stevepedwards.com/DebianAdmin linux mint IT admin tips info

Cool Command #8 – lsof

An lsof Primer here for this very powerful tool:

https://danielmiessler.com/study/lsof/

10 lsof Command Examples in Linux

man lsof

DESCRIPTION
Lsof revision 4.86 lists on its standard output file information about files opened by processes for the following UNIX dialects:

Apple Darwin 9 and Mac OS X 10.[567]
FreeBSD 4.9 and 6.4 for x86-based systems
FreeBSD 8.2, 9.0 and 10.0 for AMD64-based systems
Linux 2.1.72 and above for x86-based systems
Solaris 9, 10 and 11

(See the DISTRIBUTION section of this manual page for information on how to obtain the latest lsof revision.)

An open file may be a regular file, a directory, a block special file, a character special file, an executing text reference, a library, a
stream or a network file (Internet socket, NFS file or UNIX domain socket.) A specific file or all the files in a file system may be selected
by path.

Instead of a formatted display, lsof will produce output that can be parsed by other programs. See the -F, option description, and the OUTPUT
FOR OTHER PROGRAMS section for more information.

In addition to producing a single output list, lsof will run in repeat mode. In repeat mode it will produce output, delay, then repeat the
output operation until stopped with an interrupt or quit signal. See the +|-r [t[m<fmt>]] option description for more information.

OPTIONS
In the absence of any options, lsof lists all open files belonging to all active processes.

You may not want to do that ( just lsof ) on a busy production PC!!

You can find a TON of stuff about what a PC is doing with this.

The POWER of LSOF (note diff in O/P if run as user or root!)

https://danielmiessler.com/study/lsof/

sudo lsof -i -sTCP:LISTEN
[sudo] password for stevee:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
smbd 587 root 30u IPv6 14363 0t0 TCP *:microsoft-ds (LISTEN)
smbd 587 root 31u IPv6 14364 0t0 TCP *:netbios-ssn (LISTEN)
smbd 587 root 32u IPv4 14365 0t0 TCP *:microsoft-ds (LISTEN)
smbd 587 root 33u IPv4 14366 0t0 TCP *:netbios-ssn (LISTEN)
sshd 894 root 3u IPv4 12056 0t0 TCP *:ssh (LISTEN)
sshd 894 root 4u IPv6 12058 0t0 TCP *:ssh (LISTEN)
dnsmasq 1049 dnsmasq 5u IPv4 12809 0t0 TCP localhost:domain (LISTEN)
dnsmasq 1049 dnsmasq 7u IPv6 12811 0t0 TCP ip6-localhost:domain (LISTEN)
dnsmasq 1441 nobody 5u IPv4 14661 0t0 TCP Mint5630:domain (LISTEN)
inetd 1833 root 4u IPv4 14060 0t0 TCP *:ftp (LISTEN)
apache2 1904 root 4u IPv6 14994 0t0 TCP *:http (LISTEN)
apache2 1907 www-data 4u IPv6 14994 0t0 TCP *:http (LISTEN)
apache2 1908 www-data 4u IPv6 14994 0t0 TCP *:http (LISTEN)
cupsd 4037 root 10u IPv4 27876 0t0 TCP *:ipp (LISTEN)
cupsd 4037 root 11u IPv6 27877 0t0 TCP *:ipp (LISTEN)

lsof -i -sTCP:ESTABLISHED
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
chrome 3201 stevee 81u IPv4 87663 0t0 TCP 192.168.1.16:33365->ggc02.plus.net:https (ESTABLISHED)
chrome 3201 stevee 82u IPv4 88303 0t0 TCP 192.168.1.16:33366->ggc02.plus.net:https (ESTABLISHED)
chrome 3201 stevee 139u IPv4 18332 0t0 TCP 192.168.1.16:34323->wl-in-f188.1e100.net:5228 (ESTABLISHED)

lsof -i
lsof -i 6
lsof -i TCP
lsof -i UDP

lsof -i :22
lsof -i :443

lsof -i @192.168.1.16
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
chrome 3201 stevee 139u IPv4 18332 0t0 TCP 192.168.1.16:34323->wl-in-f188.1e100.net:5228 (ESTABLISHED)
chrome 3201 stevee 150u IPv4 52813 0t0 TCP 192.168.1.16:34265->ec2-107-21-98-35.compute-1.amazonaws.com:https (ESTABLISHED)
chrome 3201 stevee 264u IPv4 22091 0t0 UDP 192.168.1.16:38020->wi-in-f189.1e100.net:https

How many user ops?

lsof -u stevee | wc -l
5369

lsof -u www-data
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 1907 www-data cwd unknown /proc/1907/cwd (readlink: Permission denied)
apache2 1907 www-data rtd unknown /proc/1907/root (readlink: Permission denied)
apache2 1907 www-data txt unknown /proc/1907/exe (readlink: Permission denied)

sudo lsof -u www-data | wc -l
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
97

lsof -u ^stevee (all users bar me)

Kill everything a given user is doing - again - big O/P diff for user and root, and gives ans idea how busy apache is when not set up as a server.

It’s nice to be able to nuke everything being run by a given user.

# kill -9 `lsof -t -u daniel`

lsof -c apache2
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 1904 root cwd unknown /proc/1904/cwd (readlink: Permission denied)
apache2 1904 root rtd unknown /proc/1904/root (readlink: Permission denied)
apache2 1904 root txt unknown /proc/1904/exe (readlink: Permission denied)
apache2 1904 root NOFD /proc/1904/fd (opendir: Permission denied)
apache2 1907 www-data cwd unknown /proc/1907/cwd (readlink: Permission denied)
apache2 1907 www-data rtd unknown /proc/1907/root (readlink: Permission denied)
apache2 1907 www-data txt unknown /proc/1907/exe (readlink: Permission denied)
apache2 1907 www-data NOFD /proc/1907/fd (opendir: Permission denied)
apache2 1908 www-data cwd unknown /proc/1908/cwd (readlink: Permission denied)
apache2 1908 www-data rtd unknown /proc/1908/root (readlink: Permission denied)
apache2 1908 www-data txt unknown /proc/1908/exe (readlink: Permission denied)
apache2 1908 www-data NOFD /proc/1908/fd (opendir: Permission denied) 

sudo lsof -c apache2
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 1904 root cwd DIR 8,1 4096 2 /
apache2 1904 root rtd DIR 8,1 4096 2 /
apache2 1904 root txt REG 8,1 581380 274149 /usr/sbin/apache2
apache2 1904 root DEL REG 0,4 14095 /dev/zero
apache2 1904 root mem REG 8,1 99888 132098 /lib/i386-linux-gnu/libz.so.1.2.8
apache2 1904 root mem REG 8,1 46812 132010 /lib/i386-linux-gnu/libnss_files-2.19.so
apache2 1904 root mem REG 8,1 42668 132020 /lib/i386-linux-gnu/libnss_nis-2.19.so
apache2 1904 root mem REG 8,1 92036 132004 /lib/i386-linux-gnu/libnsl-2.19.so
apache2 1904 root mem REG 8,1 30560 132006 /lib/i386-linux-gnu/libnss_compat-2.19.so
apache2 1904 root mem REG 8,1 21864 273417 /usr/lib/apache2/modules/mod_status.so
apache2 1904 root mem REG 8,1 13672 274136 /usr/lib/apache2/modules/mod_setenvif.so
apache2 1904 root mem REG 8,1 30060 274141 /usr/lib/apache2/modules/mod_negotiation.so
apache2 1904 root mem REG 8,1 54636 274135 /usr/lib/apache2/modules/mod_mpm_event.so
apache2 1904 root mem REG 8,1 17764 273403 /usr/lib/apache2/modules/mod_mime.so
apache2 1904 root mem REG 8,1 17768 274123 /usr/lib/apache2/modules/mod_filter.so
apache2 1904 root mem REG 8,1 9572 273413 /usr/lib/apache2/modules/mod_env.so
apache2 1904 root mem REG 8,1 9572 273374 /usr/lib/apache2/modules/mod_dir.so
apache2 1904 root mem REG 8,1 30056 274127 /usr/lib/apache2/modules/mod_deflate.so
apache2 1904 root mem REG 8,1 34156 274143 /usr/lib/apache2/modules/mod_autoindex.so
apache2 1904 root mem REG 8,1 5484 274089 /usr/lib/apache2/modules/mod_authz_user.so
apache2 1904 root mem REG 8,1 9580 274109 /usr/lib/apache2/modules/mod_authz_host.so
apache2 1904 root mem REG 8,1 21868 274077 /usr/lib/apache2/modules/mod_authz_core.so
apache2 1904 root mem REG 8,1 9580 274142 /usr/lib/apache2/modules/mod_authn_file.so
apache2 1904 root mem REG 8,1 9580 274145 /usr/lib/apache2/modules/mod_authn_core.so
apache2 1904 root mem REG 8,1 13676 274125 /usr/lib/apache2/modules/mod_auth_basic.so
apache2 1904 root mem REG 8,1 13672 273407 /usr/lib/apache2/modules/mod_alias.so
apache2 1904 root mem REG 8,1 9584 273382 /usr/lib/apache2/modules/mod_access_compat.so
apache2 1904 root mem REG 8,1 13856 131951 /lib/i386-linux-gnu/libdl-2.19.so
apache2 1904 root mem REG 8,1 18036 135656 /lib/i386-linux-gnu/libuuid.so.1.3.0
apache2 1904 root mem REG 8,1 161156 131956 /lib/i386-linux-gnu/libexpat.so.1.6.0
apache2 1904 root mem REG 8,1 38456 131944 /lib/i386-linux-gnu/libcrypt-2.19.so
apache2 1904 root mem REG 8,1 1754876 131934 /lib/i386-linux-gnu/libc-2.19.so
apache2 1904 root mem REG 8,1 134614 132055 /lib/i386-linux-gnu/libpthread-2.19.so
apache2 1904 root mem REG 8,1 203148 401061 /usr/lib/i386-linux-gnu/libapr-1.so.0.5.1
apache2 1904 root mem REG 8,1 157960 401067 /usr/lib/i386-linux-gnu/libaprutil-1.so.0.5.3
apache2 1904 root mem REG 8,1 247196 131988 /lib/i386-linux-gnu/libpcre.so.3.13.1
apache2 1904 root mem REG 8,1 134380 131908 /lib/i386-linux-gnu/ld-2.19.so
apache2 1904 root 0r CHR 1,3 0t0 1046 /dev/null
apache2 1904 root 1w CHR 1,3 0t0 1046 /dev/null
apache2 1904 root 2w REG 8,1 1429 2103957 /var/log/apache2/error.log
apache2 1904 root 3u sock 0,7 0t0 14993 can't identify protocol
apache2 1904 root 4u IPv6 14994 0t0 TCP *:http (LISTEN)
apache2 1904 root 5r FIFO 0,8 0t0 14093 pipe
apache2 1904 root 6w FIFO 0,8 0t0 14093 pipe
apache2 1904 root 7w REG 8,1 0 2103959 /var/log/apache2/other_vhosts_access.log
apache2 1904 root 8w REG 8,1 161 2103958 /var/log/apache2/access.log
apache2 1907 www-data cwd DIR 8,1 4096 2 /
apache2 1907 www-data rtd DIR 8,1 4096 2 /
apache2 1907 www-data txt REG 8,1 581380 274149 /usr/sbin/apache2
apache2 1907 www-data mem REG 8,1 113588 131961 /lib/i386-linux-gnu/libgcc_s.so.1
apache2 1907 www-data DEL REG 0,4 14095 /dev/zero
apache2 1907 www-data mem REG 8,1 99888 132098 /lib/i386-linux-gnu/libz.so.1.2.8
apache2 1907 www-data mem REG 8,1 46812 132010 /lib/i386-linux-gnu/libnss_files-2.19.so
apache2 1907 www-data mem REG 8,1 42668 132020 /lib/i386-linux-gnu/libnss_nis-2.19.so
apache2 1907 www-data mem REG 8,1 92036 132004 /lib/i386-linux-gnu/libnsl-2.19.so
apache2 1907 www-data mem REG 8,1 30560 132006 /lib/i386-linux-gnu/libnss_compat-2.19.so
apache2 1907 www-data mem REG 8,1 21864 273417 /usr/lib/apache2/modules/mod_status.so
apache2 1907 www-data mem REG 8,1 13672 274136 /usr/lib/apache2/modules/mod_setenvif.so
apache2 1907 www-data mem REG 8,1 30060 274141 /usr/lib/apache2/modules/mod_negotiation.so
apache2 1907 www-data mem REG 8,1 54636 274135 /usr/lib/apache2/modules/mod_mpm_event.so
apache2 1907 www-data mem REG 8,1 17764 273403 /usr/lib/apache2/modules/mod_mime.so
apache2 1907 www-data mem REG 8,1 17768 274123 /usr/lib/apache2/modules/mod_filter.so
apache2 1907 www-data mem REG 8,1 9572 273413 /usr/lib/apache2/modules/mod_env.so
apache2 1907 www-data mem REG 8,1 9572 273374 /usr/lib/apache2/modules/mod_dir.so
apache2 1907 www-data mem REG 8,1 30056 274127 /usr/lib/apache2/modules/mod_deflate.so
apache2 1907 www-data mem REG 8,1 34156 274143 /usr/lib/apache2/modules/mod_autoindex.so
apache2 1907 www-data mem REG 8,1 5484 274089 /usr/lib/apache2/modules/mod_authz_user.so
apache2 1907 www-data mem REG 8,1 9580 274109 /usr/lib/apache2/modules/mod_authz_host.so
apache2 1907 www-data mem REG 8,1 21868 274077 /usr/lib/apache2/modules/mod_authz_core.so
apache2 1907 www-data mem REG 8,1 9580 274142 /usr/lib/apache2/modules/mod_authn_file.so
apache2 1907 www-data mem REG 8,1 9580 274145 /usr/lib/apache2/modules/mod_authn_core.so
apache2 1907 www-data mem REG 8,1 13676 274125 /usr/lib/apache2/modules/mod_auth_basic.so
apache2 1907 www-data mem REG 8,1 13672 273407 /usr/lib/apache2/modules/mod_alias.so
apache2 1907 www-data mem REG 8,1 9584 273382 /usr/lib/apache2/modules/mod_access_compat.so
apache2 1907 www-data mem REG 8,1 13856 131951 /lib/i386-linux-gnu/libdl-2.19.so
apache2 1907 www-data mem REG 8,1 18036 135656 /lib/i386-linux-gnu/libuuid.so.1.3.0
apache2 1907 www-data mem REG 8,1 161156 131956 /lib/i386-linux-gnu/libexpat.so.1.6.0
apache2 1907 www-data mem REG 8,1 38456 131944 /lib/i386-linux-gnu/libcrypt-2.19.so
apache2 1907 www-data mem REG 8,1 1754876 131934 /lib/i386-linux-gnu/libc-2.19.so
apache2 1907 www-data mem REG 8,1 134614 132055 /lib/i386-linux-gnu/libpthread-2.19.so
apache2 1907 www-data mem REG 8,1 203148 401061 /usr/lib/i386-linux-gnu/libapr-1.so.0.5.1
apache2 1907 www-data mem REG 8,1 157960 401067 /usr/lib/i386-linux-gnu/libaprutil-1.so.0.5.3
apache2 1907 www-data mem REG 8,1 247196 131988 /lib/i386-linux-gnu/libpcre.so.3.13.1
apache2 1907 www-data mem REG 8,1 134380 131908 /lib/i386-linux-gnu/ld-2.19.so
apache2 1907 www-data 0r CHR 1,3 0t0 1046 /dev/null
apache2 1907 www-data 1w CHR 1,3 0t0 1046 /dev/null
apache2 1907 www-data 2w REG 8,1 1429 2103957 /var/log/apache2/error.log
apache2 1907 www-data 3u sock 0,7 0t0 14993 can't identify protocol
apache2 1907 www-data 4u IPv6 14994 0t0 TCP *:http (LISTEN)
apache2 1907 www-data 5r FIFO 0,8 0t0 14093 pipe
apache2 1907 www-data 6w FIFO 0,8 0t0 14093 pipe
apache2 1907 www-data 7w REG 8,1 0 2103959 /var/log/apache2/other_vhosts_access.log
apache2 1907 www-data 8w REG 8,1 161 2103958 /var/log/apache2/access.log
apache2 1907 www-data 9u 0000 0,9 0 7813 anon_inode
apache2 1908 www-data cwd DIR 8,1 4096 2 /
apache2 1908 www-data rtd DIR 8,1 4096 2 /
apache2 1908 www-data txt REG 8,1 581380 274149 /usr/sbin/apache2
apache2 1908 www-data mem REG 8,1 113588 131961 /lib/i386-linux-gnu/libgcc_s.so.1
apache2 1908 www-data DEL REG 0,4 14095 /dev/zero
apache2 1908 www-data mem REG 8,1 99888 132098 /lib/i386-linux-gnu/libz.so.1.2.8
apache2 1908 www-data mem REG 8,1 46812 132010 /lib/i386-linux-gnu/libnss_files-2.19.so
apache2 1908 www-data mem REG 8,1 42668 132020 /lib/i386-linux-gnu/libnss_nis-2.19.so
apache2 1908 www-data mem REG 8,1 92036 132004 /lib/i386-linux-gnu/libnsl-2.19.so
apache2 1908 www-data mem REG 8,1 30560 132006 /lib/i386-linux-gnu/libnss_compat-2.19.so
apache2 1908 www-data mem REG 8,1 21864 273417 /usr/lib/apache2/modules/mod_status.so
apache2 1908 www-data mem REG 8,1 13672 274136 /usr/lib/apache2/modules/mod_setenvif.so
apache2 1908 www-data mem REG 8,1 30060 274141 /usr/lib/apache2/modules/mod_negotiation.so
apache2 1908 www-data mem REG 8,1 54636 274135 /usr/lib/apache2/modules/mod_mpm_event.so
apache2 1908 www-data mem REG 8,1 17764 273403 /usr/lib/apache2/modules/mod_mime.so
apache2 1908 www-data mem REG 8,1 17768 274123 /usr/lib/apache2/modules/mod_filter.so
apache2 1908 www-data mem REG 8,1 9572 273413 /usr/lib/apache2/modules/mod_env.so
apache2 1908 www-data mem REG 8,1 9572 273374 /usr/lib/apache2/modules/mod_dir.so
apache2 1908 www-data mem REG 8,1 30056 274127 /usr/lib/apache2/modules/mod_deflate.so
apache2 1908 www-data mem REG 8,1 34156 274143 /usr/lib/apache2/modules/mod_autoindex.so
apache2 1908 www-data mem REG 8,1 5484 274089 /usr/lib/apache2/modules/mod_authz_user.so
apache2 1908 www-data mem REG 8,1 9580 274109 /usr/lib/apache2/modules/mod_authz_host.so
apache2 1908 www-data mem REG 8,1 21868 274077 /usr/lib/apache2/modules/mod_authz_core.so
apache2 1908 www-data mem REG 8,1 9580 274142 /usr/lib/apache2/modules/mod_authn_file.so
apache2 1908 www-data mem REG 8,1 9580 274145 /usr/lib/apache2/modules/mod_authn_core.so
apache2 1908 www-data mem REG 8,1 13676 274125 /usr/lib/apache2/modules/mod_auth_basic.so
apache2 1908 www-data mem REG 8,1 13672 273407 /usr/lib/apache2/modules/mod_alias.so
apache2 1908 www-data mem REG 8,1 9584 273382 /usr/lib/apache2/modules/mod_access_compat.so
apache2 1908 www-data mem REG 8,1 13856 131951 /lib/i386-linux-gnu/libdl-2.19.so
apache2 1908 www-data mem REG 8,1 18036 135656 /lib/i386-linux-gnu/libuuid.so.1.3.0
apache2 1908 www-data mem REG 8,1 161156 131956 /lib/i386-linux-gnu/libexpat.so.1.6.0
apache2 1908 www-data mem REG 8,1 38456 131944 /lib/i386-linux-gnu/libcrypt-2.19.so
apache2 1908 www-data mem REG 8,1 1754876 131934 /lib/i386-linux-gnu/libc-2.19.so
apache2 1908 www-data mem REG 8,1 134614 132055 /lib/i386-linux-gnu/libpthread-2.19.so
apache2 1908 www-data mem REG 8,1 203148 401061 /usr/lib/i386-linux-gnu/libapr-1.so.0.5.1
apache2 1908 www-data mem REG 8,1 157960 401067 /usr/lib/i386-linux-gnu/libaprutil-1.so.0.5.3
apache2 1908 www-data mem REG 8,1 247196 131988 /lib/i386-linux-gnu/libpcre.so.3.13.1
apache2 1908 www-data mem REG 8,1 134380 131908 /lib/i386-linux-gnu/ld-2.19.so
apache2 1908 www-data 0r CHR 1,3 0t0 1046 /dev/null
apache2 1908 www-data 1w CHR 1,3 0t0 1046 /dev/null
apache2 1908 www-data 2w REG 8,1 1429 2103957 /var/log/apache2/error.log
apache2 1908 www-data 3u sock 0,7 0t0 14993 can't identify protocol
apache2 1908 www-data 4u IPv6 14994 0t0 TCP *:http (LISTEN)
apache2 1908 www-data 5r FIFO 0,8 0t0 14093 pipe
apache2 1908 www-data 6w FIFO 0,8 0t0 14093 pipe
apache2 1908 www-data 7w REG 8,1 0 2103959 /var/log/apache2/other_vhosts_access.log
apache2 1908 www-data 8w REG 8,1 161 2103958 /var/log/apache2/access.log
apache2 1908 www-data 9u 0000 0,9 0 7813 anon_inode

sudo lsof -t -c apache2
1904
1907
1908

 

Comments are closed.

Post Navigation