Shulou(Shulou.com)06/03 Report--

This is the third article in the "Unix and Linux commands you should know" series. In this article, I will introduce lsof as a tool. If netcat is Swiss for network diagnostics, then lsof is Swiss for Unix debugging.

Lsof is an example of following the philosophy of Unix, it does only one thing, and it does it perfectly-it can list all the file information opened by a process. Open files may be ordinary files, directories, NFS files, block files, character files, shared libraries, regular pipes, clear pipes, symbolic links, Socket streams, network Socket, UNIX domain Socket, and more. Because almost everything in the Unix system is a file, you can imagine how useful lsof can be.

You can take a look at the introduction to pipe viewer in the first article in this series. If you are interested in this article, you should subscribe to my RSS Feed.

How to use lsof?

In this article, I will try my best to list all the uses of lsof I can think of. Let's start with the simplest (maybe you already know), and then gradually increase the complexity:

List all open files

# lsof

Running lsof without any parameters lists all files opened by all processes.

Find out who is using a file

# lsof / path/to/file

Just execute the path to the file, and lsof will list all the processes that use the file, you can also list multiple files, and lsof will list all the processes that use these files.

You can also develop more than one document at a time:

# lsof / path/to/file1 / path/to/file2

Recursively find all open files in a directory

# lsof + D / usr/lib

Add the + D parameter, and lsof will search the specified directory recursively. Note that this parameter is slower than the grep version:

# lsof | grep'/ usr/lib'

The reason why it is slow is that + D first looks for all the files and then outputs them at once.

List all files opened by a user

# lsof-u pkrumins

The-u option is limited to listing only all files opened by the user pkrumins. You can specify multiple users by comma:

# lsof-u rms,root

This command lists all files opened by rms and root users.

You can also use more than one-u to do the same thing as follows:

# lsof-u rms-u root

Find all the files opened by a program

# lsof-c apache

The-c option restricts the list of files opened by processes that start with apache:

So you don't have to write something like this:

# lsof | grep foo

Instead, use the following shorter version:

# lsof-c foo

In fact, you can only specify the beginning of the process name:

# lsof-c apa

This lists all files opened by processes that start with apa

You can also set multiple-c parameters:

# lsof-c apache-c python

This lists all files opened by apache and python

Lists all files opened by a user or process

# lsof-u pkrumins-c apache

You can also combine multiple options, which are performed or associated by default, which means that the above command will enter a file opened by the pkrumins user or the apache process.

Lists all files opened by a user with a process

# lsof-a-u pkrumins-c bash

The-a parameter can change the combination condition of multiple options from or to and, and the above command displays all files opened by pkrumins users and bash processes.

Lists files opened by all users except root users

# lsof-u ^ root

Notice the ^ symbol before root, which performs the reverse operation, so lsof lists all files opened by users other than root users.

Lists all files opened by a process corresponding to a PID

# lsof-p 1

The-p option allows you to filter the output using the process id.

Remember that you can also use Duhao to separate multiple pid.

# lsof-p 450980333

Lists all files opened by a process except for a pid

# lsof-p ^ 1

Like the previous users, you can also use ^ to reverse the-p option.

List all network connections

# lsof-I

The-I option of lsof lists all processes with network sockets (TCP and UDP) open.

List all TCP network connections

# lsof-I tcp

You can also add parameters to the-I option, such as the tcp,tcp option, which forces lsof to list only the processes that open TCP sockets.

List all UDP network connections

# lsof-I udp

Again, udp asks lsof to list only processes that use UDP socket.

Find a process that uses a port

# lsof-I: 25

The combination of: 25 and-I options allows lsof to list processes that occupy port 25 of TCP or UDP.

You can also use the port name specified in / etc/services instead of the port number, such as:

# lsof-I: smtp

Find a process that uses a UDP port number

# lsof-I udp:53

Similarly, you can find a process that uses a tcp port:

# lsof-I tcp:80

Find all network connections for a user

# lsof-a-u hacker-I

Using-a to combine the-u and-I options allows lsof to list all the network behaviors of a user.

List all NFS (Network File system) files

# lsof-N

This parameter is easy to remember, and-N corresponds to NFS.

List all UNIX domain Socket files

# lsof-U

This option is also easy to remember, and-U corresponds to UNIX.

List all processes corresponding to a group id

# lsof-g 1234

Process groups are used to logically group processes. This example looks for files opened by all processes with a PGID of 1234.

Lists all files associated with a descriptor

# lsof-d 2

This command lists all files opened with descriptor 2.

You can also specify a range for the descriptor:

# lsof-d 0-2

This will list all files with a descriptor of 0 ~ 1 ~ 2.

The-d option also supports many other special values, and the following command lists all memory-mapped files:

# lsof-d mem

Txt lists all processes that are loaded in memory and are executing:

# lsof-d txt

Output process pid that uses certain resources

# lsof-t-I

The-t option outputs the PID of the process, which you can combine with the-I option to output the PID of the process using a port. The following command will kill all processes using the network:

# kill-9 `lsof-t-i`

List files in a loop

# lsof-r 1

The-r option allows lsof to cycle through files until it is interrupted. Parameter 1 means to repeat printing every second. This option is best used in combination with a query with a smaller range, such as to monitor network activity:

# lsof-r 1-u john-I-a

How do I install lsof?

Many Unix systems have built-in lsof, and if your system is not installed, you can download the source code directly from here.

The BSD system has a similar tool called fstat that can do the same thing.

You can learn about the complete documentation on lsof through man lsof, or check it out through lsof-h.

Start experiencing the joys of lsof!

-

This article is translated from "A Unix Utility You Should Know About: lsof", author: Peteris Krumins, photo: Hallvard E

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.