Find open files with lsof

Vincent Danen describes a helpful investigative tool for Linux, called lsof, that lists open files and offers more detailed information than many other tools.

For a heavy-duty investigative or forensics tool, look no
further than lsof.
It comes bundled with pretty much every Linux distribution, and it’s an indispensable
program. The name of the tool stands for “list open files,” and
that’s exactly what it does, with an amazing amount of detail.

For instance, on a Web server that sends e-mail, has a POP3
and IMAP server, and has MySQL, mailman, etc., executing lsof provides more than 6,200 lines of data. Now, “open
files” is a bit of a misnomer as lsof will also display open TCP ports,
open UDP ports, open sockets, and so forth. For instance, you could display
listening TCP connections and their programs by using the netstat command. The output in
Listing A displays open TCP connections.

Now, use the lsof
command:

# lsof -i|grep TCP

This command accomplishes the same thing, but you will see
much more data output. For instance, with netstat,
you see one listening httpd process, but with lsof, you’ll see every listening
httpd process. To demonstrate more fully, compare these commands:

# netstat -l --tcp -p|grep http

to:

# lsof -i|grep http

With netstat, you’ll
see two lines of text—one for httpd listening to port 80 and the other for it
listening to port 443. With lsof,
you’ll see every httpd thread listening, which in my case, was 40 processes.

Of course, lsof is
useful for more than just tracking which processes are listening to which
ports. With it, you can see the programs that are using certain files or
filesystems, such as:

# lsof /home

COMMAND   PID   USER   FD   TYPE DEVICE SIZE     NODE NAME

bash    14650 joe     cwd    DIR    9,4 4096 50331821 /home/joe

screen  19868 joe     cwd    DIR    9,4 4096 50331821 /home/joe

bash    19869 joe     cwd    DIR    9,4 4096 50331821 /home/joe

ssh     19888 joe     cwd    DIR    9,4 4096 50331821 /home/joe

Compare this output to fuser:

# fuser -v /home

                     USER        PID ACCESS COMMAND

/home                root     kernel mount  /home

As you can see, lsof
can provide a lot more detail than other tools such as fuser or netstat. When
investigating problems, be sure to have lsof
handy, as it can tell you things that no other program will.

Delivered each Tuesday, TechRepublic’s free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE These guidelines from TechRepublic Premium will help you define the necessary ingredients of a security policy and assist in its proper construction. They’re designed to work hand in hand with the subjective knowledge you have of your company, environment and employees. Using this information, your business can establish new policies or elaborate on those ...

PURPOSE Recruiting an Artificial Intelligence Architect with the right combination of technical expertise and experience will require a comprehensive screening process. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY ...

Find open files with lsof