Buoys and gulls, I’d like to introduce the lsof command. Say that you were moving a whole bunch of files, and there was no indication of what file was currently being moved? lsof shows (lists) open files. For instance, if you were moving a bunch of files from directory sales, you could see exactly what was being touched by the OS:

[machine]# /usr/sbin/lsof | grep sales

Note that this *also* will show you if you can safely move a directory at a given moment, since it will show if anything is currently touching the files.

Another application for lsof is to grep for LISTEN:

[machine]# /usr/sbin/lsof | grep LISTEN

This will show what processes are listening for network connections. lsof -i might also work for you. One interesting thing about lsof, is that it is sometimes available unscathed even though a rootkit is installed on your machine.

You can get lsof here, but you may have problems if reverse DNS doesn’t work. Here are some mirror sites:

ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/lsof
ftp://ftp.cert.dfn.de/pub/tools/admin/lsof
ftp://ftp.cetis.hvu.nl/pub/lsof
ftp://ftp.crc.doc.ca/packages/lsof
ftp://ftp.fu-berlin.de/pub/unix/tools/lsof
ftp://ftp.sunet.se/pub/unix/admin/lsof
ftp://ftp.tau.ac.il/pub/unix/admin
ftp://ftp.tu-darmstadt.de/pub/sysadmin/lsof
ftp://ftp.tux.org/pub/sites/vic.cc.purdue.edu/tools/unix/lsof
ftp://ftp.uni-mainz.de/pub/misc/lsof
ftp://ftp.web.ad.jp/pub/UNIX/tools/lsof
ftp://gd.tuwien.ac.at/utils/admin-tools/lsof
ftp://sunsite.ualberta.ca/pub/Mirror/lsof
ftp://the.wiretapped.net/pub/security/host-security/lsof/
ftp://wuarchive.wustl.edu/packages/security/lsof