Linux Command – lsof – will do more than you think

The lsof command will show you more than just a bunch of open files and is especially handy for network connections and troubleshooting network components of Linux. For example these commands below are very handy:

Show files open in my home directory:

[email protected]:~$ lsof /home/keith/
COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF   NODE NAME
bash    19661 keith  cwd    DIR    8,1     4096 720925 /home/keith
lsof    22323 keith  cwd    DIR    8,1     4096 720925 /home/keith
lsof    22324 keith  cwd    DIR    8,1     4096 720925 /home/keith

Show all network connections:

[email protected]:~$ sudo lsof -i
COMMAND     PID     USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
portmap     789   daemon    4u  IPv4    3260      0t0  UDP *:sunrpc
portmap     789   daemon    5u  IPv4    3265      0t0  TCP *:sunrpc (LISTEN)
rpc.statd   800    statd    4u  IPv4    3286      0t0  UDP *:976
rpc.statd   800    statd    6u  IPv4    3295      0t0  UDP *:32967
rpc.statd   800    statd    7u  IPv4    3298      0t0  TCP *:55049 (LISTEN)
rsyslogd    936     root    1u  IPv4    3473      0t0  TCP *:shell (LISTEN)
rsyslogd    936     root    2u  IPv6    3474      0t0  TCP *:shell (LISTEN)
rsyslogd    936     root    3u  IPv4    3418      0t0  UDP *:syslog
rsyslogd    936     root    4u  IPv6    3419      0t0  UDP *:syslog
rsyslogd    936     root   17u  IPv4  679884      0t0  TCP rockhopper.winnet.kdp:shell->stingray.winnet.kdp:35011 (ESTABLISHED)
sshd       1095     root    3u  IPv4    3667      0t0  TCP *:ssh (LISTEN)
sshd       1095     root    4u  IPv6    3669      0t0  TCP *:ssh (LISTEN)
mysqld     1205    mysql   10u  IPv4    3759      0t0  TCP localhost:mysql (LISTEN)
----- Cut for article length purposes-----

Show SSH connections only:

[email protected]:~$ sudo lsof -i :22
COMMAND   PID  USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
sshd     1095  root    3u  IPv4    3667      0t0  TCP *:ssh (LISTEN)
sshd     1095  root    4u  IPv6    3669      0t0  TCP *:ssh (LISTEN)
sshd    19658  root    3r  IPv4 5825646      0t0  TCP rockhopper.winnet.kdp:ssh->saratoga.winnet.kdp:56052 (ESTABLISHED)
sshd    19660 keith    3u  IPv4 5825646      0t0  TCP rockhopper.winnet.kdp:ssh->saratoga.winnet.kdp:56052 (ESTABLISHED)

Show the PID components of the above SSH connection:

[email protected]:~$ sudo lsof -p 19658
COMMAND   PID USER   FD   TYPE             DEVICE SIZE/OFF    NODE NAME
sshd    19658 root  cwd    DIR                8,1     4096       2 /
sshd    19658 root  rtd    DIR                8,1     4096       2 /
sshd    19658 root  txt    REG                8,1   475896  681272 /usr/sbin/sshd
sshd    19658 root  DEL    REG                0,4          5825676 /dev/zero
sshd    19658 root  mem    REG                8,1    15552 1098139 /lib/security/pam_limits.so
sshd    19658 root  mem    REG                8,1     9400 1098143 /lib/security/pam_mail.so
sshd    19658 root  mem    REG                8,1     5784 1098145 /lib/security/pam_motd.so
sshd    19658 root  mem    REG                8,1     6600 1098147 /lib/security/pam_nologin.so
sshd    19658 root  mem    REG                8,1     4720 1098148 /lib/security/pam_permit.so
sshd    19658 root  mem    REG                8,1     4328 1097917 /lib/security/pam_deny.so
sshd    19658 root  mem    REG                8,1    57664 1098164 /lib/security/pam_unix.so
sshd    19658 root  mem    REG                8,1    12760 1098127 /lib/security/pam_env.so
sshd    19658 root  mem    REG                8,1    22928 1098125 /lib/libnss_dns-2.11.2.so
sshd    19658 root  mem    REG                8,1    47616 1098105 /lib/libnss_files-2.11.2.so
sshd    19658 root  mem    REG                8,1    43552 1098102 /lib/libnss_nis-2.11.2.so
sshd    19658 root  mem    REG                8,1    31616 1098115 /lib/libnss_compat-2.11.2.so
sshd    19658 root  mem    REG                8,1   131260 1098109 /lib/libpthread-2.11.2.so
sshd    19658 root  mem    REG                8,1    80712 1097777 /lib/libresolv-2.11.2.so
sshd    19658 root  mem    REG                8,1     8528 1097782 /lib/libkeyutils.so.1.3
sshd    19658 root  mem    REG                8,1    32016 1163265 /usr/lib/libkrb5support.so.0.1
sshd    19658 root  mem    REG                8,1   155744 1163267 /usr/lib/libk5crypto.so.3.1
sshd    19658 root  mem    REG                8,1    14696 1098107 /lib/libdl-2.11.2.so
sshd    19658 root  mem    REG                8,1    89064 1098119 /lib/libnsl-2.11.2.so
----- Cut for article length purposes-----

Show files and connections that an application is using:

[email protected]:~$ sudo lsof -c rsyslog
COMMAND  PID USER   FD   TYPE             DEVICE SIZE/OFF       NODE NAME
rsyslogd 936 root  cwd    DIR                8,1     4096          2 /
rsyslogd 936 root  rtd    DIR                8,1     4096          2 /
rsyslogd 936 root  txt    REG                8,1   328248     683058 /usr/sbin/rsyslogd
rsyslogd 936 root  mem    REG                8,1    90504    1097732 /lib/libgcc_s.so.1
rsyslogd 936 root  mem    REG                8,1    80712    1097777 /lib/libresolv-2.11.2.so
rsyslogd 936 root  mem    REG                8,1    22928    1098125 /lib/libnss_dns-2.11.2.so
rsyslogd 936 root  mem    REG                8,1    18144     696698 /usr/lib/rsyslog/lmnsd_ptcp.so
rsyslogd 936 root  mem    REG                8,1   530736    1098118 /lib/libm-2.11.2.so
rsyslogd 936 root  mem    REG                8,1    35104    1098122 /lib/libcrypt-2.11.2.so
rsyslogd 936 root  mem    REG                8,1  2226144     682562 /usr/lib/libmysqlclient.so.16.0.0
rsyslogd 936 root  mem    REG                8,1     9120     696353 /usr/lib/rsyslog/ommysql.so
rsyslogd 936 root  mem    REG                8,1    43552    1098102 /lib/libnss_nis-2.11.2.so
rsyslogd 936 root  mem    REG                8,1    89064    1098119 /lib/libnsl-2.11.2.so
rsyslogd 936 root  mem    REG                8,1    31616    1098115 /lib/libnss_compat-2.11.2.so
rsyslogd 936 root  mem    REG                8,1    21992     696700 /usr/lib/rsyslog/lmtcpsrv.so
rsyslogd 936 root  mem    REG                8,1    13344     696705 /usr/lib/rsyslog/lmnetstrms.so
rsyslogd 936 root  mem    REG                8,1     9144     696704 /usr/lib/rsyslog/imtcp.so
----- Cut for article length purposes-----

Show what a user is running:

[email protected]:~$ sudo lsof -u keith
COMMAND   PID  USER   FD   TYPE             DEVICE SIZE/OFF    NODE NAME
sshd    19660 keith  cwd    DIR                8,1     4096       2 /
sshd    19660 keith  rtd    DIR                8,1     4096       2 /
sshd    19660 keith  txt    REG                8,1   475896  681272 /usr/sbin/sshd
sshd    19660 keith  DEL    REG                0,4          5825676 /dev/zero
sshd    19660 keith  mem    REG                8,1    15552 1098139 /lib/security/pam_limits.so
sshd    19660 keith  mem    REG                8,1     9400 1098143 /lib/security/pam_mail.so
sshd    19660 keith  mem    REG                8,1     5784 1098145 /lib/security/pam_motd.so
sshd    19660 keith  mem    REG                8,1     6600 1098147 /lib/security/pam_nologin.so
sshd    19660 keith  mem    REG                8,1     4720 1098148 /lib/security/pam_permit.so
sshd    19660 keith  mem    REG                8,1     4328 1097917 /lib/security/pam_deny.so
----- Cut for article length purposes-----

For more info see the MAN page or view it here:
http://www.netadmintools.com/html/lsof.man.html

Wikipedia –  http://en.wikipedia.org/wiki/Lsof

 

 

More Cool Linux Network Utilities

IPTstate and PKTstat are some new Linux networks tools that I’ve discovered on a blog post at Linuxaria here is what they do and how to install them.

IPTstate displays information held in the IP Tables state table in real-time in a top-like format.  Output can be sorted by any field, or any field reversed. Users can choose to have the  output  only  print once  and  exit,  rather  than the top-like system. Refresh rate is configurable, IPs can be resolved to names, output can be formatted, the display can be filtered, and color coding are among some of the many features.

Installation and usage:

sudo aptitude install iptstate

Run it with basic no options and it will provide you with network connections and state:

sudo iptstate

You should see something like this:

 

Some command line options:

COMMAND-LINE OPTIONS       -c, --no-color              Toggle color-code by protocol
-C, --counters              Toggle display of bytes/packets counters
-d, --dst-filter IP              Only show states with a destination of IP Note, that this must be an IP, hostname matching is not  yet supported.
-D --dstpt-filter port              Only show states with a destination port of port
-h, --help              Show help message
-l, --lookup              Show hostnames instead of IP addresses
-m, --mark-truncated              Mark truncated hostnames with a '+'
-o, --no-dynamic              Toggle dynamic formatting
-L, --no-dns              Skip outgoing DNS lookup states
-f, --no-loopback              Filter states on loopback
-p, --no-scroll              No scrolling (don't use a "pad"). See SCROLLING AND PADS for more information.
-r, --reverse              Reverse sort order
-R, --rate seconds              Refresh rate, followed by rate in seconds. Note that this is for statetop mode, and not  applicable for single-run mode.
-1, --single              Single run (no curses)
-b, --sort column
This determines what column to sort by. Options:
S Source Port
d Destination IP (or Name)
D Destination Port
p Protocol
s State
t TTL
b Bytes
P Packets
To sort by Source IP (or Name), don't use -b. Sorting by bytes/packets is only available for kernels that support it, and only when compiled against libnetfilter_conntrack (the default).
-s, --src-filter IP
Only show states with a source of IP. Note, that this must be an IP, hostname matching is not yet  supported.
-S, --srcpt-filter port
Only show states with a source port of port
-t, --totals
Toggle display of totals

pktstat program displays a real-time summary of packet activity on an interface. Each line displays the data rate associated with different classes of packets.

Installation and usage:

sudo aptitude install pktstat

Run it with basic no options and it will provide you with network connections and state:

sudo pktstat

You should see something like this:

Some command line options:

-B Display data rates in bytes per second (Bps) instead of in bits per second (bps).
-F Show full hostnames. Normally, hostnames are truncated to the first component of their domain name before display.
-i interface Listen on the given interface. If not specified, a suitable interface is chosen.
-n Do not try and resolve hostnames or service port numbers.
-p Show packet counts instead of bit counts.
-P Do not try to put the interface into promiscuous mode.
-t "Top" mode. Sorts the display by bit count (or packet count if -p was given) instead of by the name.
-T Show bit (byte) totals for flows.
-w waittime Refresh the display every waittime seconds. The default is 5 seconds.

 

How to connect an ESXi host to iSCSI target

For test labs or a VM test server environment it’s probably cheaper and easier to use an iSCSI device or create a shared storage on the cheap with a OpenSource NAS device such as FreeNAS with iSCSI or a WS2008R2 with a iSCSI software target which you can download for free.

Then you can connect your ESXi host up to the iSCSI storage device, follow these steps and screenshots on the TechRepublic Website

 

Network UPS Tools

If you have a UPS and not happy with the monitoring shutdown features of the software that it came with or need to get it working with Linux or other Unix based OS then Network UPS Tools website and utilities is a must.

The primary goal of the Network UPS Tools (NUT) project is to provide support for Power Devices, such as Uninterruptible Power Supplies, Power Distribution Units and Solar Controllers.

NUT provides many control and monitoring features, with a uniform control and management interface.

More than 100 different manufacturers, and several thousands models are compatible.

This software is the combined effort of many individuals and companies.

 

Remove Win7 and WS2008 R2 SP1 Backup Files

The process of deleting the Service Pack backup files is the same in both Windows 7 and Windows Server 2008 R2.  Deleting the SP1 backup files will reclaim about 540MB on the system drive for Windows 7, and about 1.3GB for Windows Server 2008 R2.

  • Click the Start button and type cleanup in the search bar to run the Disk Cleanup utility.
  • Scroll through the list of Files to Delete, and select Service Pack Backup Files.
  • Click OK to delete the Service Pack 1 backup files.  This will take a few moments.

From the command line you can issue this:

DISM /Online /Cleanup-Image /SPSuperseded

 

Export VMware Workstation Machine into VirtualBox

I’ve started to use Virtual box on my client machines and needed to export some machines from VMware Workstation into VirtualBox, here is a great blog post on how to do this:

http://blogs.sun.com/fatbloke/entry/moving_a_vmware_vm_to

A quick summary is that you basically export the machine from VMware as a OVF file and then import this into Virtualbox, but you do need to first remove VMware Tools and some hardware devices in some cases.

Here is another post that I found useful as well:
http://www.sysprobs.com/export-vmware-virtual-machine-ovf-import-virtualbox

 

Move window buttons back to the right in Ubuntu

The buttons are in the old location on all default themes apart from Ambiance,Radiance and Dust, If you still want the Ambiance ,Radiance or Dust theme but with buttons on the right, choose one of those other themes and use the Customize button to achieve what you want. e.g.

  1. System > Preferences > Appearance
  2. Select the theme icon “New Wave”
  3. Click the button “Customize..”
  4. Select tab “Controls” and select “Ambiance”
  5. Select tab “Window border” and select “Ambiance”
  6. Select tab “Icons” and scroll down and select “Ubuntu-mono-dark”
  7. Select “Save Theme” to your choice.Using gconf-editor is not the right approach as this could bork future themes. This change makes it easier for themes to do interesting things with window borders. Unfortunately, if the wrong approach spreads, they won’t be able to do that.