Ubuntu lsof Tool User manual-all documents

Lsof (list open files) is a tool to view the current system files. In a Linux environment, everything is in the form of files, with files that not only access regular data, but also access to network connectivity and hardware. such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) sockets, the system assigns a file descriptor to the application in the background, which provides a lot of information about the application itself.

When viewing system information, you need to give the administrator permission, with Sudo in front

such as sudo lsof-i: 27017, this port is used by MongoDB port.

<span style= "FONT-SIZE:14PX;" >[email protected]:~/document/maketest$ sudo lsof-i: 27017COMMAND  PID    USER   FD   TYPE  DEVICE Size/off NODE namemongod  6941 mongodb    6u  IPv4 2607706      0t0  TCP localhost:27017 (LISTEN) </span>

Lsof open files can be:

1. Normal file
2. Directory
3. File for Network File system
4. Character or device file
5. (function) Shared library
6. Pipes, Named Pipes
7. Symbolic Links
8. Network files (for example: NFS file, network Socket,unix domain name socket)
9. There are other types of files, etc.

3.1. Command Parameters

• -a lists the processes that exist for open files
• -c< Process name > List files opened by the specified process
• -G list GID process details
• -d< File Number > list the process that occupies the file number
• +d< directory > List files that are open under directory
• +d< directory > recursively list files opened in directory
• -n< directory > List files that use NFS
• -i< conditions > lists the processes that meet the criteria. (4, 6, protocol,: Port, @ip)
• -p< Process number > List files opened by the specified process number
• -U list UID number process details
• -H Display Help information
• -V Display version information

3.2. Usage examplesExample 1: no Parameters

<span style= "FONT-SIZE:14PX;" > $lsof |       Morecommand PID USER FD TYPE DEVICE size/off NODE nameinit 1 root CWD          Dir 253,0 4096 2/init 1 root rtd DIR 253,0 4096  2/init 1 root txt REG 253,0 150352 1310795/sbin/initinit 1 root              MEM Reg 253,0 65928 5505054/lib64/libnss_files-2.12.soinit 1 root mem reg 253,0 1918016 5521405/lib64/libc-2.12.soinit 1 root mem REG 253,0 9    3224 5521440/lib64/libgcc_s-4.4.6-20120305.so.1init 1 root mem REG 253,0 47064 5521407/lib64/librt-2.12.soinit 1 root mem REG 253,0 145720 5521406/lib64/libpth Read-2.12.so...</span> 

Description

The meaning of the lsof output column information is as follows:

• COMMAND: Name of the process

• PID: Process Identifier

• PPID: Parent Process Identifier (the-R parameter needs to be specified)

• USER: Process Owner

• Pgid: The group to which the process belongs

• FD: File descriptor in which the application recognizes the file through a file descriptor. such as CWD, TXT, etc.:

  <span style= "FONT-SIZE:14PX;" > (1) CWD: Represents the current working dirctory, which is the directory in which the application starts, unless it makes changes to the directory itself (2) txt: The type of file is program code, such as the application binary file itself or a shared library, The/sbin/init program shown in the list above (3) lnn:library references (AIX), (4) ER:FD information error (see NAME column), and (5) Jld:jail directory (FreeBSD); (6) ltx:shared Library text (code and data), (7) Mxx:hex memory-mapped type number XX. (8) M86:dos Merge mapped file ; (9) mem:memory-mapped file; (ten) mmap:memory-mapped device; (one) pd:parent directory; () Rtd:root directory; Tr:kernel trace File (OpenBSD) v86 vp/ix mapped file; (15) 0: Standard Output (16) 1: Standard input (17) 2: Indicates standard error generally in standard output, standard error, The standard input is followed by the file state mode: R, W, U, etc. (1) U: Indicates that the file is open and is in read/write mode (2) r: Indicates that the file is open and is in read-only mode (3) W: Indicates that the file is open and is in (4) space  And no Lock (5)-: Indicates that the file's state mode is Unknow, and is locked at the same time after the file state mode, followed by the associated lock (1) n:for a Solaris NFS lock of unknown type; (2) R:for read lock on part of the file; (3) R:for A read lock on the entire file, (4) w:for a write lock on part of the file; (partial write lock of File) (5) w:for a write L Ock on the entire file; (write lock for entire file) (6) U:for a read anD write lock of any length; (7) U:for a lock of unknown type, (8) x:for an SCO openserver Xenix lock in part of the file; (9) x:for an SCO openserver Xenix lock on the entire file; (+) Space:if there is no lock.</span>

  
  

• Type: File types, such as Dir, Reg, etc., common file types:

  <span style= "FONT-SIZE:14PX;" > (1) DIR: Table of Contents (2) CHR: denotes character type (3) BLK: Block device Type (4) Unix:unix domain socket (5) FIFO: FIFO (6) IPv4: Internet Protocol (IP) socket </span>

• DEVICE: Specifies the name of the disk

• Size: Sizes of files

• Node: Index node (the identity of the file on disk)

• Name: Open the exact name of the file

Example 2: Finding a file-related process

<span style= "FONT-SIZE:14PX;" > $lsof/bin/bashcommand     PID USER  FD   TYPE DEVICE size/off    NODE namemysqld_sa  2169 root txt    Reg  253,0   938736 4587562/bin/bashksmtuned   2334 root txt    REG  253,0   938736 4587562/bin/ Bashbash      20121 root txt    REG  253,0   938736 4587562/bin/bash</span>

Example 3: List file information opened by a user

<span style= "FONT-SIZE:14PX;" >  $lsof-u username-u option, U is the user's abbreviation </span>

Example 4: List file information opened by a program process

<span style= "FONT-SIZE:14PX;" > $lsof-C mysql</span>

The-C option will list all the files that start with the MySQL process, but you can also write Lsof | grep MySQL, but the first method is significantly less than the second method to hit a few characters;

Example 5: List A user and the file information opened by a process

<span style= "FONT-SIZE:14PX;" > $lsof-  u test-c mysql</span>

Example 6: Displaying a file opened by the process by a process number

<span style= "FONT-SIZE:14PX;" > $lsof-P 11968</span>

Example 7: List all network Connections

<span style= "FONT-SIZE:14PX;" > $lsof-i</span>

Example 8: List all TCP network connection information

<span style= "FONT-SIZE:14PX;" > $lsof-I tcp$lsof-n-i tcpcommand     PID  USER   FD   TYPE  DEVICE size/off NODE namesvnserve  11552 Weber    3u  IPv4 3799399      0t0  TCP *:svn (LISTEN) redis-ser 25501 Weber    4u  IPv4  113150      0t0  TCP 127.0.0.1:6379 (LISTEN) </span>

Example 9: List who is using a port

<span style= "FONT-SIZE:14PX;" > $lsof-I:27017</span>

Example 10: List all active network ports for a user

<span style= "FONT-SIZE:14PX;" > $lsof-U test-i</span>

Example 11: listing the corresponding file information according to the file description

<span style= "FONT-SIZE:14PX;" > $lsof-D description (like 2) </span>

Example:

<span style= "FONT-SIZE:14PX;" > $lsof-D 3 | grep parser1tail      6499 tde    3r   REG    253,3   4514722     417798/opt/applog/open/log/hostparser1_ Error_141217.log.001</span>

Description: 0 for standard input, 1 for standard output, 2 for standard error, so you know: so most applications open files with FD starting from 3

Example 12: List all IPV4 network files that are open by processes with process number 1234

<span style= "FONT-SIZE:14PX;" > $lsof-I 4-a-P 1234</span>

Example 13: List all file information that is currently connected to host NF5260I5-TD Port: 20,21,80, and repeat every 3 seconds

<span style= "FONT-SIZE:14PX;" >lsof-i @nf5260i5-td:20,21,80-r 3</span>

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Ubuntu lsof Tool User manual-all documents