List all open files with lsof

The lsof command stands for “list open files”. It can show all open files as well as sockets, memory mapped libraries, directories, pipes, and network sockets. It is an incredibly powerful tool which you can use to gather detailed information about what is happening on your system.

If you run lsof as a normal user you will be limited to only the the processes owned by that user. To get system wide results you must run the command as root or use sudo.

Running the command by itself will show information for all active process on the system.

# lsof

COMMAND    PID   USER   FD      TYPE             DEVICE     SIZE       NODE NAME
lsof    7289 root  cwd    DIR    8,3    4096  6504451 /home/ryan
lsof    7289 root  rtd    DIR    8,3    4096        2 /
lsof    7289 root  txt    REG    8,3  110280 11178207 /usr/bin/lsof
lsof    7289 root  mem    REG    8,3  114952 11504968 /lib64/ld-2.6.1.so
lsof    7289 root  mem    REG    8,3 1293456 11504986 /lib64/libc-2.6.1.so
lsof    7289 root    0u   CHR  136,1                3 /dev/pts/1
lsof    7289 root    1u   CHR  136,1                3 /dev/pts/1
lsof    7289 root    2u   CHR  136,1                3 /dev/pts/1
lsof    7289 root    3r   DIR    0,3       0        1 /proc
lsof    7289 root    4r   DIR    0,3       0    19745 /proc/7289/fd
lsof    7289 root    5w  FIFO    0,5            19759 pipe
lsof    7289 root    6r  FIFO    0,5            19760 pipe
lsof    7290 root  cwd    DIR    8,3    4096  6504451 /home/ryan
lsof    7290 root  rtd    DIR    8,3    4096        2 /
lsof    7290 root  txt    REG    8,3  110280 11178207 /usr/bin/lsof
lsof    7290 root  mem    REG    8,3  114952 11504968 /lib64/ld-2.6.1.so
lsof    7290 root  mem    REG    8,3 1293456 11504986 /lib64/libc-2.6.1.so
lsof    7290 root    4r  FIFO    0,5            19759 pipe
lsof    7290 root    7w  FIFO    0,5            19760 pipe
...

As you can see in the previous output each open file is associated with its program and PID and has many attributes such as type, size, file descriptor, device, and inode number.

You can narrow the results down to an individual process.

# lsof -p 12345

You can get results for every process that is owned by a specific user.

# lsof -u ryan

This will give you detailed information about all network socket connections.

# lsof -i

You can narrow the results down to only TCP connections.

# lsof -i TCP

You can get information on a specific port.

# lsof -i :80

You can get information about all instances of a specific program

# lsof -c bash

This will show all files that are open within the ‘/tmp’ directory.

# lsof +D /tmp

To get even more detailed output you can pipe these results to grep or use the ‘-a‘ option which combines any number of options.

For example you can view all network socket connections that are owned by the user ryan.

# lsof -a -i TCP -u ryan

Download digital camera photos with gphoto2

Allow sudo access without passwords in Ubuntu

Disable ext3 boot-time check with tune2fs

Fix blue tinted video in Ubuntu

Setup SSH access between VirtualBox Host and Guest VMs

Install GNOME Shell in Ubuntu 10.10 Maverick

Setup the PS3 Bluetooth Controller on Ubuntu

How to correctly use LD_LIBRARY_PATH

List all open files with lsof

Related Posts