This page looks best with JavaScript enabled

Lsof

 ·  ☕ 1 min read

Help!

lsof List of open files. Open files in a system can be type like disk, files,
network sockets, named pipes and device.

lsof -?

User opened files

lsof -u <user>

FD File descriptor:

  • cwd current working directory
  • rtd root directory
  • txt program text (code and data)
  • mem memory-mapped file

TYPE

  • DIR – Directory
  • REG – Regular file
  • CHR – Character special file.
  • FIFO – First In First Out

Files used by PID o process name

sudo lsof -c <PROCESS-NAME>
sudo lsof -p <PID>

Listing ports

IMPORTANT: run as root ( ex: sudo )

tcp

sudo lsof -i tcp
# -n do no  resolve host - use ip
# -P do not resolve service port
sudo lsof -n -P -i tcp -s tcp:LISTEN
# search for a single port
sudo lsof -n -P -i tcp:22
# search for a range
sudo lsof -n -P -i tcp:80-8080

Common TCP state names are:

  • CLOSED
  • IDLE
  • BOUND
  • LISTEN
  • ESTABLISHED
  • SYN_SENT
  • SYN_RCDV
  • ESTABLISHED
  • CLOSE_WAIT
  • FIN_WAIT1
  • CLOSING
  • LAST_ACK
  • FIN_WAIT_2
  • TIME_WAIT

udp

sudo lsof -i udp

Two common UDP state names are:

  • UNBOUND
  • IDLE

You can negate any state using ^

example: s:^IDLE

See Also

copyleft 2021, No Rights Reserved