2015-09-21 (last updated at July 13th, 2018) Michael BoelenNetwork Leave a comment

Which Linux process is using a particular network port?

Most network related services have to open up a network socket, so they can start listening for incoming network requests. It is common to find the TCP or UDP being used as the main communication protocol. In this article, we will check what ports are used by which Linux process. Auditing processes and network services Find out what process is listening to a port Only one process can actively listen to a TCP or UDP port. We usually only discover […]

2015-07-06 Michael BoelenAuditing, Performance Leave a comment

The ultimate strace cheat sheet

Strace cheat sheet The strace utility is very powerful to learn what a new or running process is doing. Due to its diversity of monitoring options, the tool is less accessible at first. This strace cheat sheet helps with getting the best out of this tool. Normally cheat sheets come in a single 1 page PDF. In this case, we combined it all within a blog post. First section shows an explanation per area, the bottom of the post contains […]

2015-07-03 Michael BoelenAuditing, Kernel, Software, System Administration 2 comments

Monitor file access by Linux processes

Process Auditing: Disk and File Activity Processes are the running workforce on a Linux system. Each process has a particular goal, like forking child processes, handling incoming user requests of monitoring other processes. As a system administrator or IT auditor, you might want to know at some point what disk activity occurs in a process. In this article, we have a look at a few options to quickly reveal what is occuring in a process, including disk and file activity. Monitor syscalls […]