lsof survival guide

Hans Sjunnesson picture Hans Sjunnesson · Sep 20, 2008 · Viewed 75.3k times · Source

lsof is an increadibly powerful command-line utility for unix systems. It lists open files, displaying information about them. And since most everything is a file on unix systems, lsof can give sysadmins a ton of useful diagnostic data.

What are some of the most common and useful ways of using lsof, and which command-line switches are used for that?

Answer

 picture · Nov 26, 2008

To show all networking related to a given port:

lsof -iTCP -i :port
lsof -i :22

To show connections to a specific host, use @host

lsof [email protected]

Show connections based on the host and the port using @host:port lsof [email protected]:22

grepping for LISTEN shows what ports your system is waiting for connections on:

lsof -i| grep LISTEN

Show what a given user has open using -u:

lsof -u daniel

See what files and network connections a command is using with -c

lsof -c syslog-ng

The -p switch lets you see what a given process ID has open, which is good for learning more about unknown processes:

lsof -p 10075

The -t option returns just a PID

lsof -t -c Mail

Using the -t and -c options together you can HUP processes

kill -HUP $(lsof -t -c sshd)

You can also use the -t with -u to kill everything a user has open

kill -9 $(lsof -t -u daniel)