Can't tell whether lsof -i connections are coming in or going out


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Can't tell whether lsof -i connections are coming in or going out
# 1  
Old 03-03-2011
Can't tell whether lsof -i connections are coming in or going out

os x 10.6.6 ,GNU bash, version 3.2.48
I am working on a bash script that displays the IP address of the computer that I am connected to with skype. I have that working pretty well, but only because I know the incoming connection port skype uses.
I used lsof -i and grep for the port and application name

I am wondering how I can tell which connections are incoming and which are outgoing(or do they go both ways?). I see the -> ,but not any <- . Here is a portion of my lsof -i output:
Code:
COMMAND     PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
Mail        237  JOE   21u  IPv4 0x10d4b334      0t0  TCP 10.0.1.2:52726->vw-in-f109.1e100.net:imaps (ESTABLISHED)
Mail        237  JOE   23u  IPv4 0x1e120680      0t0  TCP 10.0.1.2:64309->qy-in-f109.1e100.net:imaps (ESTABLISHED)
Mail        237  JOE   29u  IPv4 0x221f16e0      0t0  TCP 10.0.1.2:63060->vx-in-f109.1e100.net:imaps (CLOSE_WAIT)
Mail        237  JOE   31u  IPv4 0x0d708304      0t0  TCP 10.0.1.2:58581->qw-in-f109.1e100.net:imaps (ESTABLISHED)
Dropbox     181  JOE  25u  IPv4 0x1b6e8aec      0t0  TCP 10.0.1.2:58310->174.36.30.27-static.reverse.softlayer.com:http (ESTABLISHED)

I'm pretty sure I'm missing something. Thanks for any suggestions
# 2  
Old 03-03-2011
TCP connections do communicate in both directions.

If you're wondering which server initiated the connection(i.e. did you connect to them, or they to you?) you can check the port number. Connections you created to something else should have random, high port numbers between 32768 and 65535 on your end of the connection, and low port numbers on their end. (http is port 80, imaps is 993 -- you'll find the names in /etc/services).

So it looks like you initiated all these connections, some to websites, some to email.
This User Gave Thanks to Corona688 For This Post:
# 3  
Old 03-03-2011
Thanks for the quick reply. I am using the Skype incoming port to filter the output of lsof(in my script) I guess it doesn't matter who started the connection, just that it is active. since TCP connections do communicate in both directions. Here are a couple examples from skype. I didn't connect to anyone here, but these are the servers it connects to automatically when it starts up:


Quote:
lsof -i | egrep ESTABLISHED| grep Skype
Skype 26591 JOE 63u IPv4 0x22fcaaec 0t0 TCP 10.0.1.2:54185->c-68-84-136-243.hsd1.md.comcast.net:31388 (ESTABLISHED)
Skype 26591 JOE 68u IPv4 0x221f4274 0t0 TCP 10.0.1.2:54186->213.146.189.201:12350 (ESTABLISHED)

Last edited by chancho; 03-03-2011 at 03:26 AM.. Reason: more info
# 4  
Old 03-03-2011
Skype is an evil little thing when it comes to network security. Since it might be used in very restricted environments it keeps a list of public accessible servers to route calls through, and receives an updated list each time it connects. So those are probably the connections you're seeing.
This User Gave Thanks to pludi For This Post:
# 5  
Old 03-03-2011
Thanks pludi
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Lsof command

Hi, I am trying to find the files in a specific directory that are currently in open state. I need this information to archive the old files that are not active in the directory. I get the following output when I try the command $ lsof +d '/var/tmp/'|awk '{print $9}'|sort -u NAME... (1 Reply)
Discussion started by: ryzen7
1 Replies

2. OS X (Apple)

Lsof output

This is abridged lsof output from my safari process: Safari 13063 owner 9u unix 0x982ef3b9c1be1293 0t0 ->0x982ef3b9b7534eab Safari 13063 owner 10u unix 0x982ef3b9c1be0933 0t0 ->0x982ef3b9c1be1423 Safari 13063 owner 11u unix 0x982ef3b9c1be1423 ... (1 Reply)
Discussion started by: sakurashinken
1 Replies

3. HP-UX

lsof in HP-UX

In Linux and Solaris lsof accepts the -X switch which allows to see if deleted files are still in use and eat disk space. In HP-UX it is now working and it is a problem... today one of my filesystems on the server was increasing very fast but existing file sizes were not really changing. lsof shows... (3 Replies)
Discussion started by: Vorb
3 Replies

4. UNIX for Dummies Questions & Answers

about lsof

Hi, I typed lsof -i :80 in my putty but i am not able to get sockets related to port 80 Can any one help me out soon Can anyone point out the reason for not able to get the related sockets Output of what i am getting in my putty is displayed below training@use:~> lsof -i :80... (4 Replies)
Discussion started by: satheeshkr_cse
4 Replies

5. UNIX for Dummies Questions & Answers

lsof

I'm looking to list all of the files open at a certain time up on a UNIX box. From looking on the internet, it looks as though lsof is the most common. However have tried this and got the following: ksh: lsof: not found Now having gone into bash mode and hit tab twice I see that lsof... (3 Replies)
Discussion started by: meevagh
3 Replies

6. HP-UX

lsof on HPUX 11.23

Hey Guys... I am looking for lsof by HPUX 11.23 . Could someone said me where can download it? Thanks in Advance. ANGEL GADEA (3 Replies)
Discussion started by: aggadtech08
3 Replies

7. Shell Programming and Scripting

lsof in solaris

Hi .. I have written a cronjob to invoke a script that would transfer files based on some criteria. Consider folders A and B. Say I FTP a large file to A. Before the file gets fully transfered say the cronjob gets invoked. The script will move the file before its fully transfered. To detect... (1 Reply)
Discussion started by: champak
1 Replies

8. UNIX for Dummies Questions & Answers

lsof ???

Hi All, I'm having a problem with "lsof" in HP-UX system. Its giving me 2 two different results when running it. 1 . lsof -p 'PID' | wc -l -----gives some value 2 . lsof | grep 'PID' | wc -l The above two commands gives me two different values with the same PID...... Thanks (6 Replies)
Discussion started by: marc
6 Replies

9. AIX

command lsof

hello Sorry but i don't understand very well the lsof command with the man. Can you explain to me what is the use of this command ? thank you (2 Replies)
Discussion started by: pascalbout
2 Replies

10. Filesystems, Disks and Memory

lsof

Could someone please give me a step for a hint on which version and where is the above utility is for version 4.3.3.0 of Aix. (1 Reply)
Discussion started by: jacl
1 Replies
Login or Register to Ask a Question