In this session we will be exploring Unix lsof commands
In a linux platform all the activity is file based. If we are going to check a network connection or if we want to check a process or if we want to check a user readable file. Lets see the different commands that can be used to check it.
- lsof This will provides a complete list of all open files in the system
- FD – Represents the file descriptor
- cwd Current Working Directory
- txt Text file
- mem Memory mapped file
- mmap Memory mapped device
- Type – Specifies the type of the file
- REG Regular file
- DIR Directory
- FIFO First In First Out
- CHR Character specific file
- FD – Represents the file descriptor
- lsof -c ssh -c init This is used to list all the open files starting with ssh or init
- lsof -u [user] This is used to find the list of files opened by a specific user, and if you want to exclude files opened by a specific user use lsof -i -u^root
- kill -9 ‘lsof -t -u [user]’ this is used to list and kill all process used by a specific user.
- lsof +d [directory] This is used to find the list of files opened in a specific directory, and if you like to use it in a recursive mode then use “+D”
- lsof -i This is used to list all the network connections opened in the system
- lsof -i TCP If you need to check a TCP or UDP connection. and if you are very specific to port no you can give as lsof -i TCP:80
- lsof -i TCP:1-1024 you can use this for a range of open ports also like this.
- lsof -p 1 This is used to list a specific open process ID files