Today i’ll give you some interesting examples of using lsof command.
lsof stands for “list open files”. So actually it shows all files used by some processes of a system. That command exist on most of and on different Linuxes and Unixes.
It bases on architecture of a kernel which causes evety procces to hold it used files in /proc – (a virtual file-system). A typical hierarchy wold look like:
/proc/process id/fd/file descriptor
In the absence of any options, lsof lists all open files belonging to all active processes of a system. But that is to much for most cases, because many of cases are networkrelated. An if you consider that sockets are files in linux we can use lsof to search fo them.
Examples lsof sockets
The interesting option here is the -i option and it should be followed by the Internet address which is specified in the following form:
[46][protocol][@hostname|hostaddr][:service|port]
4 and 6 stand for ip protocol versions, the rest should be self expanded. So now i think is best time to provide some examples. Here they are:
Show all open connections
lsof -i
Show all open TCP connections
lsof -i TCP
Show open TCP connection on on secure ldap port 636, http 80 and UDP protocol range
lsof -i TCP:636
lsof -i TCP:80
lsof -i UDP:3000-3025
Show LDAP incoming connections
lsof -i TCP@192.168.0.1:636 () #java 890 root 18u IPv6 8332031 #TCP myserver.com:42936 myserver.com:ldaps (ESTABLISHED)
Who use SMTP?
lsof -i :25
#COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
#sendmail 401 root 5u IPv4 0x300023cc141 0t0 TCP *:smtp (LISTEN)
#sendmail 401 root 6u IPv6 0x3000243c200 0t0 TCP *:smtp (LISTEN)
Further useful Examples of lsof
-c option allows to see what files are open by a particular command.
lsof -c mysq lsof -c ruby
See what files are open by a particular device or a file
lsof /dev/cdrom lsof /tmp/obscure.lock
See what files are opened by a user shuron
lsof –u shuron #vi 5200 shuron txt REG 3,1 242601 245773 /bin/vi
Additional info
And at last use -r option for monitoring. Here is example of periodically (every 10 seconds) refresh of connection status for a concrete application started as php.
lsof -r 10 -c php -a -i :1521
It gives periodically all 1521 port connections. 1521 is typical Oracle DB connection port, so that example may serve you as base for script that monitors connection growing of your PHP applications.
So the last on is interesting also it uses the -t parameter which causes lsof return only a Processor id of a file using application. So following command allows you to kill all application that are using provided file.
kill -9 `lsof -t /tmp/obscure.lock`
References: Lsof Man
Can u give me a way through which i can call the lsof command in C and give a call to my c function through java......i know how to give a call through java but din't know the code that i have to write in C function to execute the lsof command.
Great article about lsof! I wrote one myself with a few of these examples, but also includes some output. http://www.lainoox.com/lsof-list-open-files-linux-unix/dontfollow
Thank you for commenting. @bobby thank you for hinting us to "-p" option @Ma Diga let us know.
Good article on lsof. I've been meaning to create an example list on lsof as well in the near future. lsof is perhaps one of the most powerful tools that can be used on a Unix platform for troubleshooting. If anyone's interested, I've written about strace on Linux platform on my blog: http://www.mynitor.com/2009/10/20/linux-alternative-to-truss-command-on-solaris/dontfollow
lsof -p PID ...is nice for tracking down the binary of a PID
Thanks, nothing like seeing commands in action.
Thanks for reminding me about '-c'.