How to use LSOF to monitor ports in real time

LSOF (List Open Files) is a command line tool mainly used to monitor system resources similar to Linux/Unix operating systems. Through the LSOF command, users can get detailed information about the active files in the system and the processes that are accessing these files. LSOF can help users identify the processes currently occupying file resources, thereby better managing system resources and troubleshooting possible problems. LSOF is powerful and flexible, and can help system administrators quickly locate file-related problems, such as file leaks, unclosed file descriptors, etc. Via LSOF command

The LSOF command line tool allows system administrators and developers to:

• Determine the process currently using a specific file or port, especially important in the case of port conflicts
• Detect files that have been deleted but are still open by the process, which may cause unnecessary space consumption; the LSOF command is used to identify and resolve such situations
• Helps efficiently troubleshoot errors such as "Port is already in use"
• Track network activity and open network connections for monitoring
• Investigate file access patterns to help identify potential security vulnerabilities

In this tutorial, you will learn how to monitor a live port using the LSOF command.

Basic syntax of LSOF command

The syntax of the LSOF command is as follows:

$lsof [options][name]

The options of the LSOF command are flags used to specify the file-related information to be displayed. These options typically include the filename, process ID, username, or IP address of the network file (IPv4, IPv6). By selecting different options, the LSOF command can list the open files associated with these identifiers.

Use the LSOF command to monitor the port in real time

LSOF is usually preinstalled on many Linux systems. If your system does not have it installed, you may need to manually download and install an available package. You can check the installation of LSOF on your system and see the installed version by running the following command:

$lsof-v

It is important to note that to run LSOF commands with appropriate permissions, you may need to elevate to superuser privileges to obtain specific information about the process and network connections, and you may need to use "sudo" with administrator privileges. Execute this command.

List network files

When you run the LSOF command with the "-i" option, it will display information about processes that have network connections, such as listening sockets or established connections.

$lsof-i

The previous command displays information about the process name (COMMAND), process ID (PID), user (USER), file descriptor (FD), connection type (TYPE), local and remote addresses, and connection status. You should see the following output:

List TCP connections

You can filter the output based on specific criteria, such as specific types of connections or ports. For example, you can use "lsof --itcp" to list only processes associated with TCP connections.

$lsof—i tcp: 1—1024

The previous command filters information about processes opening TCP connections within the specified port range 1 to 1024. This is useful for identifying which processes are using well-known ports associated with public services.

Real-time monitoring of specific ports

Using LSOF, you can monitor specific ports in real time. For example, you want to monitor processes related to "HTTP" on port 80, which is updated every 3 seconds. To do this, use the following command to monitor port 80 in real time:

$lsof—i：80—r3

Real-time monitoring of SSHD port 22

To monitor all SSHD connections running on port 22, run the following command:

$sudo lsof -i:22-r3

This command continuously monitors and displays real-time information about network connections on port 22 every 3 seconds. This is especially useful for tracking changes that occur in real time, such as new SSH connections or disconnections.

Real-time monitoring port range

To monitor the information of processes with open TCP connections in the specified port range 1 to 1024 in real time, you can use the following command:

$lsof-i tcp:1-1024-r3

Real-time monitoring of all ports

You can use the LSOF command to monitor all network connections in real time. For example, you want to run monitoring continuously and display real-time information about network connections every 5 seconds.

$lsof—i—r5

The following output includes real-time details of the process and its associated network sockets, every 5 seconds:

Similarly, you can also use the LSOF command to monitor only "established" connections:

$lsof—i—E—r10

in conclusion

In this tutorial, we learned how to monitor ports in real time using the LSOF command. This command can also help system administrators and other Linux users monitor network connections, including all active or open ports. We hope this guide will help you understand how to use the LSOF command with different options and monitor different ports and processes in real time.

The above is the detailed content of How to use LSOF to monitor ports in real time. For more information, please follow other related articles on the PHP Chinese website!