{"id":3942,"date":"2019-04-16T03:54:45","date_gmt":"2019-04-16T03:54:45","guid":{"rendered":"https:\/\/tst-amo.net.ua\/blog\/?p=3942"},"modified":"2019-04-16T04:21:14","modified_gmt":"2019-04-16T04:21:14","slug":"%d1%83%d1%82%d0%b8%d0%bb%d0%b8%d1%82%d0%b0-lsof","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=3942","title":{"rendered":"\u0423\u0442\u0438\u043b\u0438\u0442\u0430 lsof"},"content":{"rendered":"<h4>List all Open Files with lsof Command<\/h4>\n<p>Sections and it\u2019s values are self-explanatory. However, we\u2019ll review\u00a0<strong>FD &amp; TYPE<\/strong>\u00a0columns more precisely.<\/p>\n<p><strong>FD<\/strong>\u00a0\u2013 stands for File descriptor and may seen some of the values as:<\/p>\n<ul>\n<li><strong>cwd<\/strong>\u00a0current working directory<\/li>\n<li><strong>rtd<\/strong>\u00a0root directory<\/li>\n<li><strong>txt<\/strong>\u00a0program text (code and data)<\/li>\n<li><strong>mem<\/strong>\u00a0memory-mapped file<\/li>\n<\/ul>\n<p>Also in\u00a0<strong>FD<\/strong>\u00a0column numbers like\u00a0<strong>1u<\/strong>\u00a0is actual file descriptor and followed by u,r,w of it\u2019s mode as:<\/p>\n<ul>\n<li><strong>r<\/strong>\u00a0for read access.<\/li>\n<li><strong>w<\/strong>\u00a0for write access.<\/li>\n<li><strong>u<\/strong>\u00a0for read and write access.<\/li>\n<\/ul>\n<p><strong>TYPE<\/strong>\u00a0\u2013 of files and it\u2019s identification.<\/p>\n<ul>\n<li><strong>DIR<\/strong>\u00a0\u2013 Directory<\/li>\n<li><strong>REG<\/strong>\u00a0\u2013 Regular file<\/li>\n<li><strong>CHR<\/strong>\u00a0\u2013 Character special file.<\/li>\n<li><strong>FIFO<\/strong>\u00a0\u2013 First In First Out<\/li>\n<\/ul>\n<h4>List User Specific Opened Files<\/h4>\n<p>The below command will display the list of all opened files of user\u00a0<strong>uba<\/strong>.<\/p>\n<pre># lsof -u uba\r\nCOMMAND PID USER FD TYPE DEVICE SIZE\/OFF NODE NAME\r\nsshd 17162 uba cwd DIR 253,0 242 96 \/\r\nsshd 17162 uba rtd DIR 253,0 242 96 \/\r\nsshd 17162 uba txt REG 253,0 853040 17110610 \/usr\/sbin\/sshd\r\nsshd 17162 uba mem REG 253,0 15480 33614436 \/usr\/lib64\/security\/pam_lastlog.so\r\nsshd 17162 uba mem REG 253,0 15632 16840218 \/usr\/lib64\/libpam_misc.so.0.82.0\r\nsshd 17162 uba mem REG 253,0 309272 33605135 \/usr\/lib64\/security\/pam_systemd.so\r\nsshd 17162 uba mem REG 253,0 19600 33614437 \/usr\/lib64\/security\/pam_limits.so\r\n\r\n<\/pre>\n<h4>Find Processes running on Specific Port<\/h4>\n<p>To find out all the running process of specific port, just use the following command with option\u00a0<strong>-i<\/strong>. The below example will list all running process of port\u00a0<strong>22<\/strong>.<\/p>\n<pre># lsof -i TCP:22\r\nCOMMAND   PID  USER  FD   TYPE  DEVICE   SIZE\/OFF  NODE   NAME\r\nsshd     3507  root   3u  IPv4   27109        0t0  TCP    *:ssh (LISTEN)\r\nsshd    17160  root   3u  IPv4 1930572        0t0  TCP    mail:ssh-&gt;gateway:48242 (ESTABLISHED)\r\nsshd    17162   uba   3u  IPv4 1930572        0t0  TCP    mail:ssh-&gt;gateway:48242 (ESTABLISHED)<\/pre>\n<h4>List Only IPv4 &amp; IPv6 Open Files<\/h4>\n<p>In below example shows only\u00a0<strong>IPv4<\/strong>\u00a0and\u00a0<strong>IPv6<\/strong>\u00a0network files open with separate commands.<\/p>\n<pre># lsof -i 4\r\nCOMMAND   PID    USER  FD   TYPE  DEVICE SIZE\/OFF NODE NAME\r\nrsync     3090   root   4u  IPv4   23493      0t0  TCP *:rsync (LISTEN)\r\nchronyd   3249 chrony   1u  IPv4   25647      0t0  UDP localhost:323 \r\nsshd      3507   root   3u  IPv4   27109      0t0  TCP *:ssh (LISTEN)\r\nopenvpn   3511 nobody   6u  IPv4   30082      0t0  UDP *:openvpn \r\nredis-ser 3515  redis   4u  IPv4   27976      0t0  TCP localhost:6379 (LISTEN)\r\nredis-ser 3515  redis   5u  IPv4 1935299      0t0  TCP localhost:6379-&gt;localhost:56878 (ESTABLISHED)\r\nredis-ser 3515  redis   6u  IPv4 1935301      0t0  TCP localhost:6379-&gt;localhost:56880 (ESTABLISHED)\r\nredis-ser 3515  redis   7u  IPv4 1946266      0t0  TCP localhost:6379-&gt;localhost:56886 (ESTABLISHED)\r\nredis-ser 3515  redis   8u  IPv4 1946268      0t0  TCP localhost:6379-&gt;localhost:56888 (ESTABLISHED)\r\nnmbd      3520   root  14u  IPv4   28204      0t0  UDP *:netbios-ns<\/pre>\n<pre># lsof -i 6<\/pre>\n<h4>List Open Files of TCP Port ranges 1-1024<\/h4>\n<p>To list all the running process of open files of\u00a0<strong>TCP<\/strong>\u00a0Port ranges from\u00a0<strong>1-1024<\/strong>.<\/p>\n<pre># lsof -i TCP:1-1024\r\nCOMMAND PID USER FD TYPE DEVICE SIZE\/OFF NODE NAME\r\nrsync 3090 root 4u IPv4 23493 0t0 TCP *:rsync (LISTEN)\r\nsshd 3507 root 3u IPv4 27109 0t0 TCP *:ssh (LISTEN)\r\nsmbd 3571 root 30u IPv4 30137 0t0 TCP tst.tst-amo.net.ua:microsoft-ds (LISTEN)\r\nsmbd 3571 root 31u IPv4 30138 0t0 TCP tst.tst-amo.net.ua:netbios-ssn (LISTEN)\r\nsmbd 3571 root 32u IPv4 30139 0t0 TCP mail:microsoft-ds (LISTEN)\r\nsmbd 3571 root 33u IPv4 30140 0t0 TCP mail:netbios-ssn (LISTEN)<\/pre>\n<h4>Exclude User with \u2018^\u2019 Character<\/h4>\n<pre># lsof -i -u^root\r\nCOMMAND\u00a0 \u00a0 \u00a0PID\u00a0 \u00a0 \u00a0 USER\u00a0 \u00a0FD\u00a0 \u00a0TYPE\u00a0 DEVICE SIZE\/OFF NODE NAME\r\nchronyd\u00a0 \u00a0 3249\u00a0 \u00a0 chrony\u00a0 \u00a0 1u\u00a0 IPv4\u00a0 \u00a025647\u00a0 \u00a0 \u00a0 0t0\u00a0 UDP localhost:323\u00a0\r\nopenvpn\u00a0 \u00a0 3511\u00a0 \u00a0 nobody\u00a0 \u00a0 6u\u00a0 IPv4\u00a0 \u00a030082\u00a0 \u00a0 \u00a0 0t0\u00a0 UDP *:openvpn\u00a0\r\nredis-ser\u00a0 3515\u00a0 \u00a0 \u00a0redis\u00a0 \u00a0 4u\u00a0 IPv4\u00a0 \u00a027976\u00a0 \u00a0 \u00a0 0t0\u00a0 TCP localhost:6379 (LISTEN)\r\nmemcached\u00a0 3522 memcached\u00a0 \u00a026u\u00a0 IPv4\u00a0 \u00a028032\u00a0 \u00a0 \u00a0 0t0\u00a0 TCP localhost:memcache (LISTEN)\r\nicecast\u00a0 \u00a0 3523\u00a0 \u00a0icecast\u00a0 \u00a0 4u\u00a0 IPv4\u00a0 \u00a027491\u00a0 \u00a0 \u00a0 0t0\u00a0 TCP mail:irdmi (LISTEN)<\/pre>\n<h4>Find Out who\u2019s Looking What Files and Commands?<\/h4>\n<p>Below example shows user uba is using command like <strong>ping<\/strong>\u00a0and\u00a0<strong>\/home\/uba<\/strong>\u00a0directory .<\/p>\n<pre># lsof -i -u svm |grep ping\r\nping 17660 uba cwd DIR 253,2 4096 99 \/home\/uba\r\nping 17660 uba rtd DIR 253,0 242 96 \/\r\nping 17660 uba txt REG 253,0 66176 210234 \/usr\/bin\/ping\r\nping 17660 uba mem REG 253,0 106070960 987152 \/usr\/lib\/locale\/locale-archive\r\nList all Network Connections<\/pre>\n<p>The following command with option\u00a0<strong>\u2018-i\u2019<\/strong>\u00a0shows the list of all network connections \u2018<strong>LISTENING &amp; ESTABLISHED\u2019<\/strong>.<\/p>\n<pre># lsof -i<\/pre>\n<h4>Search by PID<\/h4>\n<p>The below example only shows whose\u00a0<strong>PID<\/strong>\u00a0is\u00a0<strong>1<\/strong>\u00a0[<strong>One<\/strong>].<\/p>\n<pre># lsof -p 1\r\nCOMMAND PID USER FD TYPE DEVICE SIZE\/OFF   NODE  NAME\r\nsystemd   1 root cwd DIR  253,0      242     96  \/\r\nsystemd   1 root rtd DIR  253,0      242     96  \/\r\nsystemd   1 root txt REG  253,0  1620416 154627  \/usr\/lib\/systemd\/systemd<\/pre>\n<h4>Kill all Activity of Particular User<\/h4>\n<p>Sometimes you may have to kill all the processes for a specific user. Below command will kills all the processes of\u00a0<strong>uba<\/strong>\u00a0user.<\/p>\n<pre># kill -9 'lsof -t -u uba'<\/pre>\n<p>\u0423\u0431\u0438\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f uba ping:<\/p>\n<pre>#  lsof -i -u uba |\u00a0 grep ping\r\n# lsof -p 17660\r\n# kill -9 `lsof -t -p 17660`<\/pre>\n<blockquote class=\"wp-embedded-content\" data-secret=\"bfW9RTEEiE\"><p><a href=\"https:\/\/www.tecmint.com\/10-lsof-command-examples-in-linux\/\">10 lsof Command Examples in Linux<\/a><\/p><\/blockquote>\n<p><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" src=\"https:\/\/www.tecmint.com\/10-lsof-command-examples-in-linux\/embed\/#?secret=bfW9RTEEiE\" data-secret=\"bfW9RTEEiE\" width=\"600\" height=\"338\" title=\"&#8220;10 lsof Command Examples in Linux&#8221; &#8212; Tecmint: Linux Howtos, Tutorials &amp; Guides\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<div class=\"pdfprnt-buttons pdfprnt-buttons-post pdfprnt-bottom-right\"><a href=\"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=wpv2posts3942&print=pdf\" class=\"pdfprnt-button pdfprnt-button-pdf\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/plugins\/pdf-print\/images\/pdf.png\" alt=\"image_pdf\" title=\"View PDF\" \/><\/a><a href=\"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=wpv2posts3942&print=print\" class=\"pdfprnt-button pdfprnt-button-print\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/plugins\/pdf-print\/images\/print.png\" alt=\"image_print\" title=\"Print Content\" \/><\/a><\/div>","protected":false},"excerpt":{"rendered":"<p>List all Open Files with lsof Command Sections and it\u2019s values are self-explanatory. However, we\u2019ll review\u00a0FD &amp; TYPE\u00a0columns more precisely. FD\u00a0\u2013 stands for File descriptor and may seen some of the values as: cwd\u00a0current working directory rtd\u00a0root directory txt\u00a0program text (code and data) mem\u00a0memory-mapped file Also in\u00a0FD\u00a0column numbers like\u00a01u\u00a0is actual file descriptor and followed by &#8230;<\/p>\n<p><a href=\"https:\/\/tst-amo.net.ua\/blog\/?p=3942\" class=\"more-link\">Continue reading &lsquo;\u0423\u0442\u0438\u043b\u0438\u0442\u0430 lsof&rsquo; &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48,47,52,165],"tags":[],"class_list":["post-3942","post","type-post","status-publish","format-standard","hentry","category-centos","category-linux","category-utilites","category-165"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3942"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3942"}],"version-history":[{"count":4,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3942\/revisions"}],"predecessor-version":[{"id":3946,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3942\/revisions\/3946"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}