lsof用法简介

lsof:一个功能强大的命令

lsof命令的原始功能是列出打开的文件的进程，但LINUX下，所有的设备都是以文件的行式存在的，所以，lsof的功能很强大！

[root@limt01 ~]# lsof -h

lsof 4.82

latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/

latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ

latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man

usage: [-?abhlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-f[gG]] [+|-e s]

[-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]

[+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [-Z [Z]] [--] [names]

Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.

-?|-h list help -a AND selections (OR) -b avoid kernel blocks

-c c cmd c ^c /c/[bix] +c w COMMAND width (9)

+d s dir s files -d s select by FD set +D D dir D tree *SLOW?*

+|-e s exempt s *RISKY* -i select IPv[46] files

-l list UID numbers -n no host names -N select NFS files

-o list file offset -O avoid overhead *RISKY* -P no port names

-R list paRent PID -s list file size -t terse listing

-T disable TCP/TPI info -U select Unix socket -v list version info

-V verbose search +|-w Warnings (+) -X skip TCP&UDP* files

-Z Z context [Z]

-- end option scan

+f|-f +filesystem or -file names +|-f[gG] flaGs

-F [f] select fields; -F? for help

+|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)

+m [m] use|create mount supplement

+|-M portMap registration (-) -o o o 0t offset digits (8)

-p s exclude(^)|select PIDs -S [t] t second stat timeout (15)

-T qs TCP/TPI Q,St (s) info

-g [s] exclude(^)|select and print process group IDs

-i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]

+|-r [t[m<fmt>]] repeat every t seconds (15); + until no files, - forever.

An optional suffix to t is m<fmt>; m must separate t from <fmt> and

<fmt> is an strftime(3) format for the marker line.

-s p:s exclude(^)|select protocol (p = TCP|UDP) states by name(s).

-u s exclude(^)|select login|UID set s

-x [fl] cross over +d|+D File systems or symbolic Links

names select named files or files on named file systems

Anyone can list all files; /dev warnings disabled; kernel ID check disabled.

1 显示文件被那个进程打开

[root@limt01 ~]# lsof /usr/lib64/xorg/protocol.txt

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

Xorg 2509 root 4r REG 253,0 31246 662913 /usr/lib64/xorg/protocol.txt

2 显示端口号被那个进程打开

[root@limt01 ~]# lsof -i:21

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

vsftpd 2346 root 3u IPv4 14735 0t0 TCP *:ftp (LISTEN)

3 查看某个用户都打开了那些文件

[root@limt01 ~]# lsof -u limt

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

bash 3771 limt cwd DIR 253,2 4096 261633 /home/limt

bash 3771 limt rtd DIR 253,0 4096 2 /

bash 3771 limt txt REG 253,0 938832 796239 /bin/bash

bash 3771 limt mem REG 253,0 156928 131074 /lib64/ld-2.12.so

bash 3771 limt mem REG 253,0 1926800 131078 /lib64/libc-2.12.so

bash 3771 limt mem REG 253,0 22536 131096 /lib64/libdl-2.12.so

bash 3771 limt mem REG 253,0 138280 131276 /lib64/libtinfo.so.5.7

bash 3771 limt mem REG 253,0 99154480 656211 /usr/lib/locale/locale-archive

bash 3771 limt mem REG 253,0 65928 131102 /lib64/libnss_files-2.12.so

bash 3771 limt mem REG 253,0 26060 656469 /usr/lib64/gconv/gconv-modules.cache

bash 3771 limt 0u CHR 136,1 0t0 4 /dev/pts/1

bash 3771 limt 1u CHR 136,1 0t0 4 /dev/pts/1

bash 3771 limt 2u CHR 136,1 0t0 4 /dev/pts/1

bash 3771 limt 255u CHR 136,1 0t0 4 /dev/pts/1

4 查看TCP或者UDP协议打开的端口号

[root@limt01 ~]# lsof -i tcp

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

cupsd 1763 root 6u IPv6 12646 0t0 TCP [::1]:ipp (LISTEN)

cupsd 1763 root 7u IPv4 12647 0t0 TCP localhost:ipp (LISTEN)

rpcbind 1938 rpc 8u IPv4 13074 0t0 TCP *:sunrpc (LISTEN)

rpcbind 1938 rpc 11u IPv6 13079 0t0 TCP *:sunrpc (LISTEN)

rpc.statd 2076 rpcuser 9u IPv4 13647 0t0 TCP *:34864 (LISTEN)

rpc.statd 2076 rpcuser 11u IPv6 13655 0t0 TCP *:50799 (LISTEN)

sshd 2317 root 3u IPv4 14634 0t0 TCP *:ssh (LISTEN)

sshd 2317 root 4u IPv6 14638 0t0 TCP *:ssh (LISTEN)

vsftpd 2346 root 3u IPv4 14735 0t0 TCP *:ftp (LISTEN)

sendmail 2370 root 4u IPv4 14915 0t0 TCP localhost:smtp (LISTEN)

sshd 3595 root 3r IPv4 39944 0t0 TCP limt01:ssh->192.168.1.101:51290 (ESTABLISHED)

sshd 3739 root 3r IPv4 44599 0t0 TCP limt01:ssh->192.168.1.101:51348 (ESTABLISHED)

[root@limt01 ~]# lsof -i udp

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

cupsd 1763 root 9u IPv4 12650 0t0 UDP *:ipp

portreser 1842 root 9u IPv4 12826 0t0 UDP *:kerberos-iv

portreser 1842 root 11u IPv4 12828 0t0 UDP *:783

portreser 1842 root 13u IPv4 12834 0t0 UDP *:ldaps

portreser 1842 root 15u IPv4 12842 0t0 UDP *:dhcp-failover

portreser 1842 root 17u IPv4 12845 0t0 UDP *:dhcp-failover2

rpcbind 1938 rpc 6u IPv4 13071 0t0 UDP *:sunrpc

rpcbind 1938 rpc 7u IPv4 13073 0t0 UDP *:841

rpcbind 1938 rpc 9u IPv6 13076 0t0 UDP *:sunrpc

rpcbind 1938 rpc 10u IPv6 13078 0t0 UDP *:841

rpc.statd 2076 rpcuser 5r IPv4 13636 0t0 UDP *:980

rpc.statd 2076 rpcuser 8u IPv4 13643 0t0 UDP *:33530

rpc.statd 2076 rpcuser 10u IPv6 13651 0t0 UDP *:43475

5查看某个进程都打开了那些文件

[root@limt01 ~]# lsof -c xinetd

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

xinetd 2325 root cwd DIR 253,0 4096 2 /

xinetd 2325 root rtd DIR 253,0 4096 2 /

xinetd 2325 root txt REG 253,0 174456 680086 /usr/sbin/xinetd

xinetd 2325 root mem REG 253,0 65928 131102 /lib64/libnss_files-2.12.so

xinetd 2325 root mem REG 253,0 472064 131162 /lib64/libfreebl3.so

xinetd 2325 root mem REG 253,0 22536 131096 /lib64/libdl-2.12.so

xinetd 2325 root mem REG 253,0 1926800 131078 /lib64/libc-2.12.so

xinetd 2325 root mem REG 253,0 43392 131164 /lib64/libcrypt-2.12.so

xinetd 2325 root mem REG 253,0 599384 131079 /lib64/libm-2.12.so

xinetd 2325 root mem REG 253,0 116368 131195 /lib64/libnsl-2.12.so

xinetd 2325 root mem REG 253,0 43256 131218 /lib64/libwrap.so.0.7.6

xinetd 2325 root mem REG 253,0 124624 131139 /lib64/libselinux.so.1

xinetd 2325 root mem REG 253,0 156928 131074 /lib64/ld-2.12.so

xinetd 2325 root 0r CHR 1,3 0t0 3800 /dev/null

xinetd 2325 root 1r CHR 1,3 0t0 3800 /dev/null

xinetd 2325 root 2r CHR 1,3 0t0 3800 /dev/null

xinetd 2325 root 3r FIFO 0,8 0t0 14659 pipe

xinetd 2325 root 4w FIFO 0,8 0t0 14659 pipe

xinetd 2325 root 7u unix 0xffff88007aae2c80 0t0 14673 socket

也可以查看在/proc下查看

[root@limt01 fd]# ls -lrt /proc/2317/fd

总用量 0

lrwx------. 1 root root 64 4月 19 19:51 4 -> socket:[14638]

lrwx------. 1 root root 64 4月 19 19:51 3 -> socket:[14634]

lrwx------. 1 root root 64 4月 19 19:51 2 -> /dev/null

lrwx------. 1 root root 64 4月 19 19:51 1 -> /dev/null

lrwx------. 1 root root 64 4月 19 19:51 0 -> /dev/null

6 显示某个目录被那些进程打开

[root@limt01 fd]# lsof +d /usr （不深度搜索子目录）

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

hald-addo 2236 root cwd DIR 253,0 12288 655408 /usr/libexec

hald-addo 2238 root cwd DIR 253,0 12288 655408 /usr/libexec

hald-addo 2241 haldaemon cwd DIR 253,0 12288 655408 /usr/libexec

[root@limt01 fd]# lsof +D /var/log （深度搜索子目录）

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

auditd 1822 root 5w REG 253,0 143575 1310792 /var/log/audit/audit.log

rsyslogd 1868 root 1w REG 253,0 515773 1324377 /var/log/messages

rsyslogd 1868 root 2w REG 253,0 8441 1324378 /var/log/secure

rsyslogd 1868 root 4w REG 253,0 8962 1324379 /var/log/maillog

rsyslogd 1868 root 5w REG 253,0 15024 1310798 /var/log/cron

wpa_suppl 2089 root 3w REG 253,0 0 1310826 /var/log/wpa_supplicant.log

gdm-simpl 2506 root 1w REG 253,0 0 1311187 /var/log/gdm/:0-slave.log

gdm-simpl 2506 root 2w REG 253,0 0 1311187 /var/log/gdm/:0-slave.log

Xorg 2509 root 0r REG 253,0 40047 1310879 /var/log/Xorg.0.log

Xorg 2509 root 2w REG 253,0 30759 1311190 /var/log/gdm/:0.log

console-k 2526 root 9w REG 253,0 6331 1848350 /var/log/ConsoleKit/history

gnome-ses 2599 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

gnome-ses 2599 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

at-spi-re 2623 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

at-spi-re 2623 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

gnome-set 2625 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

metacity 2635 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

metacity 2635 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

gnome-pow 2636 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

gnome-pow 2636 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

gdm-simpl 2637 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

gdm-simpl 2637 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

plymouth- 2638 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

plymouth- 2638 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

polkit-gn 2640 gdm 1w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

polkit-gn 2640 gdm 2w REG 253,0 736 1311197 /var/log/gdm/:0-greeter.log

gdm-sessi 2659 root 1w REG 253,0 0 1311187 /var/log/gdm/:0-slave.log

gdm-sessi 2659 root 2w REG 253,0 0 1311187 /var/log/gdm/:0-slave.log

lsof用法简介的更多相关文章

[转帖]linux lsof 用法简介
linux lsof 用法简介 https://www.cnblogs.com/saneri/p/5333333.html 1.简介: lsof(list open files)是一个列出当前系统打开 ...
linux lsof 用法简介
1.简介: lsof(list open files)是一个列出当前系统打开文件的工具. 只需输入 lsof 就可以生成大量的信息,因为 lsof 需要访问核心内存和各种文件,所以必须以 root 用 ...
linux 系统监控、诊断工具之 lsof 用法简介
1.lsof 简介 lsof 是 Linux 下的一个非常实用的系统级的监控.诊断工具. 它的意思是 List Open Files,很容易你就记住了它是 "ls + of"的组合 ...
lsof命令简介
lsof命令简介: lsof(list open files)是一个列出当前系统打开文件的工具.在linux环境下,任何事物都以文件的形式存在,通过文件不仅仅可以访问常规数据,还可以访问网络连接和硬件 ...
IOS NSInvocation用法简介
IOS NSInvocation用法简介 2012-10-25 19:59 来源:博客园作者:csj007523 字号:T|T [摘要]在 iOS中可以直接调用某个对象的消息方式有两种,其中一种就是 ...
JodaTime用法简介
JodaTime用法简介 Java的Date和Calendar用起来简直就是灾难,跟C#的DateTime差距太明显了,幸好有JodaTime 本文简单罗列JodaTime的用法 package co ...
Apache自带压力测试工具ab用法简介
ab命令原理 ab命令会创建很多的并发访问线程,模拟多个访问者同时对某一URL进行访问.它的测试目标是基于URL的,因此,既可以用来测试Apache的负载压力,也可以测试nginx.lighthttp ...
Postman用法简介
转自:http://blog.csdn.net/flowerspring/article/details/52774399 Postman用法简介转载 2016年10月10日 09:04:10 10 ...
MSSQL Sql加密函数　hashbytes 用法简介
转自:http://www.maomao365.com/?p=4732 一.mssql sql hashbytes 函数简介 hashbytes函数功能为:返回一个字符,通过 MD2.MD4.MD5. ...

随机推荐

CentOS下Apache安装SSL
https是一个安全的访问方式,数据在传输过程中是加密的.https基于ssl. 一.安装apache和ssl模块1.安装apacheyum install httpd2.安装ssl模块yum ins ...
wp8 入门到精通测量代码执行时间
Stopwatch time = new Stopwatch(); byte[] target = new byte[size]; for (int j = 0; j < size; j++) ...
apistore接口调用demo
<!doctype html> <html lang="en"> <head> <meta charset="UTF-8&quo ...
初识RPC协议
什么是rpc框架先回答第一个问题:什么是RPC框架? 如果用一句话概括RPC就是:远程调用框架(Remote Procedure Call) 那什么是远程调用? 通常我们调用一个php中的方法,比如 ...
Eclipse·如何关联Git库文件和添加JUint库
Eclipse创建工程并关联到文件(SVN或Git管理的代码文件) 新建java工程,用于存放工程的一些信息,默认存放地址. 工程相关的信息是不需要提交到(SVN或Git)版本库的,所以工程存放到本地 ...
selenium实战-自动退百度云共享群
必备知识在官网上下好selenium-3.0.1-py2.py3-none-any.whl,然后进入下载文件所在的位置 pip install selenium-3.0.1-py2.py3-none ...
connot resolve symbol R
出现这个原因大都是layout里的xml文件出错,就不会自动生成R文件
AndroidStudio中创建Assets文件
LoadRunner脚本实例来验证参数化的取值
LoadRunner脚本实例来验证参数化的取值 SINM {3]!G0问题提出: 主要想试验下,在Controller中,多个用户,多次迭代中参数的取值.51Testing软件测试网(['H5f,d ...
css与js后边有？v=20160101
原文地址http://blog.csdn.net/zanychou/article/details/8813076 <span style="font-size:14px;" ...

lsof用法简介

lsof用法简介的更多相关文章

随机推荐

热门专题