lsof : This actually lists the open files and the processes which opened them. We can lsof to find open ports and the process associated with it. Lets see some practical examples:
$lsof -i -n -P | grep httpd httpd 3406 root 4u IPv6 389038 TCP *:80 (LISTEN) httpd 3406 root 6u IPv6 389043 TCP *:443 (LISTEN) httpd 3408 apache 4u IPv6 389038 TCP *:80 (LISTEN) httpd 3408 apache 6u IPv6 389043 TCP *:443 (LISTEN) httpd 3409 apache 4u IPv6 389038 TCP *:80 (LISTEN) httpd 3409 apache 6u IPv6 389043 TCP *:443 (LISTEN) httpd 3410 apache 4u IPv6 389038 TCP *:80 (LISTEN) httpd 3410 apache 6u IPv6 389043 TCP *:443 (LISTEN)
Which process owns port 80 ?
$lsof -i:80 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME apache2 9494 root 3u IPv4 58860 TCP *:www (LISTEN) apache2 9499 www-data 3u IPv4 58860 TCP *:www (LISTEN) apache2 9500 www-data 3u IPv4 58860 TCP *:www (LISTEN)
List all the listening ports
$lsof -i| grep LISTEN sshd 2470 root 3u IPv4 6090 TCP *:ssh (LISTEN) sshd 2470 root 4u IPv6 6092 TCP *:ssh (LISTEN) exim4 2870 Debian-exim 3u IPv4 6507 TCP HareKrishna:smtp (LISTEN) squid 3094 proxy 13u IPv4 7858 TCP *:3128 (LISTEN) cupsd 3160 root 2u IPv6 24382 TCP localhost:ipp (LISTEN) cupsd 3160 root 3u IPv4 24383 TCP HareKrishna:ipp (LISTEN) webAccess 3695 root 5u IPv6 8500 TCP *:8308 (LISTEN) webAccess 3695 root 16u IPv6 8772 TCP *:8009 (LISTEN) webAccess 3695 root 18u IPv6 8779 TCP HareKrishna:8005 (LISTEN)
List all the IP's connected to the system
$netstat -nat | awk '{ print $5}' | uniq
0.0.0.0:*
216.239.61.164:80
216.239.61.154:80
203.199.74.16:80
174.36.30.68:443
203.199.74.16:80
174.36.30.66:443
203.199.74.8:80
64.233.181.100:80
216.239.61.164:80
208.43.202.7:80
203.199.74.8:80
216.239.61.154:80
0 comments:
Post a Comment