Showing posts with label lsof. Show all posts
Showing posts with label lsof. Show all posts

Friday, June 23, 2017

how to check list of opened and closed port in linux ?

There are different commands on both Linux and UNIX server to see what TCP/UDP ports are listening or open on your server. You can use netstat command, which prints network connections, routing tables, interface statistics, masquerade connections, and multicast memberships, etc.

Method 1:
netstat command to find open ports

Syntax :

netstat --listen

Or

netstat -l

Example:

ravi@linuxforfreshers.com>>sudo netstat --listen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State     
tcp        0      0 *:1234                  *:*                     LISTEN    
tcp        0      0 *:8084                  *:*                     LISTEN    
tcp        0      0 192.168.122.1:domain    *:*                     LISTEN    
tcp        0      0 *:ssh                   *:*                     LISTEN    
tcp        0      0 *:ipp                   *:*                     LISTEN    
tcp        0      0 *:microsoft-ds          *:*                     LISTEN    
tcp        0      0 *:7070                  *:*                     LISTEN    
tcp        0      0 localhost:mysql         *:*                     LISTEN    
tcp        0      0 *:netbios-ssn           *:*                     LISTEN       
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN    
tcp6       0      0 [::]:ipp                [::]:*                  LISTEN    
tcp6       0      0 [::]:microsoft-ds       [::]:*                  LISTEN    
tcp6       0      0 [::]:netbios-ssn        [::]:*                  LISTEN    
udp        0      0 *:39505                 *:*                               
udp        0      0 *:ipp                   *:*                               
udp        0      0 *:mdns                  *:*                               
udp        0      0 *:mdns                  *:*                               

Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     12950    /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     18259042 @atpl-com.canonical.Unity.Scope.rhythmbox.T516689809663571
unix  2      [ ACC ]     STREAM     LISTENING     19096    /run/user/1000/keyring-n7CcyZ/control
unix  2      [ ACC ]     STREAM     LISTENING     22589    @/tmp/.ICE-unix/3779
unix  2      [ ACC ]     STREAM     LISTENING     21540    @/tmp/dbus-u6IauIGH5I

To display open ports and established TCP connections, enter:

netstat -vatn

Example:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State     
tcp        0      0 0.0.0.0:1234            0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:8084            0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:7070            0.0.0.0:*               LISTEN    

To display only open UDP ports try the following command:

netstat -vaun

Example:

ravi@linuxforfreshers.com>>sudo netstat -vaun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State     
udp        0      0 0.0.0.0:39505           0.0.0.0:*                         
udp        0      0 0.0.0.0:631             0.0.0.0:*   

Using netstat -lntu

Where
     -l = only services which are listening on some port
     -n = show port number, don't try to resolve the service name
     -t = tcp ports
     -u = udp ports
     -p = name of the program          


Method 2:

Using lsof Command

To display the list of open ports, enter:
# lsof -i
To display all open files, use:
# lsof

To display all open IPv4 network files in use by the process whose PID is 10050, use:
# lsof -i 4 -a -p 10050

Another example:
# lsof -iTCP -sTCP:LISTEN

Method 3:

Using telnet

Quickest way to test if a TCP port is open (including any hardware firewalls you may have), is to type, from a remote computer (e.g. your desktop):

Syntax:

telnet hostip port_number

Example 1:

ravi@linuxforfreshers.com>>telnet 192.168.101.156 22
Trying 192.168.101.156...
Connected to 192.168.101.156
Escape character is '^]'.

Example 2:

ravi@linuxforfreshers.com>>telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.

Method 3:

Using ss command

Syntax:
ss -lntu
Example:

ravi@linuxforfreshers.com>>ss -lntu
Netid State      Recv-Q Send-Q                                                                                     Local Address:Port                                                                                       Peer Address:Port
tcp   UNCONN     0      0                                                                                                      *:39505                                                                                                 *:*    
tcp   UNCONN     0      0                                                                                                      *:631                                                                                                   *:*    
tcp   UNCONN     0      0                                                                                                      *:5353                                                                                                  *:*



Tuesday, March 21, 2017

lsof command exapmles in linux ?

lsof a utility command every system admin and developer love. The lsof command stands for list open file descriptors and as the name suggest, it is used to find open files by process. Since almost everything in UNIX are file, you can use lsof command to find an open regular file, a directory, a symbolic link, a block special file, a NFS mounted file, a socket stream, a shared library, a character special file, a regular pipe, a named pipe, an internet socket, a UNIX domain socket and many others. It's an incredibly useful tool to do debugging and troubleshooting in UNIX and Linux environment. Since most of the production system runs on the UNIX-based operating system, knowledge of this tool become even more important.


lsof command generally comes pre-installed in many UNIX system. If you are getting -bash: lsof: command not found an error while using lsof then it could be that lsof is not in your PATH. just check /usr/bin or /usr/sbin folder for this command. If you don't find there then you can install it from source or you can ask your UNIX admin to do that for you.

1)      How to list all open files by all process

syntax: lsof

Simply running lsof without any argument print all opened file and process. This is not particularly useful but a good starting point.

Example:

dev@linuxforfreshers.com:~$ lsof | tail -10
tail      23119                  dev   1u      CHR             136,52       0t0       55 /dev/pts/52
tail      23119                  dev   2u      CHR             136,52       0t0       55 /dev/pts/52
lsof      23120                  dev cwd       DIR                8,6      4096  5767170 /home/dev
lsof      23120                  dev rtd       DIR                8,6      4096        2 /
lsof      23120                  dev txt       REG                8,6    163224 28574379 /usr/bin/lsof
lsof      23120                  dev mem       REG                8,6   7216688 28580440 /usr/lib/locale/locale-archive
lsof      23120                  dev mem       REG                8,6   1840928  2622444 /lib/x86_64-linux-gnu/libc-2.19.so
lsof      23120                  dev mem       REG                8,6    149120  2622402 /lib/x86_64-linux-gnu/ld-2.19.so
lsof      23120                  dev   4r     FIFO               0,10       0t0  2094341 pipe
lsof      23120                  dev   7w     FIFO               0,10       0t0  2094342 pipe

2) How to list all process which has opened a file

Syntax: lsof /home/someuser/somefile

will list all the process which has opened this file. you can see the command, PID, user and full file path to find out the process.

Example:

dev@linuxforfreshers.com:~$ lsof /home/dev/ | grep ssh
ssh        8222 dev cwd    DIR    8,6     4096 5767170 /home/dev
ssh.expec  8266 dev cwd    DIR    8,6     4096 5767170 /home/dev
ssh.expec  8268 dev cwd    DIR    8,6     4096 5767170 /home/dev
ssh.expec  8274 dev cwd    DIR    8,6     4096 5767170 /home/dev

3) How to find all opened files by a user

You can use lsof -u command to list all opened file by a user as shown below
Syntax: lsof -u username

Example:          

dev@linuxforfreshers.com:~$ lsof -u dev| tail -10
lsof      23353 dev txt       REG                8,6    163224 28574379 /usr/bin/lsof
lsof      23353 dev mem       REG                8,6     43616  2622456 /lib/x86_64-linux-gnu/libnss_files-2.19.so
lsof      23353 dev mem       REG                8,6     47760  2622438 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
lsof      23353 dev mem       REG                8,6     97296  2622400 /lib/x86_64-linux-gnu/libnsl-2.19.so
lsof      23353 dev mem       REG                8,6     39824  2622399 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
lsof      23353 dev mem       REG                8,6   7216688 28580440 /usr/lib/locale/locale-archive
lsof      23353 dev mem       REG                8,6   1840928  2622444 /lib/x86_64-linux-gnu/libc-2.19.so
lsof      23353 dev mem       REG                8,6    149120  2622402 /lib/x86_64-linux-gnu/ld-2.19.so
lsof      23353 dev   4r     FIFO               0,10       0t0  2119980 pipe
lsof      23353 dev   7w     FIFO               0,10       0t0  2119981 pipe

4) How to list all files opened by a particular command
You can use lsof -c option to provide name of command and list down all the files opened by that command, for example, to list all file opened by mysql process, you can do this :
Syntax : lsof -c process_name


Example :
root@linuxforfreshers.com:~# lsof -c mysql | tail -10
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
      Output information may be incomplete.
mysqld  2149 mysql   54u   REG                8,6     1024 16515193 /var/lib/mysql/mysql/time_zone.MYI
mysqld  2149 mysql   55u   REG                8,6        0 16515194 /var/lib/mysql/mysql/time_zone.MYD
mysqld  2149 mysql   56u   REG                8,6     1024 16515202 /var/lib/mysql/mysql/time_zone_leap_second.MYI
mysqld  2149 mysql   57u   REG                8,6        0 16515203 /var/lib/mysql/mysql/time_zone_leap_second.MYD
mysqld  2149 mysql   58u   REG                8,6     1024 16515190 /var/lib/mysql/mysql/time_zone_name.MYI
mysqld  2149 mysql   59u   REG                8,6        0 16515191 /var/lib/mysql/mysql/time_zone_name.MYD
mysqld  2149 mysql   60u   REG                8,6     1024 16515196 /var/lib/mysql/mysql/time_zone_transition.MYI
mysqld  2149 mysql   61u   REG                8,6        0 16515197 /var/lib/mysql/mysql/time_zone_transition.MYD
mysqld  2149 mysql   62u   REG                8,6     1024 16515199 /var/lib/mysql/mysql/time_zone_transition_type.MYI
mysqld  2149 mysql   63u   REG                8,6        0 16515200 /var/lib/mysql/mysql/time_zone_transition_type.MYD

Example 2:
root@linuxforfreshers.com:~# lsof -c chrome| tail -10
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
      Output information may be incomplete.
chrome  22949 dev  74u      REG               0,22   4198400      167 /run/shm/.com.google.Chrome.frd729 (deleted)
chrome  22949 dev  75r      REG                8,6    333900  3670118 /usr/share/fonts/truetype/msttcorefonts/Times_New_Roman_Bold.ttf
chrome  22949 dev  78r      REG                8,6    123828  3670122 /usr/share/fonts/truetype/msttcorefonts/Trebuchet_MS_Bold.ttf
chrome  22949 dev  79r      REG                8,6    136032  3670125 /usr/share/fonts/truetype/msttcorefonts/Verdana_Bold.ttf
chrome  22949 dev  80u      REG               0,22   4198400       27 /run/shm/.com.google.Chrome.reBCyQ (deleted)
chrome  22949 dev  81r      REG                8,6    123828  3670122 /usr/share/fonts/truetype/msttcorefonts/Trebuchet_MS_Bold.ttf
chrome  22949 dev  86u      REG               0,22   4198400      172 /run/shm/.com.google.Chrome.opHb4S (deleted)
chrome  22949 dev  87r      REG                8,6    330412  3670117 /usr/share/fonts/truetype/msttcorefonts/Times_New_Roman.ttf
chrome  22949 dev  90r      REG                8,6    330412  3670117 /usr/share/fonts/truetype/msttcorefonts/Times_New_Roman.ttf
chrome  22949 dev 104u      REG               0,22   4198400      193 /run/shm/.com.google.Chrome.Y05n64 (deleted)

5) How to find all files opened by a particular user and command

You can combine users and process name in one lsof command to list down all the files opened by a particular process or a particular user as shown below :

Syntax: $ lsof -u dev -c chrome

root@linuxforfreshers.com:~# lsof -u dev-c chrome | tail -10
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
      Output information may be incomplete.
chrome    22949 dev  74u      REG               0,22   4198400      167 /run/shm/.com.google.Chrome.frd729 (deleted)
chrome    22949 dev  75r      REG                8,6    333900  3670118 /usr/share/fonts/truetype/msttcorefonts/Times_New_Roman_Bold.ttf
chrome    22949 dev  78r      REG                8,6    123828  3670122 /usr/share/fonts/truetype/msttcorefonts/Trebuchet_MS_Bold.ttf
chrome    22949 dev  79r      REG                8,6    136032  3670125 /usr/share/fonts/truetype/msttcorefonts/Verdana_Bold.ttf
chrome    22949 dev  80u      REG               0,22   4198400       27 /run/shm/.com.google.Chrome.reBCyQ (deleted)
chrome    22949 dev  81r      REG                8,6    123828  3670122 /usr/share/fonts/truetype/msttcorefonts/Trebuchet_MS_Bold.ttf
chrome    22949 dev  86u      REG               0,22   4198400      172 /run/shm/.com.google.Chrome.opHb4S (deleted)
chrome    22949 dev  87r      REG                8,6    330412  3670117 /usr/share/fonts/truetype/msttcorefonts/Times_New_Roman.ttf
chrome    22949 dev  90r      REG                8,6    330412  3670117 /usr/share/fonts/truetype/msttcorefonts/Times_New_Roman.ttf
chrome    22949 dev 104u      REG               0,22   4198400      193 /run/shm/.com.google.Chrome.Y05n64 (deleted)

6) How to list all open files by a process using PID
As I told, I mostly use lsof command to find all files opened by a particular process. In order to do that sometimes, I usually use grep command to filter lsof output by PID, but you can also use lsof -p option to do the same, as shown below :

$ lsof -p 17783

will list all files opened by the process with PID 17783.

List users and processes, you can also supply multiple PIDs to find files opened by multiple processes e.g. :

$ lsof -p 17783,17754,17984


7) How to list all network connection
You can use lsof - i option to find all open network connections which is nothing but open internet sockets (TCP and UDP), for example

Syntax: $ lsof -i

you can further find all TPC connection by using tcp option as shown below :

$ lsof -i tcp

Similarly, to find all open udp connections you can do :

$ lsof -i udp

will list all process with open internet sockets.



8) How to find which process is using a port
Though you can do this with netstat command as well, you would be surprised to know that you can find all process using a particular TCP or UDP port using lsof command.

Syntax: lsof -i :portnumber

Example:

root@linuxforfreshers.com:~# lsof -i :3306
COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
mysqld  2149 mysql   10u  IPv4  12927      0t0  TCP localhost:mysql (LISTEN)


9) To list all open files on device /dev/sda, use:

     Syantax:    lsof /dev/sda

10) To find any open file, including an open UNIX domain socket file, with the name /dev/log, use:

    Syntax:        lsof /dev/log

11)  To find an IP version 4 socket file by its associated numeric dot-form address, use:

 Syntax: lsof -i@ipaddress

Example: lsof -i@192.168.101.1