lsof用法简介
lsof:一个功能强大的命令
lsof命令的原始功能是列出打开的文件的进程,但LINUX下,所有的设备都是以文件的行式存在的,所以,lsof的功能很强大!
[root@limt01 ~]# lsof -h
lsof 4.82
latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
usage: [-?abhlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-f[gG]] [+|-e s]
[-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]
[+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [-Z [Z]] [--] [names]
Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.
-?|-h list help -a AND selections (OR) -b avoid kernel blocks
-c c cmd c ^c /c/[bix] +c w COMMAND width (9)
+d s dir s files -d s select by FD set +D D dir D tree *SLOW?*
+|-e s exempt s *RISKY* -i select IPv[46] files
-l list UID numbers -n no host names -N select NFS files
-o list file offset -O avoid overhead *RISKY* -P no port names
-R list paRent PID -s list file size -t terse listing
-T disable TCP/TPI info -U select Unix socket -v list version info
-V verbose search +|-w Warnings (+) -X skip TCP&UDP* files
-Z Z context [Z]
-- end option scan
+f|-f +filesystem or -file names +|-f[gG] flaGs
-F [f] select fields; -F? for help
+|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)
+m [m] use|create mount supplement
+|-M portMap registration (-) -o o o 0t offset digits (8)
-p s exclude(^)|select PIDs -S [t] t second stat timeout (15)
-T qs TCP/TPI Q,St (s) info
-g [s] exclude(^)|select and print process group IDs
-i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]
+|-r [t[m<fmt>]] repeat every t seconds (15); + until no files, - forever.
An optional suffix to t is m<fmt>; m must separate t from <fmt> and
<fmt> is an strftime(3) format for the marker line.
-s p:s exclude(^)|select protocol (p = TCP|UDP) states by name(s).
-u s exclude(^)|select login|UID set s
-x [fl] cross over +d|+D File systems or symbolic Links
names select named files or files on named file systems
Anyone can list all files; /dev warnings disabled; kernel ID check disabled.
1 显示文件被那个进程打开
[root@limt01 ~]# lsof /usr/lib64/xorg/protocol.txt
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Xorg 2509 root 4r REG 253,0 31246 662913 /usr/lib64/xorg/protocol.txt
2 显示端口号被那个进程打开
[root@limt01 ~]# lsof -i:21
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
vsftpd 2346 root 3u IPv4 14735 0t0 TCP *:ftp (LISTEN)
3 查看某个用户都打开了那些文件
[root@limt01 ~]# lsof -u limt
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash 3771 limt cwd DIR 253,2 4096 261633 /home/limt
bash 3771 limt rtd DIR 253,0 4096 2 /
bash 3771 limt txt REG 253,0 938832 796239 /bin/bash
bash 3771 limt mem REG 253,0 156928 131074 /lib64/ld-2.12.so
bash 3771 limt mem REG 253,0 1926800 131078 /lib64/libc-2.12.so
bash 3771 limt mem REG 253,0 22536 131096 /lib64/libdl-2.12.so
bash 3771 limt mem REG 253,0 138280 131276 /lib64/libtinfo.so.5.7
bash 3771 limt mem REG 253,0 99154480 656211 /usr/lib/locale/locale-archive
bash 3771 limt mem REG 253,0 65928 131102 /lib64/libnss_files-2.12.so
bash 3771 limt mem REG 253,0 26060 656469 /usr/lib64/gconv/gconv-modules.cache
bash 3771 limt 0u CHR 136,1 0t0 4 /dev/pts/1
bash 3771 limt 1u CHR 136,1 0t0 4 /dev/pts/1
bash 3771 limt 2u CHR 136,1 0t0 4 /dev/pts/1
bash 3771 limt 255u CHR 136,1 0t0 4 /dev/pts/1
4 查看TCP或者UDP协议打开的端口号
[root@limt01 ~]# lsof -i tcp
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
cupsd 1763 root 6u IPv6 12646 0t0 TCP [::1]:ipp (LISTEN)
cupsd 1763 root 7u IPv4 12647 0t0 TCP localhost:ipp (LISTEN)
rpcbind 1938 rpc 8u IPv4 13074 0t0 TCP *:sunrpc (LISTEN)
rpcbind 1938 rpc 11u IPv6 13079 0t0 TCP *:sunrpc (LISTEN)
rpc.statd 2076 rpcuser 9u IPv4 13647 0t0 TCP *:34864 (LISTEN)
rpc.statd 2076 rpcuser 11u IPv6 13655 0t0 TCP *:50799 (LISTEN)
sshd 2317 root 3u IPv4 14634 0t0 TCP *:ssh (LISTEN)
sshd 2317 root 4u IPv6 14638 0t0 TCP *:ssh (LISTEN)
vsftpd 2346 root 3u IPv4 14735 0t0 TCP *:ftp (LISTEN)
sendmail 2370 root 4u IPv4 14915 0t0 TCP localhost:smtp (LISTEN)
sshd 3595 root 3r IPv4 39944 0t0 TCP limt01:ssh->192.168.1.101:51290 (ESTABLISHED)
sshd 3739 root 3r IPv4 44599 0t0 TCP limt01:ssh->192.168.1.101:51348 (ESTABLISHED)
[root@limt01 ~]# lsof -i udp
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
cupsd 1763 root 9u IPv4 12650 0t0 UDP *:ipp
portreser 1842 root 9u IPv4 12826 0t0 UDP *:kerberos-iv
portreser 1842 root 11u IPv4 12828 0t0 UDP *:783
portreser 1842 root 13u IPv4 12834 0t0 UDP *:ldaps
portreser 1842 root 15u IPv4 12842 0t0 UDP *:dhcp-failover
portreser 1842 root 17u IPv4 12845 0t0 UDP *:dhcp-failover2
rpcbind 1938 rpc 6u IPv4 13071 0t0 UDP *:sunrpc
rpcbind 1938 rpc 7u IPv4 13073 0t0 UDP *:841
rpcbind 1938 rpc 9u IPv6 13076 0t0 UDP *:sunrpc
rpcbind 1938 rpc 10u IPv6 13078 0t0 UDP *:841
rpc.statd 2076 rpcuser 5r IPv4 13636 0t0 UDP *:980
rpc.statd 2076 rpcuser 8u IPv4 13643 0t0 UDP *:33530
rpc.statd 2076 rpcuser 10u IPv6 13651 0t0 UDP *:43475
5查看某个进程都打开了那些文件
[root@limt01 ~]# lsof -c xinetd
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xinetd 2325 root cwd DIR 253,0 4096 2 /
xinetd 2325 root rtd DIR 253,0 4096 2 /
xinetd 2325 root txt REG 253,0 174456 680086 /usr/sbin/xinetd
xinetd 2325 root mem REG 253,0 65928 131102 /lib64/libnss_files-2.12.so
xinetd 2325 root mem REG 253,0 472064 131162 /lib64/libfreebl3.so
xinetd 2325 root mem REG 253,0 22536 131096 /lib64/libdl-2.12.so
xinetd 2325 root mem REG 253,0 1926800 131078 /lib64/libc-2.12.so
xinetd 2325 root mem REG 253,0 43392 131164 /lib64/libcrypt-2.12.so
xinetd 2325 root mem REG 253,0 599384 131079 /lib64/libm-2.12.so
xinetd 2325 root mem REG 253,0 116368 131195 /lib64/libnsl-2.12.so
xinetd 2325 root mem REG 253,0 43256 131218 /lib64/libwrap.so.0.7.6
xinetd 2325 root mem REG 253,0 124624 131139 /lib64/libselinux.so.1
xinetd 2325 root mem REG 253,0 156928 131074 /lib64/ld-2.12.so
xinetd 2325 root 0r CHR 1,3 0t0 3800 /dev/null
xinetd 2325 root 1r CHR 1,3 0t0 3800 /dev/null
xinetd 2325 root 2r CHR 1,3 0t0 3800 /dev/null
xinetd 2325 root 3r FIFO 0,8 0t0 14659 pipe
xinetd 2325 root 4w FIFO 0,8 0t0 14659 pipe
xinetd 2325 root 7u unix 0xffff88007aae2c80 0t0 14673 socket
也可以查看在/proc下查看
[root@limt01 fd]# ls -lrt /proc/2317/fd
总用量 0
lrwx------. 1 root root 64 4月 19 19:51 4 -> socket:[14638]
lrwx------. 1 root root 64 4月 19 19:51 3 -> socket:[14634]
lrwx------. 1 root root 64 4月 19 19:51 2 -> /dev/null
lrwx------. 1 root root 64 4月 19 19:51 1 -> /dev/null
lrwx------. 1 root root 64 4月 19 19:51 0 -> /dev/null
6 显示某个目录被那些进程打开
[root@limt01 fd]# lsof +d /usr (不深度搜索子目录)
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
hald-addo 2236 root cwd DIR 253,0 12288 655408 /usr/libexec
hald-addo 2238 root cwd DIR 253,0 12288 655408 /usr/libexec
hald-addo 2241 haldaemon cwd DIR 253,0 12288 655408 /usr/libexec
[root@limt01 fd]# lsof +D /var/log (深度搜索子目录)
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
auditd 1822 root 5w REG 253,0 143575 1310792 /var/log/audit/audit.log
rsyslogd 1868 root 1w REG 253,0 515773 1324377 /var/log/messages
rsyslogd 1868 root 2w REG 253,0 8441 1324378 /var/log/secure
rsyslogd 1868 root 4w REG 253,0 8962 1324379 /var/log/maillog
rsyslogd 1868 root 5w REG 253,0 15024 1310798 /var/log/cron
wpa_suppl 2089 root 3w REG 253,0 0 1310826 /var/log/wpa_supplicant.log
gdm-simpl 2506 root 1w REG 253,0 0 1311187 /var/log/gdm/:0-slave.log
gdm-simpl 2506 root 2w REG 253,0 0 1311187 /var/log/gdm/:0-slave.log
Xorg 2509 root 0r REG 253,0 40047 1310879 /var/log/Xorg.0.log
Xorg 2509 root 2w REG 253,0 30759 1311190 /var/log/gdm/:0.log
console-k 2526 root 9w REG 253,0 6331 1848350 /var/log/ConsoleKit/history
gnome-ses 2599 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
gnome-ses 2599 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
at-spi-re 2623 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
at-spi-re 2623 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
gnome-set 2625 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
metacity 2635 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
metacity 2635 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
gnome-pow 2636 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
gnome-pow 2636 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
gdm-simpl 2637 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
gdm-simpl 2637 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
plymouth- 2638 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
plymouth- 2638 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
polkit-gn 2640 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
polkit-gn 2640 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log
gdm-sessi 2659 root 1w REG 253,0 0 1311187 /var/log/gdm/:0-slave.log
gdm-sessi 2659 root 2w REG 253,0 0 1311187 /var/log/gdm/:0-slave.log
lsof用法简介的更多相关文章
- [转帖]linux lsof 用法简介
linux lsof 用法简介 https://www.cnblogs.com/saneri/p/5333333.html 1.简介: lsof(list open files)是一个列出当前系统打开 ...
- linux lsof 用法简介
1.简介: lsof(list open files)是一个列出当前系统打开文件的工具. 只需输入 lsof 就可以生成大量的信息,因为 lsof 需要访问核心内存和各种文件,所以必须以 root 用 ...
- linux 系统监控、诊断工具之 lsof 用法简介
1.lsof 简介 lsof 是 Linux 下的一个非常实用的系统级的监控.诊断工具. 它的意思是 List Open Files,很容易你就记住了它是 "ls + of"的组合 ...
- lsof命令简介
lsof命令简介: lsof(list open files)是一个列出当前系统打开文件的工具.在linux环境下,任何事物都以文件的形式存在,通过文件不仅仅可以访问常规数据,还可以访问网络连接和硬件 ...
- IOS NSInvocation用法简介
IOS NSInvocation用法简介 2012-10-25 19:59 来源:博客园 作者:csj007523 字号:T|T [摘要]在 iOS中可以直接调用某个对象的消息方式有两种,其中一种就是 ...
- JodaTime用法简介
JodaTime用法简介 Java的Date和Calendar用起来简直就是灾难,跟C#的DateTime差距太明显了,幸好有JodaTime 本文简单罗列JodaTime的用法 package co ...
- Apache自带压力测试工具ab用法简介
ab命令原理 ab命令会创建很多的并发访问线程,模拟多个访问者同时对某一URL进行访问.它的测试目标是基于URL的,因此,既可以用来测试Apache的负载压力,也可以测试nginx.lighthttp ...
- Postman用法简介
转自:http://blog.csdn.net/flowerspring/article/details/52774399 Postman用法简介 转载 2016年10月10日 09:04:10 10 ...
- MSSQL Sql加密函数 hashbytes 用法简介
转自:http://www.maomao365.com/?p=4732 一.mssql sql hashbytes 函数简介 hashbytes函数功能为:返回一个字符,通过 MD2.MD4.MD5. ...
随机推荐
- win7Java开发环境配置
win7下Java开发环境的配置 首先下载符合操作系统版本的jdk,比如最新的jdk8: 下载链接:http://www.oracle.com/technetwork/java/javase/down ...
- 继续Get News List
拿到news list 所需要的技能 json数组反序列化 iOS中有哪些集合对象 数组的遍历 Debugging with GDB json数组反序列化 id jsonObject = [NSJSO ...
- PHPCMS_v9 wap不同列表采用不同模板的方法
.在phpcms\modules\wap\index.php中搜索 $template = ($TYPE[$typeid]['parentid']==0 && in_array($ty ...
- android开子线程避免出现main错误
Runnable SonThread=new Runnable() { @Override public void run() { // TODO Auto-generated method stub ...
- NSFileManager 的基本使用方法
本方法已有个人总结, int main(int argc, const char * argv[]) { @autoreleasepool { NSString *path=@"/Users ...
- Linux(centos)如何安装Zend Optimizer Zend Guard Loader
很多php开源系统都是基于Zend Optimizer的,所以我们需要先安装Zend Optimizer.但在php5.3之后Zend Optimizer被Zend Guard Loader 取代了, ...
- SQLServer 本地移动发布/订阅/分发数据库文件并更改逻辑名称和物理文件名
-------------------------------------------------------------------------------------------------- - ...
- BurpSuite拦截HTTPS请求
1.设置好浏览器代理 2. 3.请求https站点(比如https://www.baidu.com),以火狐浏览器例子: 4. 这一步主要是为了显示[我已充分了解可能的风险],如果有,就不用做以上步骤 ...
- loadrunner取出字符串的后面几位
Action() { char *phonenum; int k=1; phonenum=lr_eval_string("{phoneNum}");//参数化获取 ...
- CSS中margin和padding的区别
在CSS中margin是指从自身边框到另一个容器边框之间的距离,就是容器外距离.在CSS中padding是指自身边框到自身内部另一个容器边框之间的距离,就是容器内距离. 下面讲解 padding和ma ...