List all public listening TCP/UDP ports:
lsof -iTCP -sTCP:LISTEN -P -n
netstat -n -l -p | awk '/UNIX domain/{exit} !/127\.0\.0\.1|:.* 0\.0\.0\.0/{print}'
List all currently-active TCP connections:
lsof -iTCP -sTCP:ESTABLISHED
lsof -Fn / | sed '/n/!d; s/^n//' | sort | uniq | xargs ls -1dF --
— list all currently-open files
inotifywaitstats /var/log
— gather statistics about frequently-updated log files
tree -fDrt /var/log
— list recently-updated log files
find /var/log -mmin -120 -type f | xargs ls -lrtF --
— list recently-updated log files
TODO — it might be nice to have something like service --status-all
that 1) uses ANSI colors to make it easier to skim, 2) works with both SystemV and systemd [2], 3) is also able to auto-magically figure out 3a) any uids dedicated to that service, 3b) public listening ports for that service, and 3c) maybe even uses lsof
to try to auto-magically determine top-level directories that might be used solely by that service. (TODO — any chance something like this exists already?)
ps auxf
— process tree
List basic info:
ls -ld /proc/9999/cwd
— get current working directoryls -l /proc/9999/exe
— show full path to the exe/script that's runningcat /proc/9999/cmdline
— show the cmdline that started itcat /proc/9999/environ | tr '\000' '\n'; echo
— show environment variableslsof -p 999
— list open files
TODO
: There's now a tool to record per-process information to tcpdump logs. Try this!