I still recall the line told to me when I started working as a Linux Sysadmin; “in Unix, everything is a file”. This includes socket files as well. Thus, one could use a utility like lsof to get network connection related information from the socket files. Usually, to get network related info, one would shoot netstat command; now you can lsof as well (^^,) …

Let’s dive a little into its usage.

We shall add the -i option to get network connection details.

Now, let’s see the various ways to fine-tune the output.

We can look for connections over specific ports, e.g lsof -i :443 displays all HTTPS connections.

Showing connections to a specific host, using lsof -i@ip_address.

Let’s find only established connections; lsof -i -sTCP:ESTABLISHED

Getting everything opened by a specific user, which could be an exhaustive list. Therefore recommended to pipe it for analysis; e.g lsof -u ish | less

Aww! The post can go on & on & on with the myriad options that come with <codelsof. For a full reference, just shoot man lsof.