views:

776

answers:

5

lsof is an increadibly powerful command-line utility for unix systems. It lists open files, displaying information about them. And since most everything is a file on unix systems, lsof can give sysadmins a ton of useful diagnostic data.

What are some of the most common and useful ways of using lsof, and which command-line switches are used for that?

+2  A: 

lsof -i will provide a list of open network sockets. The -n option will prevent DNS lookups, which is useful when your network connection is slow or unreliable.

John Millikin
+1  A: 

Use lsof to see what files a running app or daemon has open: lsof -p

Chris
+1  A: 

lsof -i :port will also tell you what programs are listening on a specific port.

dvorak
A: 

lsof -iTCP -i :port shows all networking related to a given port lsof -i :22 To show connections to a specific host, use @host lsof [email protected] Show connections based on the host and the port using @host:port lsof [email protected]:22 Grepping for "LISTEN" shows what ports your system is waiting for connections on lsof -i| grep LISTEN Show what a given user has open using -u lsof -u daniel See what files and network connections a command is using with -c lsof -c syslog-ng The -p switch lets you see what a given process ID has open, which is good for learning more about unknown processes lsof -p 10075 The -t option returns just a PID lsof -t -c Mail Using the -t and -c options together you can HUP processes kill -HUP lsof -t -c sshd You can also use the -t with -u to kill everything a user has open kill -9 lsof -t -u daniel

A: 
lsof +f -- /mountpoint

lists the processes using files on the mount mounted at /mountpoint. Particularly useful for finding which process(es) are using a mounted USB stick or CD/DVD.

mas