Wednesday, August 11, 2010

lsof Command


Today I came across ISOF command in one interview, the interviewer of this interview is a tricky guy and a great Linux/nix guru. He asked me many questions which I can’t answer, in that lsof command is one. This command really impressed me and this is one of the most powerful command i ever come across till this point in Linux. So I did some research on this command and come across numerous examples for making network/system admin work bit more simple and meaning full. 

So what is lsof command? 
lsof is nothing but LiSt Open Files, which will show all the open files by
1.   a process in system.
2.   a user.
3.   a command.
4.   a network service.
5.   a regular file.
6.   a directory
7.   a block special file
8.   a character special file
9.   an executing text reference
10.        a library
11.        a stream or
12.        a network file (Internet socketNFS file or UNIX domain socket.).

So where we will use this lsof command? In many situations such as when troubleshooting network related issuesfile related issues and process related issue

USAGE1 : To see all the open files in system with out filtering which lists all open files belonging to all active processes. 

#lsof
 

USAGE2 Some times we will face an issue like, some service will not bind to a port and cannot start the service, this is due to some process already using that port(though the process died). So we have to see which process is using this port and kill that process. this will eliminate restarting the server. Suppose we want to start ftp server which will not starting due to above problem. 

#lsof -i TCP:ftp
 
here -i is used to specify Internet 


USAGE3 : To see what files are opened when you execute a command 

#lsof -c httpd 
here -c is for specifying command

USAGE4 To see which file opened for a device 

#lsof /dev/hdc 
USAGE5 : To see which procces or user is accessing the file. 

#lsof -f filename 

Example: 
[root@v-test Script]# lsof -f passwd 
vim 14122 root 4u REG 253,0 12288 234655 /etc/.passwd.swp 
[root@v-test Script]# 

USAGE6 : To monitor network, what people are doing with what network services 

#watch lsof -i 

Note:watch is an excellent command to repeate a command execution on a regular interval please have a look in to my other blog post about this watch command.

USAGE7 : To see all open internet files 

#lsof -i -U 

USAGE8 : To see Ports either its TCP or UDP 

#lsof -i TCP:22 
For checking all the connection for ssh port 

#lsof -i UDP: 69
 
This is for tftp connections to the machine. 

USAGE9:To watch all the actually by a user in live..?
#watch lsof –u username


A good link for learning more about lsof command link1 some sister commands for this command are pstreeps and netstat 

NOTE : Some strange things I observed about this command is 

1.Till this point I know that to use any commands options we have to use - but for this command there are both and options too.
2.In linux every thing is considered as files even a network socket, hardware device for some examples.