It
is a command line utility which is used to list the information about
the files that are opened by various processes. In linux, everything
is a file, ( pipes, sockets, directories, devices, etc.). So by using
lsof, you can get the information about any opened files.
COMMAND
- process name.
PID
- process ID
USER
- Username
FD
– Represents the file descriptor
- cwd – Current Working Directory
- txt – Text file
- mem – Memory mapped file
- mmap – Memory mapped device
- NUMBER – Represent the actual file descriptor. The character after the number i.e ’1u’, represents the mode in which the file is opened. r for read, w for write, u for read and write
TYPE – Specifies the type of the file.
- REG – Regular File
- DIR – Directory
- FIFO – First In First Out
- CHR – Character special file
DEVICE
- device number
SIZE
- file size
NODE
- node number
NAME
- full path of the name
- /proc/PID/cmdline : process arguments
- /proc/PID/cwd : process current working directory (symlink)
- /proc/PID/exe : path to actual process executable file (symlink)
- /proc/PID/environ : environment used by process
- /proc/PID/root : the root path as seen by the process. For most processes this will be a link to / unless the process is running in a chroot jail.
- /proc/PID/status : basic information about a process including its run state and memory usage.
- /proc/PID/task : hard links to any tasks that have been started by this (the parent) process.
Install
lsof service.
Yum install lsof*
1.List processes which opened a specific file
# lsof /var/log/syslog
2.List
opened files under a directory
#
lsof +D /var/log/
3.List
opened files based on process names starting with
# lsof -c ssh -c init
4.List
processes using a mount point
#
lsof /home
5.List
files opened by a specific user
#
lsof -u username
6.Sometimes
you may want to list files opened by all users, expect some 1 or 2.
In that case you can use the ‘^’ to exclude only the particular
user as follows
#
lsof -u ^username
7.List
all open files by a specific process
# lsof -p PID
8.List
all the users who are using a particular file
# lsof /bin/vi 9.Lists all processes that use the bash shell # lsof /bin/bash
10.Lists
all opened files that are not opened by the given user
#
lsof -u ^user
11.Process
list a la ps aux
#
lsof -d txt
12.Lists
all deleted files,that are still opened and use up disk space(files
with less than one link)
#
lsof +L1
Finding Network Connection
1.List
all network connections (You can also use ‘-i4′ or ‘-i6′ to
list only)
#
lsof -i
2.List
all network files in use by a specific process
#
lsof -i -a -p 234
OR
#
lsof -i -a -c ssh
3.List
processes which are listening on a particular port
#
lsof -i :25
4.List
all TCP or UDP connections
#
lsof -i tcp; lsof -i udp;
5.List
all Network File System ( NFS ) files
#
lsof -N -u username -a
6.Lists
all network files opened by the user www-data (boolean and with -a)
#
lsof -a -i -u www-data
7.Lists
all active connections
#
lsof -i|grep '\->'
No comments:
Post a Comment