Get pid who comunnicate over COM1 - linux

Can I see PID who uses COM1 in Debian from start os and if can how ?
Is there any log file for this ?

The simple way is to simply:
$ fuser /dev/ttyS0
Note that this will only show processes from your own user, unless you're root.
The kernel does not directly log when processes open the serial port. There are a number of options if you need to log:
Periodically log the output of fuser /dev/ttyS0 or lsof /dev/ttyS0.
Restrict access to /dev/ttyS0 to a special-purpose user, and use sudo or some other gateway program to gain access to it. This will leave logs when the gateway program is invoked.

Related

How to monitor all network traffic from a specific process in linux?

I want to monitor and log all traffic that a specific process produces.
I know about tcpdump, but it seems it doesn't support filtering by process (pid/path, or at least user).
It there any other way to log all traffic from a process? Ideally I should be able to filter ports as well.
Thanks!
You should use strace command:
strace -o /tmp/network.out -e trace=network -fp <PID>

auditing opened/closed ports on Linux

Is there an auditing tool to check which and when ports are opened and closed on Linux?
My goal is to run my application and check its ports usage.
lsof or netstat don't fit because they just tell me which ports are currently opened, and looping on such command won't give me accurate results...
strace -f -e trace=bind mvn install
strace will displays the bind sytem call each time my application an the children processes open a port.

View tty used by applications

i want to control the TTYs (serial port )used by applications on my pc.
there is an applications that shows the status of each port by indicating the processes which are using?
Thanks a lot!
Try to use the command lsof.
lsof /dev/ttyX
To get the PID directly, use:
lsof -Fp /dev/ttyX

how does fuser report on sockets as non-root user?

I'm trying to use fuser to find the pids of processes I own which have certain TCP ports open.
In the fuser man page it says:
... The most common time this problem occurs is when looking for TCP or UDP sockets when running fuser as a non-root user. In this case fuser will report no access. ...
However, on my Ubuntu box, fuser does report sockets open for processes that I own, e.g.:
perl -MIO::Socket 'IO::Socket::INET->new(Listen => 10, LocalPort => 3000)' &
fuser -n tcp 3000
Question: how are things set up to allow this to happen? Is it a kernel config option?
Thanks!
Note: the question is: how are some linux distros configured so that fuser will report processes owning sockets when fuser is run as a normal user? One one Ubuntu distro "fuser -n tcp 3000" will report a process if I own the process, yet on another linux distro (I think Centos) it won't report the process even if I own it.
fuser goes through the /proc file system (proc(5)) working through the /proc/[pid]/fd/ directory and checking the file descriptors. Processes owned by you have corresponding /proc entries again owned by you. This allows you to check your processes, but not others.
One very useful tool to see what given program is doing is strace(1). For example, you can see what system calls, and with what arguments, are done by the fuser:
~$ strace fuser -n tcp 3000

Linux; How do I find logs if a program I'm running uses certain ports?

I am running CentOS 5 with csf firewall. I'm running a program that can't connect to another server (using some port that is blocked by csf I presume). Where is the log file for 'ports'?
Netstat is the command to use to get ports and network activity. To diagonise server processes I usually use:
netstat -tln
This yields port numbers in tcp mode listening. To identify associated processes you can also use -p to grab the pid. Here is the IANA ports list.
I found my answer right after searching a few more threads.
# tail -f /var/log/messages
Shows the UDP message but not the port.... Hmm....

Resources