lsof
lsof is a command meaning "list open files", which is used in many Unix-like systems to report a list of all open files and the processes that opened them. This open source utility was developed and supported by Victor A. Abell, the retired Associate Director of the Purdue University Computing Center. It works in and supports several Unix flavors.[2]
Original author(s) | Victor A. Abellre |
---|---|
Stable release | 4.93.2
/ 8 May 2019 |
Repository | github |
Written in | C |
Operating system | Linux and FreeBSD |
Platform | Cross-platform |
License | BSD license-compatible[1] |
Website | github |
Examples
Open files in the system include disk files, named pipes, network sockets and devices opened by all processes. One use for this command is when a disk cannot be unmounted because (unspecified) files are in use. The listing of open files can be consulted (suitably filtered if necessary) to identify the process that is using the files.
# lsof /var
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
syslogd 350 root 5w VREG 222,5 0 440818 /var/adm/messages
syslogd 350 root 6w VREG 222,5 339098 6248 /var/log/syslog
cron 353 root cwd VDIR 222,5 512 254550 /var -- atjobs
To view the port associated with a daemon:
# lsof -i -n -P | grep sendmail
sendmail 31649 root 4u IPv4 521738 TCP *:25 (LISTEN)
From the above one can see that "sendmail" is listening on its standard port of "25".
- -i
- Lists IP sockets.
- -n
- Do not resolve hostnames (no DNS).
- -P
- Do not resolve port names (list port number instead of its name).
One can also list Unix Sockets by using lsof -U
.
Lsof output
The lsof output describes:
- the identification number of the process (PID) that has opened the file;
- the process group identification number (PGID) of the process (optional);
- the process identification number of the parent process (PPID) (optional);
- the command the process is executing;
- the owner of the process;
- for all files in use by the process, including the executing text file and the shared libraries it is using:
- the file descriptor number of the file, if applicable;
- the file's access mode;
- the file's lock status;
- the file's device numbers;
- the file's inode number;
- the file's size or offset;
- the name of the file system containing the file;
- any available components of the file's path name;
- the names of the file's stream components;
- the file's local and remote network addresses;
- the TLI network (typically UDP) state of the file;
- the TCP state, read queue length, and write queue length of the file;
- the file's TCP window read and write lengths (Solaris only); and
- other file or dialect-specific values.
For a complete list of options, see the Lsof(8) Linux manual page [3]
See also
- fuser (Unix)
- stat (Unix)
- netstat
- strace
- List of Unix commands
References
- lsof FAQ, 1.9 Is there an lsof license?
- W. Richard Stevens; Bill Fenner; Andrew M. Rudoff (2003), Unix Network Programming: the Sockets networking API, Addison-Wesley Professional, ISBN 978-0-13-141155-5
- "lsof". Retrieved 16 July 2020.
External links
- Old site
- lsof-l mailing list
- mirror of legacy sources
- – Linux Administration and Privileged Commands Manual
- – Darwin and macOS System Manager's Manual
- Using lsof
- Lsof FAQ
- Sam Nelson's PCP script, an alternative to "lsof -i" for Solaris.
- Glsof is two separate utilities (Queries and Filemonitor) based on lsof.
- Sloth is a macOS graphical interface for lsof
- Manpage of LSOF