USE LSOF TO FIND OPEN FILES AND PORTS

There's considerable value in tracking what files or ports are open,whether it's for everyday usage or security purposes. The Linux tool lsof, which stands for "LiSt Open Files," handles open files, network ports, and UNIX domain sockets. Most Linux distributions ship with lsof, but if yours doesn't, it can be downloaded here.

http://www-rcd.cc.purdue.edu/~abe/

When you try to unmount a filesystem and are denied with a Filesystem Busy message, use lsof to determine what process is holding onto the mountpoint. For example:

# /usr/sbin/lsof /mnt/cdrom

In this case, /mnt/cdrom is the mountpoint in question, and lsof will tell you if any processes have opened any files on that particular filesystem.

You can also use lsof to find open network connections by giving it the "-i" parameter. If you prefix this with an IP address, you can find all open network connections to or from the specific IP address or domain name. For instance:

# /usr/sbin/lsof -i@10.0.35.8

This command will display all open network connections to or from the IP address 10.0.35.8.

List all open TCP connections by using:

# /usr/sbin/lsof -i tcp

Normal users can use lsof to list all open files, but there are restrictions to the information they can obtain.