Useful lsof Commands and Switches – Linux

lsof command in Linux:

lsof is one of the most powerful tool for all sysadmins to check and analyze processes running on your Linux server. This gives a detailed information about processes running on the server, path to the executables and other library files the process is calling. In other words, it gives a list of all opened files on server.

Basic Syntax:

lsof [Options]

Usages:

List all opened files on server using lsof:

The below command can be used to list all the opened files on a server:
lsof

List all TCP/UDP connections to the server using lsof:

sometimes we need to check the TCP/UDP connections to the server and this can be done with ease using the lsof command along with the switch ‘i’:

lsof -i

List all connections except root user:

Wow, this is an interesting command and it can help in many scenarios, please check the switch for it below:

lsof -i -u^root

The above command is very useful when trying to trace an attack on server.

List all TCP connections to server:
lsof -i tcp

List all UDP connections to server:
lsof -i udp

List all connections to the port 80:
lsof -i tcp:80

List all opened files by a user:

This is going to be a very useful command, this can be used to check the user who creates load on the server.

lsof -u root

Replace ‘root’in above command with the username your want to trace.

List all opened files by a programe (eg: apache2):

lsof -c apache2

How to use multiple options with lsof command:

You can use “-a” at the beginning of the lsof command to use two or more options.
Examples:

List all opened files by apache2 run by ‘root’:

lsof -a -c httpd -u root

List all opened files by mysql inside /var/lib/ folder:

lsof -a -c mysql +D /var/lib/

That’s all guys, please try out everything and keep some usages in mind, it can really save your neck!

Thank you for reading! Bye from nixlinux! 🙂

Leave a Reply

Your email address will not be published.