One evident advantage this capability is security. For example, if a spyware or other malware program was sending information from your computer to the Internet or to a file on your hard disk, it would show up in the output of these commands.
lsof – list open files
This simple command often ran with no arguments, and does just what it says: lists every single open file by every program running at the time. The output of lsof typically looks like this:
In this case the output is too large, so the better way to redirect the output to some file for further analysis, use this command to redirect the output: lsof > output.txt and or filter it using various pipe commands.
Another example, if one wants to see if the special file (application) firefox is open by any processes, we run the following command: lsof | grep /usr/lib/firefox/firefox
list open network sockets (connections)
In addition to listing open files, lsof can list open network sockets (connections) when given the -i switch.
If you observe the output you can see the list of open connections made by different process/application to/from you local box