Linux - Lsof find open files, Lsof command examples

Lsof find open files

lsof is a cool command to find all the open file list, the same command is also used to find the deleted files which is a major reason of overflowing of disk space. But actually the diskspace in not full.

The below examples of lsof command will give you a brief idea about the usage and adavantage of using lsof command.

Show all connections
 # lsof -i

Show only TCP connections
 # lsof -iTCP

Show only UDP connections
 # lsof -iUDP

Show connections to particular port
 # lsof -i :80
shows all networking related to a given port, here we have use port 80.

Show connections to a specific host, use @host
 # lsof -i@192.168.1.2

Show connections based on the host and the port
 # lsof -i@192.168.1.5:22
By using using @host:port, we can find the connections based on host and the port.

Grep listening connections of port 80
 # lsof -i :80 | grep 'LISTEN'
Grepping for "LISTEN" shows what ports your system is waiting for connections on particular port

Grepping for ESTABLISHED shows current active connections
 # lsof -i | grep 'ESTABLISHED'

Find what a user has open using -u
 # lsof -u ecable

See what files and network connections a command is using with -c
 # lsof -c syslog-ng

Pointing to a file shows what's interacting with that file
 # lsof /var/log/messages

 # lsof -p 10075
The -p switch lets you see what a given process ID has open, which is good for learning more about unknown processes.

 # lsof -t -c Mail
The -t option returns just a PID

 # lsof -a -u oracle -i @127.0.0.1
Using -a allows you to combine search terms, so the query below says, "show me everything running as daniel connected to 1.1.1.1"
 # kill -HUP `lsof -t -c sshd`
Using the -t and -c options together you can HUP processes

Kill all files a user has open
 # kill -9 `lsof -t -u daniel`
You can also use the -t with -u to kill everything a user has open

Finding an Unlinked Open File
 # lsof +L1
lsof +L1 shows you all open files that have a link count less than 1, often indicative of a cracker trying to hide something

Find all open files
 # lsof -a +L1 /var/log/messages
You can use lsof -a (AND) option to narrow the link count search to a particular file system. For example, to look for zero link counts on the /va/log/messages file system.

Find all open files
 # lsof  /var/log/messages

The topic on Linux - Lsof find open files is posted by - Math

Hope you have enjoyed, Linux - Lsof find open filesThanks for your time

Tech Bluff