I still recall the line told to me when I started working as a Linux Sysadmin; “in Unix, everything is a file”. This includes socket files as well. Thus, one could use a utility like lsof to get network connection related information from the socket files. Usually, to get network related info, one would shoot
netstat command; now you can
lsof as well (^^,) …
Let’s dive a little into its usage.
We shall add the
-i option to get network connection details.
Now, let’s see the various ways to fine-tune the output.
We can look for connections over specific ports, e.g
lsof -i :443 displays all HTTPS connections.
Showing connections to a specific host, using
Let’s find only established connections;
lsof -i -sTCP:ESTABLISHED
Getting everything opened by a specific user, which could be an exhaustive list. Therefore recommended to pipe it for analysis; e.g
lsof -u ish | less
Aww! The post can go on & on & on with the myriad options that come with <codelsof. For a full reference, just shoot