Sunday, 12 February 2012

Determine All Internet Connections And Corresponding Running Processes In Linux [How To]

Sometimes you might want to see all the internet connections being made by the running processes in the linux system. I am writing this small commandline trick to view all the internet connections using the lsof command.

lsof command is used to all the open files and the processes opening those files. All kind of resources such as disk, network connections, pipes, etc. are actually implemented as files in linux and the lsof command allows you to get the report regarding the opened files.

To view all the internet connections and the corresponding processes, we can simply use the -i switch as below:

samar@Techgaun:~$ lsof -i

The above command runs fine but is a little bit slow since it tries to resolve the network addresses to host names and port numbers to port names. So you might wish to use the command below for faster response from the lsof command.

samar@Techgaun:~$ lsof -i -Pn

Also, running the lsof command as the root(i.e. sudo lsof | grep -i listen or sudo lsof -i | grep -i listen) will give more extra outputs esp. the "LISTEN" ones i.e. the processes that are listening for incoming connections. This piece of information might be useful in determining the backdoors and rootkits but I've not yet explored into that.

I hope this little trick comes useful sometimes.