lsof

From LinuxReviews
Jump to navigationJump to search

lsof is a command named after its function which is to "list open files".

Since in UNIX, the saying goes: "everything is a file", this means that sudo lsof -i :53 will also show open ports, such as the DNS port number 53

So, open "files" could be bona fide files and a lot of other things a program can open and use such as: file descriptors, network addresses, process identifiers, user identifiers, zone names, ports and security contexts et cetera.

Use

lsof will list all the system processes if it is invoked without any arguments. The output will be a gigantic list of files, pipes, sockets and so on opened by every single process. It is way too long to be useful. You can pipe it to a file or less with lsof | less and search the output. It is more useful to add parameters to lsof and get the data you want.

ps can be used to get a snapshot of all processes on a system. ps ux will list all the processes you (the user running ps ux are running. It will list the PID of these programs. That process PID can be used a lsof argument together with -p. lsof -p 1728400 will show all the incriminating information about that pid including open files, sockets, pipes and so on.

Lovelyz Kei ProTip.jpg
 TIP: Pressing l on a process in htop will invoke lsof and lists that processes open files.

More in-depth

The lsof manual page is long and very in-depth.

Retrieved from "https://linuxreviews.org/w/index.php?title=Lsof&oldid=12399"