See a suspicious IP on your box and wonder what it’s doing? Here’s a one-liner that will list the files that IP is accessing:

# lsof -p $(netstat -npat | gawk ‘$5 ~ /127.0.0.1/ {print $7}’ | cut -d”/” -f1 | tail -n1)

Leave a Reply