Sunday, October 17, 2010

Linux Networking Commands: lsof

LSOF command is used to find the status of your machineie, for revealing information about network sockets, familar to netstat command. This command saves a lot of time for the admin to handle and also provides the right direction when trouble shooting what direction your machine is up to. The below are the some examples of this command:


Example:


Show all open TCP files - Will return what service is running, who is running it, the process ID and the connections on all TCP ports:


# lsof -i TCP


Show open TCP files on port 80 -


# lsof -i TCP:80


returns --> httpd2-wo 7010 wwwrun 3u IPv6 14787 TCP *:http (LISTEN)


Show open LDAP connections on TCP -


# lsof -i TCP:636


Want to know what files are open by a particular command (substitute your command after the c, and yes you can abbreviate it matches the closest command)-


# lsof -c mysq


returns -->
mysqld 991 admin cwd DIR 8,3 240 148743 /home/admin/novell/idm/mysql/data
mysqld 991 admin rtd DIR 8,3 536 2 /
mysqld 991 admin txt REG 8,3 5464060 148691 /home/admin/novell/idm/mysql/bin/mysqld
mysqld 991 admin 0r CHR 1,3 41715 /dev/null
mysqld 991 admin 1w REG 8,3 1250 149954 /home/admin/novell/idm/mysql/mysql.log
mysqld 991 admin 2w REG 8,3 1250 149954 /home/admin/novell/idm/mysql/mysql.log
mysqld 991 admin 3u IPv4 86990 TCP *:63306 (LISTEN)...


Want to know what files are open by a particular device?


#lsof /dev/cdrom


returns --> bash 30904 admin cwd
DIR 3,0 2048 63692 /media/cdrecorder/linux/user_application_provisioning


You can change TCP to UDP and narrow down your requests to very specific items you want to target (i.e. is there an established connection from xyz.somesite.com?).


# lsof -i TCP@192.168.0.2:636 (lists LDAP connections to my server)


returns --> java 890 root 18u IPv6 8365030
TCP myserver.somecompany.com:42936->myserver.somecompany.com:ldaps (ESTABLISHED)


ndsd 6520 root 262u IPv4 8390927
TCP myserver.somecompany.com:ldaps->myserver.somecompany.com:43123 (ESTABLISHED)


Environment:


The "lsof" command will work on any SUSE variant - Novell OES, Suse Linux Enterprise Server, Suse Linux Enterprise Desktop, and OpenSUSE.
Posted by black wallpaper at 4:48 AM
Labels: ,