More Port Analysis with lsof

Last week we looked at two Unix/Linux commands that you can use to find out more information about open ports and the processes running on them. Another useful tool for process analysis is “lsof”, which stands for “list open files”. The command itself can be used for many tasks on your dedicated server. It provides information about any files opened by a process, including regular files, directories, libraries, network files, and more.

To listen to ports, there are a few formats that your command string can take:

lsof -i :[port number
lsof -i tcp:[port number]
lsof udp:[port number]

For example, to listen on port 80 (the standard port for Apache web server processes), you would type:

# lsof -i :80

The output will look like this:

apache2 2494 root 3u IPv4 2523745 0t0 TCP *:www (LISTEN)
apache2 2498 www-data 3u IPv4 2523745 0t0 TCP *:www (LISTEN)
apache2 2499 www-data 3u IPv4 2523745 0t0 TCP *:www (LISTEN)
apache2 2500 www-data 3u IPv4 2523745 0t0 TCP *:www (LISTEN)
apache2 2501 www-data 3u IPv4 2523745 0t0 TCP *:www (LISTEN)
apache2 2502 www-data 3u IPv4 2523745 0t0 TCP *:www (LISTEN)

Now that you know the process IDs, you can find out more information about them. For example, you can now run the ps command for process 2498:

# ps aux | grep 2498

You will see the output:

www-data 2498 0.0 0.1 194196 5620 ? S 11:59 0:00 /usr/sbin/apache2 -k start

For more information about lsof, type “man lsof” from the command line or view the manual online.











Comments: