"One of the most useful utilities you'll find on Linux and *nix
systems is lsof. Short for "list open files," the lsof utility can
help identify which files are being used by any given application,
which network ports are open, and much more.
"The lsof utility has all manner of useful applications. My
first serious application of lsof was hunting down rootkits and IRC
bots that were deployed on shared Linux servers. A process would
show up in top or ps aux, but the executable didn't seem to exist.
Using lsof, I could hunt down the scripts or executables used to
run the malware.
"You can do a lot with lsof, but let's focus on a couple of
basics for starters. If you run just lsof, it will attempt to show
all files (which includes network sockets, pipes and special files)
that are open."