From Electron Cloud
A shell script (watch-sockets):
#!/bin/sh
renice 10 $$
TMPFILE_LAST=`mktemp /tmp/temp.XXXXXX`
TMPFILE_CURRENT=`mktemp /tmp/temp.XXXXXX`
TMPFILE_DIFF=`mktemp /tmp/temp.XXXXXX`
LOGFILE=/var/log/socket.log
lsof -n -i -P | grep COMMAND
lsof -n -i -P | grep -v COMMAND > $TMPFILE_LAST
cp $TMPFILE_LAST $LOGFILE
while [ 1 ]
do
lsof -n -i -P | grep -v COMMAND > $TMPFILE_CURRENT
diff -b $TMPFILE_LAST $TMPFILE_CURRENT | grep " " > $TMPFILE_DIFF
if [ -s $TMPFILE_DIFF ]
then
lsof -n -i -P | grep -v COMMAND > $TMPFILE_LAST
echo `date +%k:%M:%S` >> $LOGFILE
cat $TMPFILE_DIFF >> $LOGFILE
date +%k:%M:%S
cat $TMPFILE_DIFF
fi
usleep 100000
done
Will log the initial sockets, and then any changes over time; also show the changes over time on stdout.
Here is another solution using netstat rather than lsof.