to e.g.: lsof -i UDP:1000-3025
    I’v postet simmilar

  3. Pointer Men's Basketball
    08:50 on October 30th, 2010

    You you could edit the blog name Tutorial list open files & network connections using LSOF to more better for your content you make. I loved the post all the same.

  4. Amy
    17:28 on December 18th, 2009

    Hello, Very nice article thanks.

  5. ncis episodes
    10:03 on December 2nd, 2009

    my God, i thought you were going to chip in with some decisive insght at the end there, not leave it with ‘we leave it to you to decide?

Leave a comment

(required)

(required)


*

Categories