Linux check files are used by which programs occupy-fuser and Lsof

Fuser use: Identify processes using a file or file structure, that is, which processes in the query occupy the files, directories, devices, or sockets that have been developed;

Lsof

MTR

Fuser command

Purpose : Use a file or file structure to identify the process, that is: query which processes occupy the developed files, directories, devices or sockets;
Syntax :
fuser [-c|-d|-f] [-K] [-u] [-X] [-v] Files/directories/sockets/devices ...
description : The fuser command lists the process numbers for the local process, and those local processes use the local or remote files specified by the file parameter. For blocking special devices, this command lists the processes that use any file on the device.
Each process number follows a letter that indicates how the process uses the file.

C Use this file as the current directory.
E Use this file as an executable object for your program.
R Use this file as the root directory.
s uses this file as a shared library (or other loadable object).

The process number is written to the standard output (in a row with spaces between the process numbers). A newline character is written to the standard error (after the last output of each file operand). All other outputs are written to the standard error.
The fuser command does not detect a process with a mmap region where the associated file descriptor has been closed.

Tags :
-C contains a report about any open files in file system.
-D implies the-C and-X flags are used. Reports about any open files that are not linked to the file system (deleted from the parent directory). When used with the-v flag, it also reports the node number and size of the deleted file.
-F Reports only open instances of files.
-K sends the SIGKILL signal to each local process. Only the root user can terminate the process of another user.
-U provides the login name for the local process in parentheses after the process number.
-V provides verbose output.
-X is used with-C or-F to report executable and non-loaded objects other than standard fuse outputs.

Example :
To list the process number of a local process that uses the/etc/passwd file, enter:
Fuser-u/etc/passwd

To list the process number and user logon name of a process that uses the/etc/filesystems file, enter:
Fuser-u/etc/filesystems

To terminate all processes using the given file system, enter:
Fuser-k-x-u/dev/hd1-or-
Fuser-kxuc/home
Either command lists the process number and user name, and then terminates each process that is using the/DEV/HD1 (/home) file system. Only root users can terminate processes that belong to another user. If you are trying to remove the/dev/hd1 file system, and one is accessing/dev/ The process of the HD1 file system does not allow this, and you may want to use this command.

To list all processes that are using files (files that have been deleted from a given file system), enter:
fuser-d/usr file

The/DEV/KMEM is used for system images.
/dev/mem is also used for system mappings.

How do I use lsof?

In this article I will try to enumerate all the lsof I can think of, let's start with the simplest (perhaps you already know) and then gradually add complexity:

• List all open files

# lsof

Running lsof without any parameters lists all files opened by all processes.

• Find out who is using a file

# Lsof/path/to/file

Just execute the path to the file, Lsof will list all processes that use this file, you can also list multiple files, and lsof will list all the processes that use these files.

You can also make multiple files at once:

# Lsof/path/to/file1/path/to/file2

• Recursively find all open files in a directory

# lsof +d/usr/lib

In addition to the +d parameter, lsof recursively finds the specified directory, noting that this parameter is slower than the grep version:

# Lsof | grep '/usr/lib '

It is slow because +d first finds all the files and then outputs them once.

• List all files opened by a user

# lsof-u Pkrumins

The-u option only lists all files opened by the user pkrumins, and you can specify multiple users by commas:

# lsof-u Rms,root

This command lists all files opened by RMS and root users.

You can also do the same thing with multiple-u like this:

# lsof-u Rms-u Root

• Find all files opened by a program

# lsof-c Apache

The-c option qualifies only files opened with processes beginning with Apache:

So you don't have to write like this:

# Lsof | grep foo

Instead, use this shorter version:

# lsof-c Foo

In fact, you can just start by making the process name:

# lsof-c APA

This will list all the files opened by the process starting with APA

You can also create multiple-C parameters:

# lsof-c Apache-c python

This will list all files opened by Apache and Python

• List all files opened by a user or a process

# lsof-u Pkrumins-c Apache

You can also combine multiple options, which are either default or associated, which means that the above command will enter files opened by the Pkrumins user or the Apache process.

• List all files opened by one user with a process

# lsof-a-u pkrumins-c Bash

The-a parameter can change the combination of multiple options to or from, and the above command displays all files opened by the Pkrumins user and the bash process.

• List files opened by all users except root user

# lsof-u ^root

Note the ^ symbol in front of root, which performs an inverse operation, so lsof lists files opened by users other than the root user.

• Lists all files opened by a process that corresponds to a PID

# lsof-p 1

The-p option allows you to filter the output using the process ID.

Remember that you can also use both to separate multiple PID.

# lsof-p 450,980,333

• Lists all files opened by the process except for a PID

# lsof-p ^1

As with previous users, you can also use ^ for the-p option to reverse.

• List all network connections

# lsof-i

The-i option of lsof lists all the processes that have network sockets (TCP and UDP) turned on.

• List all TCP network connections

# lsof-i TCP

You can also add parameters to the-I option, such as the TCP,TCP option, which forces lsof to list only the processes that open the TCP sockets.

• List all UDP network connections

# lsof-i UDP

The same UDP lets lsof only list the processes that use UDP sockets.

• Find a process that uses a port

# Lsof-i: 25

: The combination of 25 and-I options allows lsof to list processes that consume TCP or UDP 25 ports.

You can also use the port name that is set in/etc/services instead of the number, for example:

# Lsof-i: SMTP

Find a process that uses a UDP port number

# lsof-i Udp:53

Similarly, you can find a process that uses a TCP port:

# lsof-i TCP:80

• Find all network connections for a user

# lsof-a-U hacker-i

Combining the-U and-i option with-a allows lsof to list all network behavior for a user.

• List all NFS (network file system) files

# Lsof-n

This parameter is well remembered, and-N corresponds to NFS.

• List all UNIX domain socket files

# Lsof-u

This option is also good to remember, and-U corresponds to UNIX.

• List all processes that correspond to a group ID

# LSOF-G 1234

The process group is used to logically group the processes, and this example finds all the files opened by the Pgid 1234 process.

• List all files associated with a descriptor

# lsof-d 2

This command lists all files opened with descriptor 2.

You can also specify a range for the descriptor:

# lsof-d 0-2

This lists all files that have descriptor 0,1,2.

The-D option also supports many other special values, and the following command lists all memory-mapped files:

# lsof-d Mem

TXT lists all the processes that are loaded in memory and executing:

# lsof-d TXT

• Outputs the process PID using some resources

# Lsof-t-I.

The-t option outputs the PID of the process, you can combine it with the-I option to output the PID of a process using a port, and the following command will kill all processes that use the network:

# kill-9 ' lsof-t-i '

• Looping through file lists

# lsof-r 1

The-r option allows Lsof to loop through the file until it is interrupted, and parameter 1 means to repeat the print once per second, which is best used with a smaller range of queries, such as monitoring network activity:

# lsof-r 1-u John-i-A

*************************************************************************************************************** *********
MTR command

[Email protected] ~]# mtr-h
usage:mtr [-hvrctglspni46] [--help] [--version] [--report]
[--report-cycles=count] [--curses] [--GTK]
[--raw] [--split] [--no-dns] [--address Interface]
[--psize=bytes/-s bytes]
[--interval=seconds] HOSTNAME [PacketSize]

Mtr-h provide help commands
Mtr-v displaying the version information of the MTR
Mtr-r reported mode display

[Email protected] ~]# mtr-r 202.108.33.94
FOCUS9097 snt:10 loss% last AVG best Wrst StDev
220.181.61.252 0% 6.8 3.3 1.8 7.4 2.2
220.181.17.217 0% 0.4 0.5 0.4 0.7 0.1
220.181.16.17 0% 0.6 0.5 0.5 0.6 0.0
202.97.53.14 10% 0.7 0.7 0.7 0.8 0.0
219.158.35.1 0% 0.8 0.8 0.8 0.9 0.0
219.158.5.81 0% 1.2 1.3 1.2 1.6 0.1
123.126.0.138 0% 1.2 1.1 1.1 1.3 0.1
61.148.153.126 0% 1.9 10.5 1.5 89.9 27.9
61.148.143.22 0% 1.5 1.6 1.5 1.7 0.0
210.74.178.198 0% 1.6 1.6 1.5 1.9 0.1
202.108.33.94 0% 1.5 1.5 1.4 1.5 0.0

Report Description:
First column: The IP address and the native domain name are displayed, which is like tracert
Second column: Snt:10 sets the number of packets sent per second, the default value is 10 can be specified by the parameter-C.

[[email protected] ~]# Mtr-r-C 15 202.108.33.94
FOCUS9097 snt:15 loss% last AVG best Wrst StDev
220.181.61.252 0% 1.9 3.4 1.8 12.9 3.1
220.181.17.217 0% 0.5 0.5 0.4 0.8 0.1
220.181.16.17 0% 0.5 0.6 0.5 2.3 0.5
202.97.53.14 0% 0.7 0.7 0.7 0.7 0.0
219.158.35.1 0% 0.9 0.8 0.8 0.9 0.0
219.158.5.81 0% 1.3 2.8 1.2 22.8 5.5
123.126.0.138 0% 1.1 1.1 1.1 1.2 0.0
61.148.153.126 0% 13.8 7.4 1.6 60.4 15.5
61.148.143.22 0% 1.7 1.6 1.5 1.8 0.1
210.74.178.198 0% 1.6 1.6 1.4 1.7 0.1
202.108.33.94 0% 1.5 1.5 1.4 1.7 0.1

Where-C is the description: –report-cycles COUNT

• Column Three: is the packet loss rate for each corresponding IP displayed
• Fourth column: The most recent return delay shown
• Fifth column: Is the average this should be the mean time delay for sending ping packets
• The Sixth column: is the best or the shortest delay
• The seventh column: The worst or the most frequent delay
• Eighth column: is the standard deviation

Next, the relevant parameters:

1. Mtr-s used to specify the size of the ping packet
2. Mtr-n No-dns IP address does not do domain name resolution
3. Mtr-a to set the IP address of the sending packet this is useful for a host by multiple IP addresses
4. Mtr-i Use this parameter to set the requirement between ICMP returns by default is 1 seconds
5. Mtr-4 IPv4
6. Mtr-6 IPV6

Network judgment
Traceroute www.baidu.com
MTR www.baidu.com
Nslookup www.baidu.com