lsof is an increadibly powerful command-line utility for unix systems. It lists open files, displaying information about them. And since most everything is a file on unix systems, lsof can give sysadmins a ton of useful diagnostic data.
What are some of the most common and useful ways of using lsof, and which command-line switches are used for that?
lsof -i will provide a list of open network sockets. The -n option will prevent DNS lookups, which is useful when your network connection is slow or unreliable.
Use lsof to see what files a running app or daemon has open: lsof -p
lsof -i :port will also tell you what programs are listening on a specific port.
lsof -iTCP
-i :port shows all networking related to a given port
lsof -i :22
To show connections to a specific host, use @host
lsof [email protected]
Show connections based on the host and the port using @host:port
lsof [email protected]:22
Grepping for "LISTEN" shows what ports your system is waiting for connections on
lsof -i| grep LISTEN
Show what a given user has open using -u
lsof -u daniel
See what files and network connections a command is using with -c
lsof -c syslog-ng
The -p switch lets you see what a given process ID has open, which is good for learning more about unknown processes
lsof -p 10075
The -t option returns just a PID
lsof -t -c Mail
Using the -t and -c options together you can HUP processes
kill -HUP lsof -t -c sshd
You can also use the -t with -u to kill everything a user has open
kill -9 lsof -t -u daniel
lsof +f -- /mountpoint
lists the processes using files on the mount mounted at /mountpoint. Particularly useful for finding which process(es) are using a mounted USB stick or CD/DVD.