--> lsof -i tcp -i udp
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ssh 5464 luser 3u IPv4 12639233 0t0 TCP linux-desktop:49117->johnmeister.com/jeep/sj:ssh (ESTABLISHED)
firefox 19015 luser 59u IPv4 32660017 0t0 TCP linux-desktop:46220->edge-star-shv-01-lax1.facebook.com:https (ESTABLISHED)
firefox 19015 luser 65u IPv4 32858590 0t0 TCP linux-desktop:48621->sea09s17-in-f2.1e100.net:https (ESTABLISHED)
firefox 19015 luser 66u IPv4 32858735 0t0 TCP linux-desktop:41282->a23-3-105-138.deploy.static.akamaitechnologies.com:https (ESTABLISHED)
firefox 19015 luser 72u IPv4 32857838 0t0 TCP linux-desktop:58761->sea15s01-in-f14.1e100.net:https (ESTABLISHED)
firefox 19015 luser 76u IPv4 32860689 0t0 TCP linux-desktop:57055->bbc-vip115.telhc.bbc.co.uk:http (ESTABLISHED)
firefox 19015 luser 80u IPv4 32860420 0t0 TCP linux-desktop:54657->a184-28-16-178.deploy.static.akamaitechnologies.com:https (ESTABLISHED)
firefox 19015 luser 81u IPv4 32858029 0t0 TCP linux-desktop:47552->edge-star-shv-01-lax1.facebook.com:https (ESTABLISHED)
firefox 19015 luser 91u IPv4 32860416 0t0 TCP linux-desktop:50749->xx-fbcdn-shv-01-sea1.fbcdn.net:https (ESTABLISHED)
firefox 19015 luser 98u IPv4 32860440 0t0 TCP linux-desktop:51896->a23-59-190-115.deploy.static.akamaitechnologies.com:https (ESTABLISHED)
firefox 19015 luser 99u IPv4 32860441 0t0 TCP linux-desktop:51897->a23-59-190-115.deploy.static.akamaitechnologies.com:https (ESTABLISHED)
firefox 19015 luser 103u IPv4 32859119 0t0 TCP linux-desktop:36125->a184-51-159-157.deploy.static.akamaitechnologies.com:https (ESTABLISHED)
firefox 19015 luser 105u IPv4 32862286 0t0 TCP linux-desktop:33281->edge-star-shv-01-lax1.facebook.com:http (ESTABLISHED)
firefox 19015 luser 106u IPv4 32860502 0t0 TCP linux-desktop:56217->a184-27-178-59.deploy.static.akamaitechnologies.com:https (ESTABLISHED)
firefox 19015 luser 107u IPv4 32860503 0t0 TCP linux-desktop:37239->a23-59-190-26.deploy.static.akamaitechnologies.com:https (ESTABLISHED)
firefox 19015 luser 109u IPv4 32861313 0t0 TCP linux-desktop:53760->a184-27-178-11.deploy.static.akamaitechnologies.com:https (ESTABLISHED)
--> netstat -an | grep ^tcp
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 10.10.1.34:40392 54.225.181.150:80 ESTABLISHED
tcp 0 0 10.10.1.34:22 10.10.1.15:4230 ESTABLISHED
tcp 0 0 10.10.1.34:22 10.10.1.15:4231 ESTABLISHED
tcp 0 0 10.10.1.34:22 10.10.1.15:4233 ESTABLISHED
tcp 0 0 10.10.1.34:33307 50.19.81.129:443 ESTABLISHED
tcp 0 0 10.10.1.34:46220 31.13.70.1:443 ESTABLISHED
tcp 0 0 10.10.1.34:22 10.10.1.15:4234 ESTABLISHED
tcp 0 0 10.10.1.34:22 10.10.1.15:1211 ESTABLISHED
tcp 0 0 10.10.1.34:22 10.10.1.15:4229 ESTABLISHED
tcp 0 0 10.10.1.34:22 10.10.1.15:4232 ESTABLISHED
tcp 0 0 10.10.1.34:22 10.10.1.15:1212 ESTABLISHED
tcp 0 0 10.10.1.34:22 10.10.1.15:4228 ESTABLISHED
tcp 0 0 10.10.1.34:49117 75.146.49.225:22 ESTABLISHED
tcp 0 0 10.10.1.34:22 10.10.1.15:4235 ESTABLISHED
tcp 0 0 10.10.1.34:58841 212.58.246.95:80 ESTABLISHED
tcp 0 0 10.10.1.34:22 10.10.1.15:1702 ESTABLISHED
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:631 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
--> lsof --help
lsof: illegal option character: -
lsof: illegal option character: e
lsof: no process ID specified
lsof 4.84
latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-f[gG]]
[-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]
[+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]
Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.
-?|-h list help -a AND selections (OR) -b avoid kernel blocks
-c c cmd c ^c /c/[bix] +c w COMMAND width (9) +d s dir s files
-d s select by FD set +D D dir D tree *SLOW?* -i select IPv[46] files
-K list tasKs -l list UID numbers -n no host names
-N select NFS files -o list file offset -O avoid overhead *RISKY*
-P no port names -R list paRent PID -s list file size
-t terse listing -T disable TCP/TPI info -U select Unix socket
-v list version info -V verbose search +|-w Warnings (+)
-X skip TCP&UDP* files -Z Z context [Z] -- end option scan
+f|-f +filesystem or -file names +|-f[gG] flaGs
-F [f] select fields; -F? for help
+|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)
+m [m] use|create mount supplement
+|-M portMap registration (-) -o o o 0t offset digits (8)
-p s exclude(^)|select PIDs -S [t] t second stat timeout (15)
-T qs TCP/TPI Q,St (s) info
-g [s] exclude(^)|select and print process group IDs
-i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]
+|-r [t[m]] repeat every t seconds (15); + until no files, - forever.
An optional suffix to t is m; m must separate t from and
is an strftime(3) format for the marker line.
-s p:s exclude(^)|select protocol (p = TCP|UDP) states by name(s).
-u s exclude(^)|select login|UID set s
-x [fl] cross over +d|+D File systems or symbolic Links
names select named files or files on named file systems
Anyone can list all files; /dev warnings disabled; kernel ID check disabled.
--> netstat --help
usage: netstat [-veenNcCF] [] -r netstat {-V|--version|-h|--help}
netstat [-vnNcaeol] [ ...]
netstat { [-veenNac] -i | [-cnNe] -M | -s }
-r, --route display routing table
-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-c, --continuous continuous listing
-l, --listening display listening server sockets
-a, --all, --listening display all sockets (default: connected)
-o, --timers display timers
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
-T, --notrim dont't trim address information
={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom --sctp
=Use '-A ' or '--'; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)
--> sudo lsof | more
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root cwd DIR 8,2 4096 2 /
systemd 1 root rtd DIR 8,2 4096 2 /
systemd 1 root txt REG 8,2 1211072 1973815 /usr/lib/systemd/systemd
systemd 1 root mem REG 8,2 88216 5242912 /lib64/libz.so.1.2.8
systemd 1 root mem REG 8,2 165920 1974250 /usr/lib64/liblzma.so.5.2.0
systemd 1 root mem REG 8,2 18904 5243033 /lib64/libdl-2.20.so
systemd 1 root mem REG 8,2 432120 1972840 /usr/lib64/libpcre.so.1.2.3
systemd 1 root mem REG 8,2 1915142 5243081 /lib64/libc-2.20.so
systemd 1 root mem REG 8,2 130291 5243045 /lib64/libpthread-2.20.so
systemd 1 root mem REG 8,2 42670 5243098 /lib64/librt-2.20.so
systemd 1 root mem REG 8,2 150128 1977743 /usr/lib64/libseccomp.so.2.1.0
systemd 1 root mem REG 8,2 52184 5243092 /lib64/libapparmor.so.1.2.1
systemd 1 root mem REG 8,2 88152 1977628 /usr/lib64/libkmod.so.2.2.9
systemd 1 root mem REG 8,2 18976 5242979 /lib64/libcap.so.2.22
systemd 1 root mem REG 8,2 104408 1977181 /usr/lib64/libaudit.so.1.0.0
systemd 1 root mem REG 8,2 60096 5243044 /lib64/libpam.so.0.83.1
systemd 1 root mem REG 8,2 138800 5243034 /lib64/libselinux.so.1
systemd 1 root mem REG 8,2 158199 5247004 /lib64/ld-2.20.so
systemd 1 root 0u CHR 1,3 0t0 1029 /dev/null
systemd 1 root 1u CHR 1,3 0t0 1029 /dev/null
systemd 1 root 2u CHR 1,3 0t0 1029 /dev/null
systemd 1 root 3u 0000 0,9 0 8362 anon_inode
systemd 1 root 4u 0000 0,9 0 8362 anon_inode
systemd 1 root 5u 0000 0,9 0 8362 anon_inode
systemd 1 root 6r DIR 0,19 0 1 /sys/fs/cgroup/systemd
systemd 1 root 7u 0000 0,9 0 8362 anon_inode
systemd 1 root 8r 0000 0,9 0 8362 anon_inode
systemd 1 root 9u sock 0,7 0t0 68303 can't identify protocol
systemd 1 root 10r REG 0,3 0 9266 /proc/1/mountinfo
systemd 1 root 11r REG 0,3 0 4026532035 /proc/swaps
systemd 1 root 12u unix 0xffff8801a96c5740 0t0 68305 socket
systemd 1 root 13u 0000 0,9 0 8362 anon_inode
systemd 1 root 14u unix 0xffff88022eac2b00 0t0 68994 /run/systemd/private
systemd 1 root 15r 0000 0,9 0 8362 anon_inode
systemd 1 root 16u unix 0xffff88022ed19440 0t0 193852 socket
systemd 1 root 19r CHR 10,235 0t0 1109 /dev/autofs
systemd 1 root 22u unix 0xffff8800baa23bc0 0t0 9268 socket
systemd 1 root 23u unix 0xffff8800baa23140 0t0 9278 /run/systemd/journal/stdout
systemd 1 root 24u unix 0xffff880230a6ac00 0t0 9281 /run/systemd/journal/socket
systemd 1 root 25u unix 0xffff880230a6a880 0t0 9283 /dev/log
systemd 1 root 28u unix 0xffff88022edff8c0 0t0 12014 /run/dbus/system_bus_socket
systemd 1 root 31u unix 0xffff8800baacf400 0t0 70477 /run/udev/control
systemd 1 root 32u sock 0,7 0t0 70476 can't identify protocol
systemd 1 root 33u unix 0xffff88022edffc40 0t0 12017 /run/avahi-daemon/socket
systemd 1 root 34u unix 0xffff88022e87b8c0 0t0 119711 /var/run/pcscd/pcscd.comm
systemd 1 root 36u unix 0xffff88022e87bc40 0t0 103250 socket
systemd 1 root 37u FIFO 0,17 0t0 10904 /run/dmeventd-server
systemd 1 root 38u FIFO 0,17 0t0 10905 /run/dmeventd-client
systemd 1 root 39u unix 0xffff88022eecfb80 0t0 70532 /run/lvm/lvmetad.socket
systemd 1 root 41u unix 0xffff88022edd5740 0t0 10889 /run/systemd/shutdownd
systemd 1 root 43u FIFO 0,5 0t0 10888 /dev/initctl
systemd 1 root 44u sock 0,7 0t0 68334 can't identify protocol
systemd 1 root 48u unix 0xffff88022f3e4ac0 0t0 96663 socket
systemd 1 root 56u unix 0xffff8800baafb880 0t0 96664 socket
systemd 1 root 57r FIFO 0,8 0t0 10896 pipe
systemd 1 root 59u unix 0xffff88020b79d400 0t0 118603 socket
systemd 1 root 60u unix 0xffff88021198eac0 0t0 118604 socket
kthreadd 2 root cwd DIR 8,2 4096 2 /
kthreadd 2 root rtd DIR 8,2 4096 2 /
kthreadd 2 root txt unknown /proc/2/exe
ksoftirqd 3 root cwd DIR 8,2 4096 2 /
ksoftirqd 3 root rtd DIR 8,2 4096 2 /
ksoftirqd 3 root txt unknown /proc/3/exe
kworker/0 5 root cwd DIR 8,2 4096 2 /
kworker/0 5 root rtd DIR 8,2 4096 2 /
kworker/0 5 root txt unknown /proc/5/exe
rcu_preem 7 root cwd DIR 8,2 4096 2 /
...
|
