lsof
lsof is a command named after its function which is to "list open files".
Since in UNIX, the saying goes: "everything is a file", this means that sudo lsof -i :53 will also show open ports, such as the DNS port number 53
So, open "files" could be bona fide files and a lot of other things a program can open and use such as: file descriptors, network addresses, process identifiers, user identifiers, zone names, ports and security contexts et cetera.
Use
lsof
will list all the system processes if it is invoked without any arguments. The output will be a gigantic list of files, pipes, sockets and so on opened by every single process. It is way too long to be useful. You can pipe it to a file or less with lsof | less
and search the output. It is more useful to add parameters to lsof
and get the data you want.
ps
can be used to get a snapshot of all processes on a system. ps ux
will list all the processes you (the user running ps ux
are running. It will list the PID of these programs. That process PID can be used a lsof
argument together with -p
. lsof -p 1728400
will show all the incriminating information about that pid including open files, sockets, pipes and so on.
TIP: Pressing l on a process in htop will invoke lsof and lists that processes open files.
|
More in-depth
The lsof manual page is long and very in-depth.