In this session we will be exploring Unix lsof commands

In a linux platform all the activity is  file based. If we are going to check a network connection or if we want to check a process or if we want to check a user readable file. Lets see the different commands that can be used to check it.

  1. lsof  This will provides a complete list of all open files in the system
    • FD – Represents the file descriptor
      • cwd      Current Working Directory
      • txt        Text file
      • mem     Memory mapped file
      • mmap   Memory mapped device
    • Type – Specifies the type of the file
      • REG    Regular file
      • DIR     Directory
      • FIFO    First In First Out
      • CHR     Character specific file
  2. lsof -c ssh -c init This is used to list all the open files starting with ssh or init
  3. lsof -u [user] This is used to find the list of files opened by a specific user, and if you want to exclude files opened by a specific user use lsof -i -u^root
  4. kill -9 ‘lsof -t -u [user]’ this is used to list and kill all process used by a specific user.
  5. lsof +d [directory] This is used to find the list of files opened in a specific directory, and if you like to use it in a recursive mode then use “+D”
  6. lsof -i This is used to list all the network connections opened in the system
  7. lsof -i TCP If you need to check a TCP or UDP connection. and if you are very specific to port no you can give as lsof -i TCP:80
  8. lsof -i TCP:1-1024 you can use this for a range of open ports also like this.
  9. lsof -p 1 This is used to list a specific open process ID files

LEAVE A REPLY

Please enter your comment!
Please enter your name here