I still recall the line told to me when I started working as a Linux Sysadmin; “in Unix, everything is a file”. This includes socket files as well. Thus, one could use a utility like lsof to get network connection related information from the socket files. Usually, to get network related info, one would shoot netstat command; now you can lsof as well (^^,) …

Let’s dive a little into its usage.

We shall add the -i option to get network connection details.

Network connection info

Now, let’s see the various ways to fine-tune the output.

lsof-iTCP

Showing only TCP or UDP connections by specifying the same with -i

We can look for connections over specific ports, e.g lsof -i :443 displays all HTTPS connections.

lsof-port

Showing connections to a specific host, using lsof [email protected]_address.

lsof-ip

Let’s find only established connections; lsof -i -sTCP:ESTABLISHED

lsof-established

Getting everything opened by a specific user, which could be an exhaustive list. Therefore recommended to pipe it for analysis; e.g lsof -u ish | less

Network connection info

Aww! The post can go on & on & on with the myriad options that come with <codelsof. For a full reference, just shoot man lsof.