linux-(lsof)

lsof Command 1. Command format:

lsof [parameters] [file]

2. Command function:

Lsof (list openfiles) is a tool that lists open files for the current system. In a Linux environment, everything is in the form of files, with files that not only access regular data, but also access to network connectivity and hardware. so, such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) sockets, the system assigns a file descriptor to the application in the background, regardless of the nature of the file, which provides a common interface for the interaction between the application and the underlying operating system. because the application opens a descriptor list of files that provides a lot of information about the application itself, it is helpful to see the list through the Lsof tool for system monitoring and troubleshooting.

Used to view the files that your process opened, the process of opening the file, the port (TCP, UDP) that the process opened. Retrieve/Recover deleted files. is a very convenient system monitoring tool, because lsof needs to access core memory and various files, so the root user needs to execute.

Lsof open files can be:

• Normal file
• Directory
• File for Network File system
• Character or device file
• (function) Shared library
• Pipes, Named Pipes
• Symbolic Links
• Network files (for example: NFS file, network Socket,unix domain name socket)
• There are other types of files, etc.

3. Command parameters:

-a lists the processes that exist for open files

-c< Process name > List files opened by the specified process

-G list GID process details

-d< File Number > list the process that occupies the file number

+d< directory > List files that are open under directory

+d< directory > recursively list files opened in directory

-n< directory > List files that use NFS

-i< conditions > lists the processes that meet the criteria. (4, 6, protocol,: Port, @ip)

-p< Process number > List files opened by the specified process number

-U list UID number process details

-H Display Help information

-V Display version information

4. Usage examples:

Without any parameters

Command: lsof

COMMAND     PID USER   FD      TYPE             DEVICE     SIZE       NODE nameinit          1 root  cwd       DIR                8,2     4096          2 /init          1 root  RTD       DIR                8,2     4096          2 /

The meaning of the lsof output column information is as follows:

COMMAND: Name of the process

PID: Process Identifier

PPID: Parent Process Identifier (the-R parameter needs to be specified)

USER: Process Owner

Pgid: The group to which the process belongs

FD: File descriptor in which the application recognizes the file through a file descriptor. such as CWD, TXT, etc.

(1) CWD: Represents the current working dirctory, which is the directory in which the application starts, unless it makes changes to the directory itself

(2) TXT: This type of file is a program code, such as the application binary file itself or a shared library, as shown in the list above/sbin/init program

(3) Lnn:library references (AIX);

(4) ER:FD information error (see NAME column);

(5) Jld:jail directory (FreeBSD);

(6) Ltx:shared Library text (code and data);

(7) Mxx:hex memory-mapped type number XX.

(8) M86:dos Merge mapped file;

(9) mem:memory-mapped file;

(ten) mmap:memory-mapped device;

(one) Pd:parent directory;

(rtd:root) directory;

(Tr:kernel) trace file (OpenBSD);

(+) v86 vp/ix mapped file;

(15) 0: Indicates standard output

(16) 1: Indicates standard input

(17) 2: standard error indication

Generally after standard output, standard error, standard input followed by file state mode: R, W, u, etc.

(1) U: Indicates that the file is open and in read/write mode

(2) R: Indicates that the file is open and is in read-only mode

(3) W: Indicates that the file is open and is in

(4) Space: Indicates that the file's status mode is Unknow and is not locked

(5)-: Indicates that the file's state mode is unknow and is locked

At the same time, after the file state mode, followed by the relevant lock

(1) n:for a Solaris NFS lock of unknown type;

(2) R:for read lock on part of the file;

(3) R:for A read lock on the entire file;

(4) W:for a write lock on part of the file;

(5) W:for A write lock on the entire file; (write lock for entire file)

(6) U:for a read and write lock of any length;

(7) U:for a lock of unknown type;

(8) x:for an SCO openserver Xenix lock in part of the file;

(9) x:for an SCO openserver Xenix lock on the entire file;

(space:if) There is no lock.

Type: File types, such as Dir, Reg, etc., common file types

(1) DIR: Indicates directory

(2) CHR: denotes character type

(3) BLK: Block device type

(4) Unix:unix domain sockets

(5) FIFO: Advanced First Out (FIFO) queue

(6) IPv4: Internet Protocol (IP) sockets

DEVICE: Specifies the name of the disk

Size: Sizes of files

Node: Index node (the identity of the file on disk)

Name: Open the exact name of the file

See who is using a file, that is, finding a file-related process

Command: Lsof/bin/bash

Recursively view file information for a directory

Command: Lsof test/test3

 [Root @localhost  ~]#   CD /opt/soft/  [Root@ localhost  soft]#   lsof test/test3  Span style= "COLOR: #000000" >command PID USER FD TYPE DEVICE SIZE NODE namebash  24941  root cwd DIR 8 , 2  4096  2258872  test/ Test3vi  24976  root cwd DIR 8 , 2  4096  2258872  Test/test3 

To traverse the view of all file information for a directory without using the +D option

Command: lsof |grep ' Test/test3 '

List file information opened by a user

Command: Lsof-u username

Lists file information that is opened by a program process

Command: lsof- c MySQL

Description: The-C option will list all the files that start with the MySQL process, but you can also write Lsof | grep MySQL, but the first method is obviously a few characters less than the second method.

List multiple open file information for more than one process

Command: Lsof-c mysql-c Apache

Lists the file information opened by a user and a process

Command: Lsof-u test-c MySQL

Lists open file information except for a user

Command: Lsof-u ^root

Description: ^ This symbol is preceded by the user name and will be opened by the root user process does not let the display

Displays the file that was opened by a process number

Command: Lsof-p 1

List file information for multiple process numbers

Command: Lsof-p

Lists file information that is opened by other process numbers in addition to a process number

Command: Lsof-p ^1

List all network connections

Command: Lsof-i

List all TCP network connection information

Command: Lsof-i TCP

List all UDP network connection information

Command: Lsof-i UDP

List who is using a port

Command: lsof-i: 3306

List who is using a specific UDP port

Command: Lsof-i udp:55

A specific TCP port

Command: Lsof-i tcp:80

List all active network ports for a user

Command: lsof-a-u test-i

List all network file systems

Command: Lsof-n

Domain Name socket file

Command: Lsof-u

File information opened by a user group

Command: Lsof-g 5555

List the corresponding file information according to the file description

Command: lsof-d description (like 2)

Example: lsof-d txt

Example: lsof-d 1

Example: lsof-d 2

Description: 0 for standard input, 1 for standard output, 2 for standard error, so you know: so most applications open files with FD starting from 3

Listing file information according to the scope of the file description

Command: lsof-d 2-3

Lists file information in the command column that contains the string "sshd" and the file stroke is of type txt

Command: lsof-c sshd-a-D txt

Lists all IPV4 network files that are opened by processes with process number 1234

Command: Lsof-i 4-a-P 1234

Lists all file information that is currently connected to the host Peida.linux Port as: 20,21,22,25,53,80, and executes the lsof instruction every 3 seconds continuously.

Command: Lsof-i @peida. linux:20,21,22,25,53,80- R 3

linux-(lsof)