Introduction to the lsof command:
lsof (list open files) is a tool to list open files on the current system. In the linux environment, everything exists in the form of files, through which you can access not only regular data, but also network connections and hardware. So, lsof is very powerful. Only the root user can execute the lsof command. Ordinary users can see the /usr/sbin/lsof command, but when executed by ordinary users, "permission denied" is displayed. Therefore, being able to view this list through the lsof tool will be very helpful for system monitoring and troubleshooting.
Enter lsof under the terminal to display the files opened by the system. Because lsof needs to access the core memory and various files, it must be run as the root user to fully exert its functions.
Displays one open file per line. If no condition is specified, it will display all files opened by all processes by default. The meanings of each column of information output by lsof are as follows:
COMMAND: Process name
PID: Process identifier
USER: Process owner
FD: File descriptor, the application identifies the file through the file descriptor. Such as cwd, txt, etc.
TYPE: file type, such as DIR, REG, etc.
DEVICE: specify the name of the disk
SIZE: the size of the file
NODE: inode (identification of the file on the disk)
NAME: the exact name of the open file
The usage of the lsof instruction is as follows:
lsof abc.txt shows the process that opened the file abc.txt
lsof directory name to find who is using the file directory system
lsof -i :22 know which process is occupied by port 22
lsof -c abc shows the files currently open by the abc process
lsof -g gid displays the process status of the belonging gid
lsof -n does not convert IP to hostname, the default is not to add the -n parameter
lsof -p 12 to see which files are opened by the process with process ID 12
lsof -u username to see which files the user has opened
lsof -i @192.168.1.111 View remote open network connections (connected to 192.168.1.111)
---------------------------- ---------
lsof -i is used to display eligible processes
语法: lsof -i[46] [protocol][@hostname|hostaddr][:service|port]
46 -> IPv4 or IPv6
protocol -> TCP or UDP
hostname -> Internet host name
hostaddr -> IPv4 location
service -> service name in /etc/service (can be more than one)
port -> port number (can be more than one)
-------------------------------------
lsof +|-r [t] Control lsof to repeat continuously Execute, the default is 15s refresh
-r, lsof will continue to execute forever until an interrupt signal is received
+r, lsof will execute until no files are displayed
Example: Keep checking the current ftp connection: lsof -i [email protected]:ftp -r