This is a simple one, but I’ve not used it much before today.

You can use lsof on a linux box to find out what’s connected to what over the network.

In this case, we’d implemented a new ldap server, and it’s address had changed, I was attempting to determine what was still connecting to the old ldap server on a given linux system.

Netstat showed:

[root@someserver ~]# netstat -a | grep ldap0
tcp        0      0 someserver.some.domain:40201  ldap0.some.domain:ldap    ESTABLISHED
tcp        0      0 someserver.some.domain:40203  ldap0.some.domain:ldap    ESTABLISHED
tcp        0      0 someserver.some.domain:40202  ldap0.some.domain:ldap    ESTABLISHED

But what’s actually connecting?

lsof to the rescue.

[root@someserver ~]# lsof -iTCP | grep ldap0
ntpd       3837     ntp    4u  IPv4   12318       TCP someserver.some.domain:40202->ldap0.some.domain:ldap (ESTABLISHED)
mysqld     3921   mysql    3u  IPv4   12285       TCP someserver.some.domain:40201->ldap0.some.domain:ldap (ESTABLISHED)
xfs        4032     xfs    3u  IPv4   12549       TCP someserver.some.domain:40203->ldap0.some.domain:ldap (ESTABLISHED)

Once I identified what was hanging on to the old address, I just restarted those services.