Using lsof to figure out which process is responsible for a particular network connection

It looks someone else has a more complete set of examples for lsof. His page can be found HERE.

Have you ever tried to track down what process or program is making a network connection on a Linux machine? Why would you do this? Say you have some dropped packets in your firewall logs coming from a Linux machine on your network (you do do outbound filtering don't you?) and you would like to track down the process on the offending machine.

Anyway, to cut to the chase:

lsof -i -P

Will show you processes have active network connections. The "-P" option does not do a lookup of port names, it just shows the port number.

You can specify a host name, port number, or protocol, or any combination thereof:

lsof -iTCP
lsof -i :22
lsof [email protected]:25