Linux command--51 lsof (GO)

Source: Internet
Author: User

Lsof (list open files) is a tool that lists open files for the current system . In a Linux environment, everything is in the form of files, with files that not only access regular data, but also access to network connectivity and hardware. So, such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) sockets, the system assigns a file descriptor to the application in the background, regardless of the nature of the file, which provides a common interface for the interaction between the application and the underlying operating system. Because the application opens a descriptor list of files that provides a lot of information about the application itself, it is helpful to see the list through the Lsof tool for system monitoring and troubleshooting.

1. Command format:

lsof [parameters] [file]

2. Command function:

Used to view the files that your process opened, the process of opening the file, the port (TCP, UDP) that the process opened. Retrieve/Recover deleted files. is a very convenient system monitoring tool, because lsof needs to access core memory and various files, so the root user needs to execute.

Lsof open files can be:

1. Common Files

2. Catalogue

3. Files on the network file system

4. character or device file

5. (function) Shared library

6. Piping, Named pipes

7. Symbolic Links

8. Network files (for example: NFS file, network Socket,unix domain name socket)

9. There are other types of files, etc.

3. Command parameters:

-a lists the processes that exist for open files

-c< Process name > List files opened by the specified process

-G list GID process details

-d< File Number > list the process that occupies the file number

+d< directory > List files that are open under directory

+d< directory > recursively list files opened in directory

-n< directory > List files that use NFS

-i< conditions > lists the processes that meet the criteria. (4, 6, protocol,: Port, @ip)

-p< Process number > List files opened by the specified process number

-U list UID number process details

-H Display Help information

-V Display version information

4. Usage examples:

Example 1: No parameters

Command:

Lsof

Output:

[Email protected] ~]# lsof

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Init 1 root cwd DIR 8,2 4096 2/
Init 1 root RTD DIR 8,2 4096 2/
Init 1 root txt REG 8,2 43496 6121706/sbin/init
Init 1 root mem REG 8,2 143600 7823908/lib64/ld-2.5.so
Init 1 root mem REG 8,2 1722304 7823915/lib64/libc-2.5.so
Init 1 root mem REG 8,2 23360 7823919/lib64/libdl-2.5.so
Init 1 root mem REG 8,2 95464 7824116/lib64/libselinux.so.1
Init 1 root mem REG 8,2 247496 7823947/lib64/libsepol.so.1
Init 1 root 10u FIFO 0,17 1233/dev/initctl
Migration 2 root CWD DIR 8,2 4096 2/
Migration 2 root RTD DIR 8,2 4096 2/
Migration 2 Root txt unknown/proc/2/exe
KSOFTIRQD 3 root cwd DIR 8,2 4096 2/
KSOFTIRQD 3 root RTD DIR 8,2 4096 2/
KSOFTIRQD 3 Root txt unknown/proc/3/exe
Migration 4 root CWD DIR 8,2 4096 2/
Migration 4 root RTD DIR 8,2 4096 2/
Migration 4 Root txt unknown/proc/4/exe
KSOFTIRQD 5 root CWD DIR 8,2 4096 2/
KSOFTIRQD 5 root RTD DIR 8,2 4096 2/
KSOFTIRQD 5 Root txt unknown/proc/5/exe
events/0 6 root cwd DIR 8,2 4096 2/
events/0 6 root RTD DIR 8,2 4096 2/
events/0 6 Root txt unknown/proc/6/exe
EVENTS/1 7 root CWD DIR 8,2 4096 2/

Description

The meaning of the lsof output column information is as follows:

COMMAND: Name of the process

PID: Process Identifier

PPID: Parent Process Identifier (the-R parameter needs to be specified)

USER: Process Owner

Pgid: The group to which the process belongs

FD: File descriptor in which the application recognizes the file through a file descriptor. such as CWD, TXT, etc.

(1) CWD: Represents the current working dirctory, which is the directory in which the application starts, unless it makes changes to the directory itself

(2) TXT: This type of file is a program code, such as the application binary file itself or a shared library, as shown in the list above/sbin/init program

(3) Lnn:library references (AIX);

(4) ER:FD information error (see NAME column);

(5) Jld:jail directory (FreeBSD);

(6) Ltx:shared Library text (code and data);

(7) Mxx:hex memory-mapped type number XX.

(8) M86:dos Merge mapped file;

(9) mem:memory-mapped file;

(ten) mmap:memory-mapped device;

(one) Pd:parent directory;

(rtd:root) directory;

(Tr:kernel) trace file (OpenBSD);

(+) v86 vp/ix mapped file;

(15) 0: Indicates standard output

(16) 1: Indicates standard input

(17) 2: standard error indication

Generally after standard output, standard error, standard input followed by file state mode: R, W, u, etc.

(1) U: Indicates that the file is open and in read/write mode

(2) R: Indicates that the file is open and is in read-only mode

(3) W: Indicates that the file is open and is in

(4) Space: Indicates that the file's status mode is Unknow and is not locked

(5)-: Indicates that the file's state mode is unknow and is locked

At the same time, after the file state mode, followed by the relevant lock

(1) n:for a Solaris NFS lock of unknown type;

(2) R:for read lock on part of the file;

(3) R:for A read lock on the entire file;

(4) W:for a write lock on part of the file;

(5) W:for A write lock on the entire file; (write lock for entire file)

(6) U:for a read and write lock of any length;

(7) U:for a lock of unknown type;

(8) x:for an SCO openserver Xenix lock in part of the file;

(9) x:for an SCO openserver Xenix lock on the entire file;

(space:if) There is no lock.

Type: File types, such as Dir, Reg, etc., common file types

(1) DIR: Indicates directory

(2) CHR: denotes character type

(3) BLK: Block device type

(4) Unix:unix domain sockets

(5) FIFO: Advanced First Out (FIFO) queue

(6) IPv4: Internet Protocol (IP) sockets

DEVICE: Specifies the name of the disk

Size: Sizes of files

Node: Index node (the identity of the file on disk)

Name: Open the exact name of the file

Example 2: See who is using a file, that is, find a file-related process

Command:

Lsof/bin/bash

Output:

[Email protected] ~]# Lsof/bin/bash
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Bash 24159 root txt REG 8,2 801528 5368780/bin/bash
Bash 24909 root txt REG 8,2 801528 5368780/bin/bash
Bash 24941 root txt REG 8,2 801528 5368780/bin/bash
[Email protected] ~]#

Example 3: Recursively view file information for a directory

Command:

Lsof Test/test3

Output:

[Email protected] ~]# cd/opt/soft/
[Email protected] soft]# lsof test/test3
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Bash 24941 root cwd DIR 8,2 4096 2258872 test/test3
VI 24976 root CWD DIR 8,2 4096 2258872 test/test3
[Email protected] soft]#

Description

With +d, all subdirectories and files in the corresponding directory will be listed

Example 4: A way to traverse all the file information of a directory without using the +D option

Command:

Lsof |grep ' Test/test3 '

Output:

[Email protected] soft]# lsof |grep ' Test/test3 '

Bash 24941 root cwd DIR 8,2 4096 2258872/opt/soft/test/test3
VI 24976 root CWD DIR 8,2 4096 2258872/opt/soft/test/test3
VI 24976 Root 4u REG 8,2 12288 2258882/opt/soft/test/test3/.log2013.log.swp
[Email protected] soft]#

Example 5: List file information opened by a user

Command:

Lsof-u username

Description

-U option, U is actually the user's abbreviation

Example 6: List file information opened by a program process

Command:

Lsof-c MySQL

Description

The-C option will list all the files that start with the MySQL process, but you can also write Lsof | grep MySQL, but the first method is obviously a few characters less than the second method.

Example 7: List multiple open file information for more than one process

Command:

Lsof-c mysql-c Apache

Example 8: List A user and the file information opened by a process

Command:

Lsof-u test-c MySQL

Description

Users can be related to processes or irrelevant

Example 9: List open file information except for a user

Command:

Lsof-u ^root

Description

^ This symbol before the user name, will be the root user opened the process does not let the display

Example 10: Displaying a file that is opened by a process number

Command:

Lsof-p 1

Example 11: List file information for multiple process numbers

Command:

Lsof-p

Example 12: List file information opened by other process numbers in addition to a process number

Command:

Lsof-p ^1

Example 13: List all network connections

Command:

Lsof-i

Example 14: List all TCP network connection information

Command:

Lsof-i TCP

Example 15: List all UDP network connection information

Command:

Lsof-i UDP

Example 16: List who is using a port

Command:

Lsof-i: 3306

Example 17: List who is using a specific UDP port

Command:

Lsof-i udp:55

Or: A specific TCP port

Command:

Lsof-i tcp:80

Example 18: List all active network ports for a user

Command:

Lsof-a-U test-i

Example 19: List all network file systems

Command:

Lsof-n

Example 20: Domain name socket file

Command:

Lsof-u

Example 21: File information opened by a user group

Command:

Lsof-g 5555

Example 22: Listing the corresponding file information according to the file description

Command:

Lsof-d description (like 2)

Example: lsof-d txt

Example: lsof-d 1

Example: lsof-d 2

Description

0 means standard input, 1 for standard output, and 2 for standard error, so you know: so most applications open files with FD starting from 3

Example 23: Listing file information according to the scope of the file description

Command:

Lsof-d 2-3

Example 24: List file information that contains the string "sshd" in the command column and the type of the file stroke is txt

Command:

Lsof-c Sshd-a-D txt

Output:

[Email protected] soft]# lsof-c sshd-a-D txt
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2756 root txt REG 8,2 409488 1027867/usr/sbin/sshd
sshd 24155 root txt REG 8,2 409488 1027867/usr/sbin/sshd
sshd 24905 root txt REG 8,2 409488 1027867/usr/sbin/sshd
sshd 24937 root txt REG 8,2 409488 1027867/usr/sbin/sshd
[Email protected] soft]#
[Email protected] soft]#

Example 25: List all IPV4 network files that are open by processes with process number 1234

Command:

Lsof-i 4-a-P 1234

Example 26: Lists all the file information associated with the current connection host Peida.linux Port as: 20,21,22,25,53,80, and executes the lsof instruction every 3 seconds continuously

Command:

Lsof-i @peida. Linux:20,21,22,25,53,80-r 3

Linux command--51 lsof (GO)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.