lsof

lsof is a command meaning "list open files", which is used in many Unix-like systems to report a list of all open files and the processes that opened them. This open source utility was developed and supported by Victor A. Abell, the retired Associate Director of the Purdue University Computing Center. It works in and supports several Unix flavors.[2]

lsof
Original author(s)Victor A. Abellre
Stable release
4.93.2 / 8 May 2019 (2019-05-08)
Repositorygithub.com/lsof-org/lsof
Written inC
Operating systemLinux and FreeBSD
PlatformCross-platform
LicenseBSD license-compatible[1]
Websitegithub.com/lsof-org/lsof 

Examples

Open files in the system include disk files, named pipes, network sockets and devices opened by all processes. One use for this command is when a disk cannot be unmounted because (unspecified) files are in use. The listing of open files can be consulted (suitably filtered if necessary) to identify the process that is using the files.

# lsof /var
COMMAND     PID     USER   FD   TYPE DEVICE SIZE/OFF   NODE NAME
syslogd     350     root    5w  VREG  222,5        0 440818 /var/adm/messages
syslogd     350     root    6w  VREG  222,5   339098   6248 /var/log/syslog
cron        353     root  cwd   VDIR  222,5      512 254550 /var -- atjobs

To view the port associated with a daemon:

# lsof -i -n -P | grep sendmail
sendmail  31649    root    4u  IPv4 521738       TCP *:25 (LISTEN)

From the above one can see that "sendmail" is listening on its standard port of "25".

-i
Lists IP sockets.
-n
Do not resolve hostnames (no DNS).
-P
Do not resolve port names (list port number instead of its name).

One can also list Unix Sockets by using lsof -U.

Lsof output

The lsof output describes:

  • the identification number of the process (PID) that has opened the file;
  • the process group identification number (PGID) of the process (optional);
  • the process identification number of the parent process (PPID) (optional);
  • the command the process is executing;
  • the owner of the process;
  • for all files in use by the process, including the executing text file and the shared libraries it is using:
    • the file descriptor number of the file, if applicable;
    • the file's access mode;
    • the file's lock status;
    • the file's device numbers;
    • the file's inode number;
    • the file's size or offset;
    • the name of the file system containing the file;
    • any available components of the file's path name;
    • the names of the file's stream components;
    • the file's local and remote network addresses;
    • the TLI network (typically UDP) state of the file;
    • the TCP state, read queue length, and write queue length of the file;
    • the file's TCP window read and write lengths (Solaris only); and
    • other file or dialect-specific values.

For a complete list of options, see the Lsof(8) Linux manual page [3]

gollark: I reaaaaally don't like the mixing of english and spanishorsomething.
gollark: Nest wheres until they can be nested no more.
gollark: ... you want the first element of each, or...?
gollark: The problem is simple: `(a, b)` matches a tuple, which your strings are not.
gollark: What IS this?!

See also

References

  1. lsof FAQ, 1.9 Is there an lsof license?
  2. W. Richard Stevens; Bill Fenner; Andrew M. Rudoff (2003), Unix Network Programming: the Sockets networking API, Addison-Wesley Professional, ISBN 978-0-13-141155-5
  3. "lsof". Retrieved 16 July 2020.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.