-
Notifications
You must be signed in to change notification settings - Fork 7
/
lsof.sheet
47 lines (32 loc) · 1.52 KB
/
lsof.sheet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
lsof -i
-- Show all connections
lsof -iTCP
-- Show only TCP connections (works the same for UDP)
lsof -i :22
-- -i :port shows all networking related to a given port
lsof [email protected]
-- To show connections to a specific host, use @host
lsof [email protected]:22
-- Show connections based on the host and the port using @host:port
lsof -i| grep LISTEN
-- Grepping for "LISTEN" shows what ports your system is waiting for connections on
lsof -i| grep ESTABLISHED
-- Grepping for "ESTABLISHED" shows current active connections
lsof -u ecable
-- Show what a given user has open using -u
lsof -c syslog-ng
-- See what files and network connections a command is using with -c
lsof /var/log/messages
-- Pointing to a file shows what's interacting with that file
lsof -p 10075
-- The -p switch lets you see what a given process ID has open, which is good for learning more about unknown processes
lsof -t -c Mail
-- The -t option returns just a PID
lsof -a -u ecable -i @1.1.1.1
-- Using-a allows you to combine search terms, so the query below says, "show me everything running as daniel connected to 1.1.1.1"
kill -HUP `lsof -t -c sshd`
-- Using the -t and -c options together you can HUP processes
kill -9 `lsof -t -u daniel`
-- You can also use the -t with -u to kill everything a user has open
lsof +L1
-- lsof +L1 shows you all open files that have a link count less than 1, often indicative of a cracker trying to hide something