lsof command in Linux:
lsof is one of the most powerful tool for all sysadmins to check and analyze processes running on your Linux server. This gives a detailed information about processes running on the server, path to the executables and other library files the process is calling. In other words, it gives a list of all opened files on server.
Basic Syntax:
lsof [Options]
Usages:
List all opened files on server using lsof:
The below command can be used to list all the opened files on a server:lsof
List all TCP/UDP connections to the server using lsof:
sometimes we need to check the TCP/UDP connections to the server and this can be done with ease using the lsof command along with the switch ‘i’:
lsof -i
List all connections except root user:
Wow, this is an interesting command and it can help in many scenarios, please check the switch for it below:
lsof -i -u^root
The above command is very useful when trying to trace an attack on server.
List all TCP connections to server:lsof -i tcp
List all UDP connections to server:lsof -i udp
List all connections to the port 80:lsof -i tcp:80
List all opened files by a user:
This is going to be a very useful command, this can be used to check the user who creates load on the server.
lsof -u root
Replace ‘root’in above command with the username your want to trace.
List all opened files by a programe (eg: apache2):
lsof -c apache2
How to use multiple options with lsof command:
You can use “-a” at the beginning of the lsof command to use two or more options.
Examples:
List all opened files by apache2 run by ‘root’:
lsof -a -c httpd -u root
List all opened files by mysql inside /var/lib/ folder:
lsof -a -c mysql +D /var/lib/
That’s all guys, please try out everything and keep some usages in mind, it can really save your neck!
Thank you for reading! Bye from nixlinux! 🙂