Exploring Unix/Linux lsof commands

In this session we will be exploring Unix lsof commands

In a linux platform all the activity is  file based. If we are going to check a network connection or if we want to check a process or if we want to check a user readable file. Let’s see the different commands that can be used to check it.

lsof  This will provides a complete list of all open files in the system
FD – Represents the file descriptor
cwd      Current Working Directory
txt        Text file
mem     Memory mapped file
mmap   Memory mapped device
Type – Specifies the type of the file
REG    Regular file
DIR     Directory
FIFO    First In First Out
CHR     Character specific file
lsof -c ssh -c init This is used to list all the open files starting with ssh or init
lsof -u [user] This is used to find the list of files opened by a specific user, and if you want to exclude files opened by a specific user use lsof -i -u^root
kill -9 ‘lsof -t -u [user]’ this is used to list and kill all process used by a specific user.
lsof +d [directory] This is used to find the list of files opened in a specific directory, and if you like to use it in a recursive mode then use “+D”
lsof -i This is used to list all the network connections opened in the system
lsof -i TCP If you need to check a TCP or UDP connection. and if you are very specific to port no you can give as lsof -i TCP:80
lsof -i TCP:1-1024 you can use this for a range of open ports also like this.
lsof -p 1 This is used to list a specific open process ID files

Nguồn:https://ftlinuxcourse.com/