Http://hi.baidu.com/zheng918/blog/item/d0130008a1e07dc862d986f3.html
Lsof is a classic of UNIX philosophy. It does only one thing and is perfect-it can list all file information opened by a process. Open files may be common files, directories, NFS files, block files, character files, shared libraries, common pipelines, clear pipes, symbolic links, socket streams, network sockets, UNIX socket, and more. Because almost everything in UNIX systems is a file, you can imagine how useful lsof is.
How to Use lsof?
This articleArticleI will try my best to list all the lsof usage I can think of. Let's start with the simplest (maybe you already know) and then gradually increase the complexity:
List all open files
# Lsof
Running lsof without any parameters lists all files opened by all processes.
Find out who is using a file
# Lsof/path/to/File
You only need to execute the file path. lsof will list all processes that use this file. You can also list multiple files. lsof will list all processes that use these files.
You can also create multiple files at a time:
# Lsof/path/to/file1/path/to/file2
Recursively search all open files in a directory
# Lsof + D/usr/lib
With the + D parameter added, lsof performs recursive search for the specified directory. Note that this parameter is slower than grep:
# Lsof | grep '/usr/lib'
The reason for slowness is that + D first searches for all files and then outputs them at one time.
List all files opened by a user
# Lsof-u pkrumins
-U option only lists all files opened by the user pkrumins. You can use commas to specify multiple users:
# Lsof-u RMS, Root
This command lists all files opened by the RMS and root users.
You can also use multiple-U as follows to do the same thing:
# Lsof-u RMS-u Root
FindProgramAll open files
# Lsof-C Apache
-C option only lists files opened by processes starting with Apache:
Therefore, you do not need to write as follows:
# Lsof | grep foo
Use the shorter version below:
# Lsof-C foo
In fact, you can only specify the beginning of the process name:
# Lsof-C Apa
This will list all files opened by processes starting with APA
You can also specify multiple-C parameters:
# Lsof-c apache-C Python
This will list all files opened by Apache and python.
List all files opened by a user or a process
# Lsof-u pkrumins-C Apache
You can also use multiple options in combination. These options are performed or associated by default. That is to say, the above command will input files opened by pkrumins users or Apache processes.
List all files opened by a user and a process
# Lsof-a-u pkrumins-C bash
-The a parameter can change the combination conditions of multiple options from or to and. The preceding command displays all files opened by pkrumins users and bash processes.
List all files opened by all users except Root
# Lsof-u ^ Root
Note the ^ symbol in front of the root user, which performs the reverse operation. Therefore, lsof lists all files opened by users other than the root user.
Lists All files opened by processes corresponding to a PID.
# Lsof-P 1
The-P option allows you to use the process ID to filter the output.
Remember, you can also use them to separate multiple PIDs.
# Lsof-P 450,980,333
List files opened by all processes except for a PID
# Lsof-P ^ 1
Like the previous user, you can use the ^ to reverse the-P option.
List all network connections
# Lsof-I
The-I option of lsof can list all processes that open network Sockets (TCP and UDP.
List all TCP network connections
# Lsof-I TCP
You can also add parameters for the-I option, such as TCP. The TCP option forces lsof to only list the processes that open TCP sockets.
List all UDP Network Connections
# Lsof-I UDP
Similarly, UDP allows lsof to only list processes using UDP socket.
Find the process using a port
# Lsof-I: 25
: 25 and-I options allow lsof to list processes that occupy TCP or UDP port 25.
You can also use the port name specified in/etc/services to replace the port number, for example:
# Lsof-I: SMTP
Find the process using a UDP port number
# Lsof-I UDP: 53
You can also find the process that uses a TCP port:
# Lsof-I TCP: 80
Find all network connections of a user
# Lsof-a-u hacker-I
Using-a to combine-U and-I options allows lsof to list all network behaviors of a user.
List all NFS (Network File System) files
# Lsof-n
This parameter is memorable.-N corresponds to NFS.
List all socket files in UNIX domain
# Lsof-u
This option is also easy to remember.-U corresponds to Unix.
List all processes corresponding to a group ID
# Lsof-G 1234
Process Groups are used to logically group processes. In this example, all files opened by processes with a pgid of 1234 are queried.
List all objects associated with a descriptor
# Lsof-D 2
This command will list all files opened with descriptor 2.
You can also specify a range for the descriptor:
# Lsof-D 0-2
This will list all files with descriptors 0, 1, and 2.
The-D option also supports many other special values. The following command lists all memory ing files:
# Lsof-d MEM
TXT lists all processes that are loaded in the memory and are being executed:
# Lsof-D txt
Output process PID using some resources
# Lsof-t-I
-T option outputs the PID of the process. You can combine it with-I option to output the PID of the process using a port. The following command will kill all processes using the network:
# Kill-9 'lsof-T-I'
List objects cyclically
# Lsof-R 1
The-r option enables lsof to list objects cyclically until they are interrupted. Parameter 1 indicates repeated printing every second. It is recommended that you use this option in combination with a query with a small range, for example, to monitor network activities:
# Lsof-R 1-u John-I-
How to install lsof?
Many Unix systems have built-in lsof. If your system is not installed, you can download the source code directly from here.
The BSD system has a similar tool that can do the same thing, called fstat.
You can use man lsof to understand the complete lsof documentation, or use lsof-h to view it.
Start to experience the fun of lsof
The above content comes from the network.