Home
References :-
http://www.innovationsts.com/blog/?p=658
Back To Top
Home
lsof command will provide a list of all open files belonging to respective
active processes.
# lsof
COMMAND PID
USER FD TYPE
DEVICE SIZE/OFF NODE NAME
init 1
root cwd DIR 8,1
4096 2 /
init 1
root txt REG 8,1
124704 917562 /sbin/init
init 1
root 0u CHR
1,3 0t0 4369 /dev/null
init 1
root 1u CHR
1,3 0t0 4369 /dev/null
init 1
root 2u CHR
1,3 0t0 4369 /dev/null
init 1 root
3r FIFO 0,8 0t0
6323 pipe
...
Time to see the details about output obtained,
COMMAND:
- Name of process using a particular file
PID:
- Process ID using a particular file
USER:
- User name who has initiated the process/PID
DEVICE:
- Details of device which is using the particular file
SIZE/OFF:
- This is the size of the file or the file offset in bytes
NODE:
- This is the node number of a local file
NAME:
- This is the name of the mount point and file system on which the file resides
FD: -
Represents the file descriptor.
Some of the values of FDs are,
CWD – Current Working Directory
TXT – Text file
MEM – Memory mapped file
MMAP – Memory mapped device
NUMBER[r,w,u] – Represent the actual file descriptor. The character
after the number i.e ‘u’ or ‘r’ or ‘w’, represents the mode in which the file
is opened. r for read, w for write, u for read and write.
TYPE:
- Specifies the type of the file.
Some of the important values of TYPEs are as below reset can be
referred from MAN pages of lsof command,
REG – Regular File
DIR – Directory
FIFO – First In First Out
CHR – Character special file
IPv4 – An IPv4 socket file
IPv6 – An open IPv6 network file
sock – A socket of unknown domain
unix – A UNIX domain socket file
To get list processes which opened a specific file
# lsof
/var/log/syslog
To get list opened files under a directory
# lsof +D
/var/log/
+D will recurse the sub directories
# lsof +d
/var/log/
To not to recurs use ‘+d’ option.
To list opened files based on process names starting with
# lsof -c
ssh
# lsof -c
ssh -c init
To list processes using a mount point
# lsof /home
# lsof +D
/home/
To list files opened by a specific user
# lsof -u USERNAME
To list files opened by all users apart from a specific user
# lsof -u ^USERNAME
To list all open files by a specific process
# lsof -p
1753
To kill all process that belongs to a particular user
# kill -9
`lsof -t -u USERNAME`
To kill all process that belongs to a particular user
# kill -9
`lsof -t /var/log/syslog`
Combine more list options using OR/AND
When more than one list option in lsof are used they will be ORed
# lsof -u USERNAME
-c FILENAME
To make it ANDed condition ass –a at end
# lsof -u USERNAME
-c FILENAME -a
To execute lsof in repeat mode
# lsof -u USERNAME
-c FILENAME -a -r5
List all network connections
Network connections are also files. So we can find information about
them by using lsof. You can list all the network connections opened by using
‘-i’ option.
# lsof -i
To list IPv4 connections
# lsof –i4
To list IPv6 connections
# lsof –i6
To list all network files in use by a specific process
# lsof -i -a
-p 234
# lsof -i -a
-c ssh
To list processes which are listening on a particular port
# lsof -i
:25
To list all TCP or UDP connections
# lsof -i
tcp;
# lsof -i
udp;
To list connections against a particular TCP or UDP port
# lsof –I TCP:22
# lsof –I UDP:123
To list all Network File System ( NFS ) files
# lsof -N -u
USERNAME –a
To list open files of TCP Port ranges 1-1024
# lsof -i
TCP:1-1024
References :-
http://www.innovationsts.com/blog/?p=658
Back To Top
Home
No comments:
Post a Comment