{"id":371,"date":"2010-09-11T02:06:55","date_gmt":"2010-09-11T08:06:55","guid":{"rendered":"http:\/\/blog.supportpro.com\/2010\/09\/some-useful-commands-using-lsof\/"},"modified":"2018-10-04T06:29:33","modified_gmt":"2018-10-04T12:29:33","slug":"some-useful-commands-using-lsof","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/some-useful-commands-using-lsof\/","title":{"rendered":"Some useful commands using lsof"},"content":{"rendered":"<p>LiSt Open Files is a useful and powerful tool that will show you opened files. In Unix everything is a file: pipes are files, IP sockets are files, unix sockets are files, directories are files, devices are files, inodes are files&#8230;<br \/>\nUseful Examples<br \/>\nSo in this tangle of files lsof listst files opened by processes running on your system.<br \/>\nWhen lsof is called without parameters, it will show all the files opened by any processes.<\/p>\n<p><!--more--><\/p>\n<p>lsof | nl<\/p>\n<p>Let us know who is using the apache executable file, \/etc\/passwd, what files are opened on device \/dev\/hda6 or who&#8217;s accessing \/dev\/cdrom:<\/p>\n<p>lsof `which apache2`<br \/>\nlsof \/etc\/passwd<br \/>\nlsof \/dev\/hda6<br \/>\nlsof \/dev\/cdrom<\/p>\n<p>Now show us what process IDs are using the apache binary, and only the PID:<\/p>\n<p>lsof -t `which apache2`<\/p>\n<p>Show us what files are opened by processes whose names starts by &#8220;k&#8221; (klogd, kswapd&#8230;) and bash. Show us what files are opened by init:<\/p>\n<p>lsof -c k<br \/>\nlsof -c bash<br \/>\nlsof -c init<\/p>\n<p>Show us what files are opened by processes whose names starts by &#8220;courier&#8221;, but exclude those whose owner is the user &#8220;zahn&#8221;:<\/p>\n<p>lsof -c courier -u ^zahn<\/p>\n<p>Show us the processes opened by user apache and user zahn:<\/p>\n<p>lsof -u apache,zahn<\/p>\n<p>Show us what files are using the process whose PID is 30297:<\/p>\n<p>lsof +p 30297<\/p>\n<p>Search for all opened instances of directory \/tmp and all the files and directories it contains:<\/p>\n<p>lsof +D \/tmp<\/p>\n<p>List all opened internet sockets and sockets related to port 80:<\/p>\n<p>lsof -i<br \/>\nlsof -i :80<\/p>\n<p>List all opened Internet and UNIX domain files:<\/p>\n<p>lsof -i -U<\/p>\n<p>Show us what process(es) has an UDP connection opened to or from the host http:\/\/www.mydomain.com at port 123 (ntp):<\/p>\n<p>lsof -iUDP@www.mydomain.com:123<\/p>\n<p>lsof provides many more options and could be an unvaluable foresinc tool if your system get compromised or as daily basis check tool.<\/p>\n<p>If you require help, <a href=\"https:\/\/www.supportpro.com\/requestquote.php\">contact SupportPRO Server Admin<\/a><\/p>\n<p style=\"text-align: center;\"><!--HubSpot Call-to-Action Code --><span id=\"hs-cta-wrapper-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-wrapper\"><span id=\"hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-node hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\"><!-- [if lte IE 8]><\/p>\n\n\n\n\n\n<div id=\"hs-cta-ie-element\"><\/div>\n\n\n<![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/2725694\/9d590242-d641-4383-94b4-8cfd62f0af6b\"><img decoding=\"async\" id=\"hs-cta-img-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-img\" style=\"border-width: 0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/9d590242-d641-4383-94b4-8cfd62f0af6b.png\" alt=\"Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value\" \/><\/a><\/span><script charset=\"utf-8\" src=\"https:\/\/js.hscta.net\/cta\/current.js\"><\/script><script type=\"text\/javascript\"> hbspt.cta.load(2725694, '9d590242-d641-4383-94b4-8cfd62f0af6b', {}); <\/script><\/span><!-- end HubSpot Call-to-Action Code --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>LiSt Open Files is a useful and powerful tool that will show you opened files. In Unix everything is a file: pipes are files, IP sockets are files, unix sockets&hellip;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-371","post","type-post","status-publish","format-standard","hentry","category-miscellaneous"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/comments?post=371"}],"version-history":[{"count":1,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/371\/revisions"}],"predecessor-version":[{"id":3373,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/371\/revisions\/3373"}],"wp:attachment":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media?parent=371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/categories?post=371"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/tags?post=371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}