YouTube
YouTube
System Information 3

Information Gathering in Linux | Part 3

Krish

Welcome back to our Linux Basics For Hackers series!
If you’ve been following along, in Part-2 we explored how to peek under the hood of Linux using commands like lsblk, lsusb, lspci, and lsof. Think of it as opening the bonnet of a car to check which engine parts are fitted where.

Now in this article System Information Part-3, we’re going to go even deeper into the world of Information Gathering in Linux. Why? Because before you can break (ethically!) into a system, you need to understand it. You wouldn’t attempt to pick a lock without first checking what kind of lock it is, right? Same with Linux.

So grab your coffee (I know I’ve got mine ☕) and let’s roll.

Table of Contents
[Open][Close]

Information Gathering in Linux – Why It Matters

In the world of cybersecurity, information is power. Every device connected, every file open, every process running—it all leaves clues. Hackers (ethical ones, of course) thrive on these clues.

Think of it this way: if a system is a house, then system information gathering is like walking around the house to see how many doors and windows it has, which ones are locked, and which ones might creak open.

The commands we’re about to explore aren’t just for show—they’re part of a hacker’s daily toolkit. Once you know them inside-out, you’ll never look at a Linux machine the same way again.

Working with lsblk – Block Devices

The lsblk command shows block storage devices—your hard drives, SSDs, partitions, USB drives, etc.

Run it simply as:

lsblk

You’ll see a neat tree-like structure showing your storage layout. Want more details? Try:

lsblk -f

This adds filesystem information (like ext4, swap, xfs). And if you want sizes in human-readable format:

lsblk -o NAME,SIZE,TYPE,MOUNTPOINT

That -o option is powerful—it lets you choose exactly which columns to display.

(Pro tip: combine it with grep later on to filter specific devices. We’ll talk about filtering in the next article 👀).

Exploring lsusb – USB Devices

Next up, USB devices. Plug in a pen drive and run:

lsusb

It’ll list all attached USB devices with IDs and names. But hackers don’t stop at the basics. Use:

lsusb -v

The -v flag gives a verbose output with detailed descriptors. Yes, it looks overwhelming, but once you know what you’re looking for—vendor IDs, device class—it’s pure gold.

And sometimes you don’t want the noise. So instead of all details, you could filter like this:

lsusb | grep "Bluetooth"

This is how you quickly check whether a USB Bluetooth dongle is being recognised or not.

Gathering PCI Information with lspci

The lspci command gives you details about PCI devices (network cards, graphics cards, etc.). Just type:

lspci

You’ll get a long list. If you’re a gamer or pentester who cares about GPUs and NICs, try:

lspci | grep -i ethernet
lspci | grep -i vga

Want an even more detailed report?

lspci -vvv

That’s three vs for “very very verbose.” It shows config space details like IRQ numbers, memory addresses, and driver info. Honestly, most people don’t need all of it daily—but as a hacker, knowing it’s there makes you feel like you’re peeking into the system’s DNA.

Checking Open Files with lsof

Now here’s where things get interesting. The lsof command lists open files. And remember, in Linux everything is a file—including network sockets, devices, and pipes.

So, when you run:

lsof

It’ll dump a massive list of files opened by processes. Too much? Narrow it down:

lsof -u root

This shows files opened by the root user. Or check which files a particular process is using:

lsof -p 1234

(where 1234 is a process ID).

One of my favourites:

lsof -i :80

This shows which process is using port 80 (your web server). Super handy if you’re troubleshooting or hunting for suspicious activity.

Connecting the Dots

Notice a pattern?

  • lsblk tells us about storage.
  • lsusb tells us about external devices.
  • lspci gives info about internal hardware cards.
  • lsof shows what’s actively being used.

Together, they give you a living snapshot of the system. Not just static information, but who’s doing what, and where.

And remember, in our next article (Filtering Content Part-1) we’ll learn how to make sense of this massive output using commands like more, less, head, and tail. Because what’s the use of all this information if you can’t filter and digest it?

FAQs on Information Gathering in Linux

Q1. Why is information gathering so important in ethical hacking?
Because without understanding the system, you’re just poking in the dark. Information gives you direction, helping you find weak points efficiently.

Q2. What’s the difference between lsblk and fdisk -l?
lsblk presents device information in a clean, tree-like structure. fdisk -l shows partition tables in detail but can feel cluttered. Both are useful depending on the situation.

Q3. Can lsof be dangerous to run?
Not dangerous, but it can generate a lot of output. On busy systems, it might feel like drinking water from a fire hose. That’s why filtering (grep, less) is key.

Q4. How do I find which process is using a specific port?
Run lsof -i :<port>. For example, lsof -i :22 will show you which process is handling SSH connections.

Q5. Do hackers really use these commands in real-world scenarios?
Absolutely. These are not just classroom examples. Pentesters, system admins, and yes, hackers use them every single day.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *