Comparing lsof and nmon Tools in Kali Linux Environment

Verified

Added on 2021/06/16

AI Summary

This presentation provides a comparative analysis of the lsof and nmon tools within the Kali Linux environment. The assignment begins by introducing lsof, a command-line utility used to list information about files opened by processes. It details the use of lsof to find files opened by specific users, identify IPv4 and IPv6 connections, locate files used by processes with specific PIDs, and find files within a certain directory, along with monitoring TCP and UDP connections. The presentation then introduces nmon, a system monitoring tool that displays real-time resource usage, including CPU, memory, network, and disk I/O. It covers the installation and execution of nmon, explaining how to interpret its output for CPU performance, memory utilization, top processes, virtual memory status, NFS statistics, and file system stats. The presentation also discusses how nmon can collect and analyze data over time. The goal is to provide a clear understanding of the functionality and application of both lsof and nmon for system administrators and security professionals in a Kali Linux environment.

[After your introduction and greeting]
For this presentation we are going to compare the functionalities of “lsof” and
“nmon” tools in the kali Linux environment. This command is used in order to list all the
information about all the opened files used by the various processes in the OS. In case of
Linux OS, everything is considered as a file whether it is a pipe, directories, socket, devices,
and so on.
lsof tool
The tool lsof is used to get the list of the opened files used by the different processes
in Linux environment.
In order get this tool in Linux environment, we need to use the sudo apt-get install
lsof.
Execution of simple lsof command shows a long list of opened files by the processes or users
of the system. some of these files are extracted for better understanding. This listing displays
the related data under the columns like PID, USER, FD, TYPE as depicted in the following
screen,

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

As there are multiple FDs (File descriptors for the open files) following are the abbreviations
that are used for descriptors.
FD –> File descriptor:
cwd: current working directory
rtd: root directory
txt: program text (code and data)
mem: memory-mapped file
Again, the TYPE of the files are provided in the listing, which are,
CHR – Character special file.

DIR – Directory
FIFO – First in First Out
REG – Regular file
Finding out the files opened by a specific user:
While managing the servers we can also find out the files that are opened by some specific
user,
The command for this is
lsof –u <username>
here we have used the user “colord” and tried to find out the files opened by in operating
system.
lsof –u colord
following is the screenshot for the execution of this command,

Using the lsof tool, we can also find out the list of IPv4 and IPv6 using the commands,
lsof –i 4
lsof –i 6
following is the screenshot of the execution of the command in the Kali Linux environment.
Finding processes with PID
The lsof is also useful in case of finding out the files used by some specific process with a
specific PID, following is the list of all processes that has the PID 200;
Used command: lsof -p 200

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Finding out the files opened under certain directory
Here we can also identify the files that resides under a certain directory in the OS after which
the access can be restricted to secure the files under it.
Used command is: lslof +D /dev/input
In this program we tried to find out the files opened under the directory, /dev/input.

At the end in order to secure the access to the networks of the system in order monitor the
data traffic we can find out the active TCP and UDP connections using the lsof command
with its optional arguments “–i tcp” and “-i udp”
Following is the screen shot of the execution of this commands,

In this screenshot as we are not using any TCP connection thus execution of the
Lsof –I tcp does not provide any output whereas provides the details of UDP connection as
we are connected through a UDP connection.
nmon tool
The nmon tool is very helpful in monitoring the I/O usage and display the usage in a
tabular form. This administrator tool provides a enormous amount of important system
performance related information with just one go after installing a single binary package on
Linux platforms.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

This is a tool that works as a utility tool for as an administrator tuner. This is a
benchmark tool to display performance data about the resources of system which are listed
below,
 Memory utilization
 CPU performance
 power micro-partition
 Network
 nfs
 disks I/O
 top processes
 file systems
if the terminal prompts with error when the nmon command is executed, In order to get this
tool, on the LIux platform we have used the following command
sudo apt-get install nmon
after installation of the nmon the execution of the command prompts with the following
screen ass depicted below,

On this prompt when the keys are pressed to get the details we will get the following
statistics,
For the CPU usage,
Use of Key “C” to get the performance of CPU at the instant

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

For the complete list of resources, the key “m” is used
In order to find out the top processes in the operating system we can use the option “t”

Here, in the above screen shot we can see the top processes on the system are with PID’s
1061, 933, 4432, 5209 which are mainly shell process, terminal processes and system
daemon.
With the option “V” we can get the result about the virtual memory status of the system in
order to get statistics about the utilization of the virtual memory.
In order to get the statistics about the NFS or the network file system, on the server we can
use the “N” command which will prompt the following screen with usage statistics

Again in order to get the file system stats about the system we can use the option “j” after
running the nmon command on the terminal.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

The nmon tool also provides a way to collect the data for different resources of the operating
system and analyse them at later period of time. For this the command to be used is,
nmon -f –s 5 -c 20.