Socket Monitor

How to Install Linux Socket Monitor (LSM) on CentOS

Monitoring socket activity on a Linux server can be essential for debugging, performance analysis, and security auditing. One lightweight and efficient tool for this task is the Linux Socket Monitor (LSM) — a utility designed to capture, filter, and log socket-level activity in real-time.

In this guide, we’ll walk you through how to install and run LSM on a CentOS system.


🧰 What Is Linux Socket Monitor (LSM)?

LSM (Linux Socket Monitor) is an open-source C-based utility that hooks into the Linux kernel using Netlink sockets to monitor TCP and UDP socket events.

It provides real-time insights into:

  • New socket creation
  • Socket closures
  • Bind/listen/connect calls
  • Network activity across applications

✅ Prerequisites

Before proceeding, ensure that your environment meets the following:

  • CentOS 7 or 8 (Stream versions also supported)
  • Root or sudo privileges
  • Development tools installed (GCC, make)
  • git installed

🔧 Step 1: Update System Packages

Update all system packages to the latest versions:

bashCopyEditsudo yum update -y

🔨 Step 2: Install Required Dependencies

Install essential build tools:

bashCopyEditsudo yum groupinstall "Development Tools" -y
sudo yum install git ncurses-devel -y

📥 Step 3: Clone the LSM GitHub Repository

bashCopyEditgit clone https://github.com/nickclark120/lsm.git
cd lsm

Note: If the official repo moves or forks, adjust the URL accordingly.


⚙️ Step 4: Compile LSM

Once inside the cloned directory, run:

bashCopyEditmake

This compiles the lsm binary using gcc.

If compilation succeeds, you’ll see an lsm executable in the directory.


🚀 Step 5: Run LSM

You can now run the Linux Socket Monitor:

bashCopyEditsudo ./lsm

You’ll see real-time output of socket activity, like:

csharpCopyEdit[PID:1234] nginx opened socket -> 192.168.1.10:443 (TCP)
[PID:5678] sshd closed socket -> 192.168.1.101:22 (TCP)

🧪 Optional: Filter by Process or Protocol

LSM supports runtime filtering. Some example flags:

  • Show only TCP connections: bashCopyEditsudo ./lsm -t
  • Show only a specific process: bashCopyEditsudo ./lsm -p nginx
  • Show UDP activity only: bashCopyEditsudo ./lsm -u

📁 Step 6: Make LSM Available System-Wide (Optional)

To make the binary globally accessible:

bashCopyEditsudo cp lsm /usr/local/bin/

Then you can run lsm from anywhere with:

bashCopyEditsudo lsm

📌 Use Cases for LSM

  • Monitor suspicious socket activity in real-time
  • Debug server applications and services
  • Profile network usage by app or process
  • Enhance SOC or incident response visibility

🧠 Final Thoughts

LSM is a powerful but lightweight tool for anyone interested in Linux network observability. It gives you deep visibility into how applications use the network stack — essential for performance tuning, security monitoring, and troubleshooting.

If you’re managing high-performance CentOS servers, using tools like LSM is a proactive way to maintain operational insight.


🌿 Secure & Monitor with Green Host

At GreenHost, we offer secure CentOS-based hosting environments with monitoring and hardening tools pre-configured. Let us help you deploy observability stacks that include tools like LSM, Netdata, Fail2Ban, and more.