lsof命令详解

作者: | 更新日期:

lsof在linux中是一个很重要的命令,这里简单记录一下.

本文首发于公众号:天空的代码世界,微信号:tiankonguse

lsof全名list open files,含义为显示打开的文件列表.
我们都是知道,在linux的世界里,所有的事物都是文件, 对事物的操作就是对文件的操作.
比如设备是文件,目录是文件,socket是文件.我们通过lsof命令可以得到很多有用的信息.

  1. tiankonguse:~ $ lsof -i -n
  2. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  3. ssh 3860 tiankonguse 3u IPv4 277226 0t0 TCP 192.168.31.137:55470->52.175.36.207:ssh (ESTABLISHED)
  4. ssh 3860 tiankonguse 4u IPv6 277256 0t0 TCP [::1]:7070 (LISTEN)
  5. ssh 3860 tiankonguse 5u IPv4 277257 0t0 TCP 127.0.0.1:7070 (LISTEN)
  6. ssh 3860 tiankonguse 9u IPv4 392596 0t0 TCP 127.0.0.1:7070->127.0.0.1:47308 (CLOSE_WAIT)
  7. ssh 3860 tiankonguse 10u IPv4 425556 0t0 TCP 127.0.0.1:7070->127.0.0.1:47424 (ESTABLISHED)
  8. ssh 3860 tiankonguse 11u IPv4 474716 0t0 TCP 127.0.0.1:7070->127.0.0.1:47436 (ESTABLISHED)
  9. chrome 31615 tiankonguse 102u IPv4 474141 0t0 TCP 192.168.31.137:54857->220.181.76.72:http (CLOSE_WAIT)
  10. chrome 31615 tiankonguse 103u IPv4 424629 0t0 TCP 127.0.0.1:47424->127.0.0.1:7070 (ESTABLISHED)
  11. chrome 31615 tiankonguse 104u IPv4 432692 0t0 TCP 192.168.31.137:36335->203.208.50.175:https (ESTABLISHED)
  12. chrome 31615 tiankonguse 106u IPv4 476207 0t0 TCP 127.0.0.1:47436->127.0.0.1:7070 (ESTABLISHED)
  13. chrome 31615 tiankonguse 111u IPv4 273013 0t0 UDP *:mdns

lsof默认显示字段有COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME.

含义如下:

  • COMMAND 程序命令,默认以9个字符长度显示的命令名称。可使用+c参数指定显示的宽度,若+c后跟的参数为零,则显示命令的全名
  • PID 进程id
  • PPID 父进程的IP号,默认不显示,当使用-R参数可打开。
  • PGID 进程组的ID编号,默认也不会显示,当使用-g参数时可打开。
  • USER 命令的执行UID或系统中登陆的用户名称。默认显示为用户名,当使用-l参数时,可显示UID。
  • FD 文件描述符
  • TYPE IPv4的包,IPv6包,DIR 目录,LINK 链接文件等
  • DEVICE 使用character specialblock special表示的设备号
  • SIZE/OFF 文件的大小,如果不能用大小表示的,会留空。使用-s参数控制。
  • NODE 本地文件的node码,或者协议,如TCP等
  • NAME 挂载点和文件的全路径(链接会被解析为实际路径),或者连接双方的地址和端口、状态等
  1. tiankonguse:~ $ lsof -i :80
  2. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  3. chrome 31615 tiankonguse 102u IPv4 537284 0t0 TCP 192.168.31.137:41976->117.79.92.146:http (CLOSE_WAIT)
  4. chrome 31615 tiankonguse 104u IPv4 539670 0t0 TCP 192.168.31.137:34899->151.101.16.133:http (ESTABLISHED)
  5. chrome 31615 tiankonguse 105u IPv4 539781 0t0 TCP 192.168.31.137:60814->93-46-8-89.ip105.fastwebnet.it:http (SYN_SENT)
  6. chrome 31615 tiankonguse 118u IPv4 537818 0t0 TCP 192.168.31.137:34900->151.101.16.133:http (ESTABLISHED)
  7. chrome 31615 tiankonguse 122u IPv4 537900 0t0 TCP 192.168.31.137:60815->93-46-8-89.ip105.fastwebnet.it:http (SYN_SENT)
  8. chrome 31615 tiankonguse 124u IPv4 538905 0t0 TCP 192.168.31.137:41978->117.79.92.146:http (CLOSE_WAIT)
  9. chrome 31615 tiankonguse 128u IPv4 538906 0t0 TCP 192.168.31.137:41979->117.79.92.146:http (CLOSE_WAIT)
  10. chrome 31615 tiankonguse 155u IPv4 539020 0t0 TCP 192.168.31.137:34901->151.101.16.133:http (ESTABLISHED)
  11. chrome 31615 tiankonguse 170u IPv4 539036 0t0 TCP 192.168.31.137:58368->220.181.7.190:http (CLOSE_WAIT)
  12. chrome 31615 tiankonguse 174u IPv4 539021 0t0 TCP 192.168.31.137:34902->151.101.16.133:http (ESTABLISHED)
  13. chrome 31615 tiankonguse 183u IPv4 539022 0t0 TCP 192.168.31.137:34903->151.101.16.133:http (ESTABLISHED)
  14. chrome 31615 tiankonguse 184u IPv4 539023 0t0 TCP 192.168.31.137:34904->151.101.16.133:http (ESTABLISHED)
  1. tiankonguse:~ $ lsof -c chrome | more
  2. lsof: WARNING: can't stat() ext4 file system /var/lib/docker/aufs
  3. Output information may be incomplete.
  4. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  5. chrome 1880 tiankonguse cwd DIR 0,3 0 24098 /proc/31953/fdinfo
  6. chrome 1880 tiankonguse rtd DIR 0,3 0 24098 /proc/31953/fdinfo
  7. chrome 1880 tiankonguse txt REG 8,2 99609936 24248328 /opt/google/chrome/chrome
  8. chrome 1880 tiankonguse DEL REG 0,21 52587 /run/shm/.com.google.Chrome.SE37st
  1. tiankonguse:~ $ lsof -p 2127
  2. lsof: WARNING: can't stat() ext4 file system /var/lib/docker/aufs
  3. Output information may be incomplete.
  4. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  5. apache2 2127 root cwd unknown /proc/2127/cwd (readlink: Permission denied)
  6. apache2 2127 root rtd unknown /proc/2127/root (readlink: Permission denied)
  7. apache2 2127 root txt unknown /proc/2127/exe (readlink: Permission denied)
  8. apache2 2127 root NOFD /proc/2127/fd (opendir: Permission denied)
  1. tiankonguse:~ $ lsof -g 2127
  2. lsof: WARNING: can't stat() ext4 file system /var/lib/docker/aufs
  3. Output information may be incomplete.
  4. COMMAND PID PGID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  5. apache2 2127 2127 root cwd unknown /proc/2127/cwd (readlink: Permission denied)
  6. apache2 2127 2127 root rtd unknown /proc/2127/root (readlink: Permission denied)
  7. apache2 2127 2127 root txt unknown /proc/2127/exe (readlink: Permission denied)
  8. apache2 2127 2127 root NOFD /proc/2127/fd (opendir: Permission denied)
  9. apache2 2156 2127 www-data cwd unknown /proc/2156/cwd (readlink: Permission denied)
  10. apache2 2156 2127 www-data rtd unknown /proc/2156/root (readlink: Permission denied)
  11. apache2 2156 2127 www-data txt unknown /proc/2156/exe (readlink: Permission denied)
  12. ...
  1. lsof +D /home/

grep搜索, 如找到那些被删除但是没释放的文件.

  1. lsof | grep xxx

本文首发于公众号:天空的代码世界,微信号:tiankonguse
如果你想留言,可以在微信里面关注公众号进行留言。

关注公众号,接收最新消息

tiankonguse +
穿越