Linux Training : 7. lsof

lsof

lsof stands for list open files.

lsof

lsof will list open files, ports and sockets. A file is open if it is in use by some process.

  • To list all open files, use:
    • lsof
  • To list all open Internet, x.25 (HP-UX), and UNIX domain files, use:
    • lsof -i -U
  • To list all open IPv4 network files in use by the process whose PID is 1234, use:
    • lsof -i 4 -a -p 1234
  • Presuming the UNIX dialect supports IPv6, to list only open IPv6 network files, use:
    • lsof -i 6
  • To list all open files for login name ''abe'', or user ID 1234, or process 456, or process 123, or process 789, use:
    • lsof -p 456,123,789 -u 1234,abe
  • To list all open files on device /dev/hd4, use:
    • lsof /dev/hd4
  • To find the process that has /u/abe/foo open, use:
    • lsof /u/abe/foo
  • To obtain PID and command name field output for each process, file descriptor, file device number, and file inode number for each file of each process, use:
    • lsof -FpcfDi
  • To list the files at descriptors 1 and 3 of every process running the lsof command for login ID ''abe'' every 10 seconds, use:
    • lsof -c lsof -a -d 1 -d 3 -u abe -r10
  • To list the current working directory of processes running a command that is exactly four characters long and has an 'o' or 'O' in character three, use this regular expression form of the -c c option:
    • lsof -c /^..o.$/i -a -d cwd
  • To find an IP version 4 socket file by its associated numeric dot-form address, use:
    • lsof -i@128.210.15.17
  • To find an IP version 6 socket file (when the UNIX dialect supports IPv6) by its associated numeric colon-form address, use:
    • lsof -i@[0:1:2:3:4:5:6:7]
  • To find an IP version 6 socket file by an associated numeric colon-form address that has a run of zeroes in it - e.g., the loop-back address use:
    • lsof -i@[::1]
lsof exercise

Use lsof to track what remote machines you connect to for several web site. Have the lsof run every 10 seconds while you open new tabs in firefox and browse to redhat.com, selinuxproject.org and fedoraproject.org. Strip out the duplicates