Linux Lsof Command Tutorial With Examples – POFTUT

Linux Lsof Command Tutorial With Examples

by

Lsof is linux command used for output files and processes related information. lsof support different type of file formats like regular file, directory, block special file etc. lsof provides given command output parsable format where other tools like cut can be used to filter output. In this tutorial we will look different use cases of lsof command.

In order to run lsof command without problem and full fledged mode we should provide root privileges.

List Process and Files

The most basic usage of lsof is executing without providing any option. We will run lsof .

$ lsof
List Process and Files
List Process and Files
  • COMMAND columns shows the command or process name
  • PID columns shows process id
  • USER columns shows the owner of process
  • FD columns shows file descriptor like memory, txt etc.
  • TYPE shows type like directory, memory region
  • DEVICE column shows the device major and minor id
  • SIZE/OFF column shows the
  • NODE column shows node is
  • NAME column shows the name of the opened file

Here list of FD or File Descriptor Types.

  • CWD current working directory
  • TXT text file
  • MEM memory mapped file
  • MMAP memory mapped device
  • NUMBER file descriptor

Here list of TYPE

  • REG regular file
  • DIR directory
  • FIFO first in first out
  • CHR character special file

List Process Which Opened Specific File

We can list processes those opened given file. We only need to specify the file with its full path.

$ lsof /home/ismail
List Process Which Opened Specific File
List Process Which Opened Specific File

List Opened File In The Given Directory

If we want to list currently opened files in the given directory and subdirectory recursively we can use +D option and the directory name. If we do not want to list subdirectories recursively we can use +d option like below. In this example we will list all opened files  under /usr/bin/

$ lsof +D /usr/bin
List Opened File In The Given Directory
List Opened File In The Given Directory

List and Filter According To Process Name

Another useful option is listing and filtering files according to given process name. We will use -c option and the process name. In this example we will list files opened by the ssh process.

$ lsof -c ssh
List and Filter According To Process Name
List and Filter According To Process Name

List Process According To Mount Point

We can also list processes according to file mount point. Actually this is the same as with the directory option +D . In this example we assume that /dev/sdb0 is mounted at /mnt/ and we want to list only this partition processes.

$ lsof +D /mnt

List Files According To User

Now another useful option is listing files according to process owner. We can use -u option with the process owner name. In this example we will list files those have opened by the processes owned by ismail.

$ lsof -u ismail
List Files According To User
List Files According To User

List Files Opened Except Given User

In previous example we have listed all files opened by given user. There is also situation where we want to list opened files except given user. We should add ^ before the user name. In this example we will list all files opened except user root .

$ lsof -u ^root

List All Open Files By Specific Process

We can list files opened by specific process by providing the process id. We will use -p command and processes id . In this example we will list files opened by process id 1107 .

$ sudo lsof -p 1107
List All Open Files By Specific Process
List All Open Files By Specific Process

Run Lsof Repeatedly

We may need to refresh lsof output repeatedly. This can be done with helper commands but lsof also provides option for this -r and period in seconds. In this example we will repeat lsof output in 3 seconds.

$ sudo lsof -p 1107 -r 3
Run Lsof Repeatedly
Run Lsof Repeatedly

In order to exit from repeat mode we can use CTRL+C

And Multiple Options

lsof command can be accept multiple options to filter. The default behaviour is or logic for all given options which will create a long list. If we need to and given options we can use -a .In this example we will list only files opened process id 1107 and owner ismail .

$ lsof -p 1107 -u ismail -a
And Multiple Options
And Multiple Options

List All Network Connections

lsof command is very capable with network connections. We can list currently opened network connections with the -i option like below.

$ lsof -i
List All Network Connections
List All Network Connections

List All IPv4 Network Connections

We can list only IPv4 opened network connections with -i4 option like below.

$ lsof -i4
List All IPv4 Network Connections
List All IPv4 Network Connections

List All IPv6 Network Connections

We can list only IPv4 opened network connections with -i6 option like below.

$ lsof -i6
List All IPv6 Network Connections
List All IPv6 Network Connections

List Processes According Port

We can list processes according to their opened ports. We will use -i : option and the port number. In this example we will list processes opened port 22 .

$ lsof -i :22
List Processes According Port
List Processes According Port

List TCP Connections

We can list only TCP connections with the -i tcp option.

$ lsof -i tcp

LEARN MORE  How To Monitor Network Traffic and Statistics with ntop Tool?
List TCP Connections
List TCP Connections

List UDP Connections

We can list only TCP connections with the -i udp option.

$ lsof -i udp
List UDP Connections
List UDP Connections

List NFS Files

We can list NFS files by using -N option. We can also provide the username of the processes with -u option too. In this example we will list NFS processes opened processes owned ismail

$ lsof -N -u ismail -a

Leave a Comment