1. List all Open Files with lsof Command
In the below example, it will show long listing of open files some of them are extracted for better understanding which displays the columns like Command, PID, USER, FD, TYPE etc.
# lsof
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
init 1 root cwd DIR 253,0 4096 2 /
Sections and it’s values are self-explanatory. However, we’ll review FD & TYPE columns more precisely.
FD – stands for File descriptor and may seen some of the values as:
cwd current working directory
rtd root directory
txt program text (code and data)
mem memory-mapped file
Also in FD column numbers like 1u is actual file descriptor and followed by u,r,w of it’s mode as:
r for read access.
w for write access.
u for read and write access.
TYPE – of files and it’s identification.
DIR – Directory
REG – Regular file
CHR – Character special file.
FIFO – First In First Out
2. List User Specific Opened Files
# lsof -u user
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1838 user cwd DIR 253,0 4096 2 /
sshd 1838 user rtd DIR 253,0 4096 2 /
3. Find Processes running on Specific Port
To find out all the running process of specific port, just use the following command with option -i. The below example will list all running process of port 22.
# lsof -i TCP:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1471 root 3u IPv4 12683 0t0 TCP *:ssh (LISTEN)
sshd 1471 root 4u IPv6 12685 0t0 TCP *:ssh (LISTEN)
4. List Only IPv4 & IPv6 Open Files
In below example shows only IPv4 and IPv6 network files open with separate commands.
# lsof -i 4
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 1203 rpc 6u IPv4 11326 0t0 UDP *:sunrpc
rpcbind 1203 rpc 7u IPv4 11330 0t0 UDP *:954
# lsof -i 6
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 1203 rpc 9u IPv6 11333 0t0 UDP *:sunrpc
rpcbind 1203 rpc 10u IPv6 11335 0t0 UDP *:954
5. List Open Files of TCP Port ranges 1-1024
To list all the running process of open files of TCP Port ranges from 1-1024.
# lsof -i TCP:1-1024
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 1203 rpc 11u IPv6 11336 0t0 TCP *:sunrpc (LISTEN)
6. Exclude User with ‘^’ Character
Here, we have excluded root user. You can exclude a particular user using ‘^’ with command as shown above.
# lsof -i -u^root
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 1203 rpc 6u IPv4 11326 0t0 UDP *:sunrpc
rpcbind 1203 rpc 7u IPv4 11330 0t0 UDP *:954
rpcbind 1203 rpc 8u IPv4 11331 0t0 TCP *:sunrpc (LISTEN)
7. Find Out who’s Looking What Files and Commands?
Below example shows user user is using command like ping and /etc directory .
# lsof -i -u user
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash 1839 user cwd DIR 253,0 12288 15 /etc
ping 2525 user cwd DIR 253,0 12288 15 /etc
8. List all Network Connections
The following command with option ‘-i’ shows the list of all network connections ‘LISTENING & ESTABLISHED’.
# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 1203 rpc 6u IPv4 11326 0t0 UDP *:sunrpc
rpcbind 1203 rpc 7u IPv4 11330 0t0 UDP *:954
9. Search by PID
The below example only shows whose PID is 1 [One].
# lsof -p 1
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
init 1 root cwd DIR 253,0 4096 2 /
init 1 root rtd DIR 253,0 4096 2 /
10. Kill all Activity of Particular User
Sometimes you may have to kill all the processes for a specific user. Below command will kills all the processes of user user.
# kill -9 `lsof -t -u user`
No comments:
Post a Comment