How to use Isof command on Linux

If everything in Linux is a file, you'll have more than just the file on your hard drive. This article will show you how to use the lsof command to see all other devices and processes processed as a file.

1. Basic Linux commands everyone needs to know
2. 7 commands to manipulate the most basic files and folders everyone must know
3. Search for files and directories in Linux using the command line interface

On Linux, everything is a file

Identifying everything on Linux is a fairly correct file. A file is a collection of bytes. When read in a program or sent to the printer, they create a byte stream. And when written, they accept a byte stream.

Many other system components accept or create byte streams such as keyboards, printers, and communication processes. Because they both accept and create byte streams, these devices can be processed as if they were a very low file.

The concept simplifies the deployment of Linux operating systems. That means a processor of tools, APIs can be created to handle a variety of different resources.

Data and program files on the hard drive are old system files. You can use the ls command to list and find information about them.

So how do we find all other processes and devices that are considered files? Let the lsof command handle that. This command will list open files on the system and anything processed as a file.

Lsof command

We need to use the sudo command with the lsof command because many processes or devices belong to root or are started by root.

The lsof command list is very long, so you should use the less command to shorten it.

 sudo lsof | less 

How to use Isof command on Linux Picture 1

When running lsoft command on GNOME, users will receive a warning in the terminal window.

 lsof: WARNING: can't stat () fuse.gvfsd-fuse file system / run / user / 1000 / gvfs 
 Kết quả thông tin có thể trongcomplete. 

Lsoft tries to handle all file systems. This warning appears because lsof encountered the GNOME Virtual file system (GVFS) system. This is a special case of the file system in user space (FUSE). It acts as a bridge between GNOME, API and kernel. No one, even root users, can access these file systems except the one who mounts it (in this case, GNOME). You can ignore this warning.

The output of lsof is very long and numerous. You can see the leftmost columns in the picture below:

How to use Isof command on Linux Picture 2

The far right column:

How to use Isof command on Linux Picture 3

Columns in lsof command

Here are the full columns of lsoft command. Open files may not be full of columns, some will be empty.

1. Command : The name of the command related to the file opening process.
2. PID: Process identification code of the file opening process.
3. TID : Task identification code (thread). If you see an empty column, it is not a task but a process.
4. User : ID or user name belongs to the process or user ID, login information of the owner of the directory in / proc which lsoft found information about the process.
5. FD : Displays the file description.
6. Type : Type of button associated with the file.
7. Device : Contains the number of devices separated by commas for a special character, special file, regular file, directory or NFS file, the kernel reference address determines the file. In addition, it displays the base address or device name of the Linux device AX.25 socket.
8. Size / Off : Displays the file size or distance to the beginning of the file (file offset) in bytes.
9. Node : Displays the number of nodes of the local file or the inode number of the NFS file in the host or Internet protocol type. It can display STR for a thread or inode number, IRQ for Linux device AX.25 socket.
10. Name : Displays the name of the mount point and the file system with the files on it.

Column FD

Section column FD can be made up of three components: file descriptor, node character and lock character. Some common file descriptions are:

1. cwd : Current working directory.
2. err : FD information error (see column NAME).
3. ltx : Shared library text (code and data).
4. m86 : DOS Merge mapping file.
5. mem : Memory mapping file.
6. mmap : Memory mapping device.
7. pd : Parent folder.
8. rtd : root directory.
9. txt : Program text (code and data).

Node character:

1. r : Read access.
2. w : Access recording.
3. u : Read and write access.
4. '' : A space character, if no mode is specified, there is no key character.
5. - : Unknown mode and has a lock character.

Key characters:

1. r : Lock read on part of the file.
2. R : Reading lock on the whole file.
3. w : Lock written on part of the file.
4. W : Record lock on the entire file.
5. u : Read and write keys of any length.
6. U : Unknown key type.
7. '' : A space character. No lock.

Column TYPE

More than 70 items may appear in the TYPE column. Some common items you will see are:

1. REG : Regular file system.
2. DIR : Folder.
3. FIFO : First In First Out.
4. CHR : Special character file.
5. BLK : File is specially blocked.
6. INET : Internet socket
7. unix : Socket UNIX domain name

View file opening processes

To see the process of opening a certain file, you need to provide the file name as a parameter for lsof. For example, to see the process of opening the kern.log file, use the following command:

 sudo lsof /var/log/kern.log 

How to use Isof command on Linux Picture 4

Lsof returns by displaying a single process, rsyslogd is started by the syslog user.

How to use Isof command on Linux Picture 5

View all files opened from the library

To see files opened from a library and the process of opening them, provide the directory name for lsof as a parameter. You must use the + D option.

To view all open files in / var / log directory / use the following command:

How to use Isof command on Linux Picture 6

lsof returns a list of all open files in that directory.

How to use Isof command on Linux Picture 7

To view all files opened from the / home directory, use the following command:

 sudo lsof + D / home 

How to use Isof command on Linux Picture 8

You will see all the files opened in the / home directory. With short descriptions in some columns, the entire list will be narrowed.

How to use Isof command on Linux Picture 9

List files that are opened by a specific process

To view files opened by a specific process, use the -c option. Note, you can provide multiple search terms for lsoft at the same time.

 sudo lsof -c ssh -c init 

How to use Isof command on Linux Picture 10

Lsoft provides a list of files opened by processes in the command line.

How to use Isof command on Linux Picture 11

View open user files

To limit the display of files opened by specific users, you should use the -u option. In this example, we will find the files opened by the process of ownership or launch instead of Mary users.

 sudo lsof -u mary 

How to use Isof command on Linux Picture 12

All files opened by Mary users will be listed. It includes files opened in the desktop environment or simply the result of Mary logging into the system.

How to use Isof command on Linux Picture 13

Exclude files opened by users

To exclude files opened by users, use the ^ operator to exclude users from the list. This will help you find information more easily. You must use the -u option and add the ^ character to the username.

 sudo lsof + D / home -u ^ mary 

How to use Isof command on Linux Picture 14

You will see a list of / home directories without any files opened by Mary users.

How to use Isof command on Linux Picture 15

List the file due to the open process according to the process ID

To list the file due to the open process, use the -p option and provide the process ID as the parameter.

 sudo lsof - p 4610 

How to use Isof command on Linux Picture 16

All files opened by the process ID you provide are listed in the image below.

How to use Isof command on Linux Picture 17

List file open process ID

To view the process ID for a specific file, use the -t option and provide the file name for the command line.

 sudo lsof -t /usr/share/mime/mime.cache 

How to use Isof command on Linux Picture 18

The process ID is displayed in a simple list.

How to use Isof command on Linux Picture 19

Use AND and OR search

As mentioned above, you can use multiple search terms in the command line. For example, to find files opened by Mary users and related to the SSH process use the following command:

 sudo lsof -u mary -c ssh 

How to use Isof command on Linux Picture 20

Below is the output of the above command, something is not right here because there are output items that start with root.

How to use Isof command on Linux Picture 21

When providing multiple lsoft search terms, it will return any file that matches the first, second, third search term, etc. In other words, it does an OR search.

To make lsoft perform an AND search, use the -a option. That means only files matching the first and second conditions are listed.

 sudo lsof -u mary -c ssh -a 

How to use Isof command on Linux Picture 22

Now, all files in the list are opened by or on behalf of Mary and are related to the SSH command.

How to use Isof command on Linux Picture 23

Automatically refresh results

We can use the + | -r option to put lsof into repeat mode. You can use the repeat option in two ways + r or -r . You need to add the number of seconds you want lsof to wait before refreshing the result.

Use the repeat option with one of the two formats that lsoft displays as normal, but it adds a broken line to the bottom of the screen. It will wait for the number of seconds you provided in the command line and then refresh the screen with a new set of results.

With the -r option it will continue to repeat the process, want to stop, press Ctrl + C With the + r format, it will continue until no results are displayed or press Ctrl + C

 sudo lsof -u mary -c ssh -a -r5 

How to use Isof command on Linux Picture 24

Note, the dashed line at the end of the data split list is displayed when the output is refreshed.

How to use Isof command on Linux Picture 25

Display files related to Internet connection.

The -i option allows you to view files opened by network related processes and the Internet.

 lsof -i 

How to use Isof command on Linux Picture 26

All files are opened due to internet connection and the network is displayed.

How to use Isof command on Linux Picture 27

Displays the file associated with the Internet connection by the process ID

To view files opened by a process related to an Internet connection using a specific process ID, add the -p option and -a option.

We will find the files related to the Internet connection or the network opened by the 606 process ID.

 sudo lsof -i -a -p 606 

How to use Isof command on Linux Picture 28

All files opened by the ID 606 process associated with the Internet and the network are displayed.

How to use Isof command on Linux Picture 29

Display files associated with commands and Internet connection

We can use the -c (command) option to search for files opened by specific processes. To find files opened with processes related to Internet connection or networks associated with the ssh process, use the following command:

 lsof -i -a -c ssh 

How to use Isof command on Linux Picture 30

All files are opened because the ssh process is listed.

How to use Isof command on Linux Picture 31

Display files related to Internet connection and ports

Lsoft can report files opened by Internet connection and network on specific port. To do that, use the character : following the port number.

Below lsoft lists the files opened by network connection or Internet using port 22.

 lsof -i: 22 

How to use Isof command on Linux Picture 32

All files are opened by the process related to port 22 (this is the default port for SSH connection).

How to use Isof command on Linux Picture 33

Display files related to Internet connection and protocol

You can request lsof to display the file opened by the process related to network and Internet connection, using specific protocol. You can choose from TCP, UDP and SMTP. Here we find the file using TCP protocol.

1. The difference between TCP and UDP protocols

 sudo lsof -i tcp 

How to use Isof command on Linux Picture 34

This is the output that is opened by processes using TCP protocol.

How to use Isof command on Linux Picture 35

Here are some ways to use lsoft command you can use to search files on Linux.

I wish you all success!