Examining and Manipulating with Processes and their Actions Flashcards
Which command provides detailed information about files that are opened by processes?
lsof
How does lsof help with a security analysis of a workstation?
helps to identify unauthorized or unexpected file accesses, which might indicate a security breach
How does lsof help to track network connections?
by listing all network sockets in use, including TCP and UDP ports
Which lsof flag lists all network connections and is useful in identifying open network sockets and the processes using them?
-i
~~~
ubuntu@ubuntu-cloud:~$ sudo lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 704 root 3u IPv4 22607 0t0 TCP *:ssh (LISTEN)
sshd 704 root 4u IPv6 22609 0t0 TCP *:ssh (LISTEN)
apache2 734 root 3u IPv6 22696 0t0 TCP *:http (LISTEN)
apache2 736 www-data 3u IPv6 22696 0t0 TCP *:http (LISTEN)
apache2 737 www-data 3u IPv6 22696 0t0 TCP *:http (LISTEN)
~~~
Which lsof flag lists all TCP connections?
sudo lsof -iTCP
Which lsof flag lists all UDP connections?
sudo lsof -iUDP
Which lsof flag shows open files belonging to a specific user?
lsof -u {username}
Which lsof flag shows files opened by a specific process ID (PID)?
lsof -p {pid}
Which lsof flag avoids converting network numbers to host names?
sudo lsof -i -n
~~~
ubuntu@ubuntu-cloud:~$ sudo lsof -i -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 736 www-data 3u IPv6 22696 0t0 TCP *:http (LISTEN)
apache2 737 www-data 3u IPv6 22696 0t0 TCP *:http (LISTEN)
snapd 1226 root 17u IPv4 28570 0t0 TCP 10.0.80.80:55236->185.125.190.26:https (ESTABLISHED)
~~~
How to do montiroring of a specific directory every 2 seconds for real-time observation with lsof?
lsof +D /path/to/directory -r 2
How to use lsof to list files using a specific network port?
sudo lsof -i:{port}
