lsof command

3 분 소요

linux의 lsof 명령어는 열려 있는 파일과 해당하는 프로세스 목록을 보여줍니다.

기본 사용법

$> lsof
COMMAND     PID   TID   USER   FD      TYPE             DEVICE   SIZE/OFF       NODE NAME
chrome      687        geeksaga 15r      CHR                1,9        0t0         11 /dev/urandom
chrome      687        geeksaga 16r     FIFO               0,12        0t0  114907104 pipe
chrome      687        geeksaga 17w     FIFO               0,12        0t0  114907104 pipe
chrome      687        geeksaga 18u     unix 0x0000000000000000        0t0  114913656 type=STREAM
chrome      687        geeksaga 19u     unix 0x0000000000000000        0t0   66804623 type=SEQPACKET


  • 특정 포트를 사용하고 있는 프로세스 검색
$> lsof -i :8081
qemu-syst 3805 geeksaga 155u  IPv4 140089534      0t0  TCP localhost:33874->localhost:tproxy (ESTABLISHED)
node      3846 geeksaga  21u  IPv6 139672765      0t0  TCP *:tproxy (LISTEN)
node      3846 geeksaga  51u  IPv6 140096143      0t0  TCP localhost:tproxy->localhost:33916 (ESTABLISHED)


$> tldr lsof


  Lists open files and the corresponding processes.
  Note: Root privileges (or sudo) is required to list files opened by others.

  - Find the processes that have a given file open:
    lsof path/to/file

  - Find the process that opened a local internet port:
    lsof -i :port

  - Only output the process ID (PID):
    lsof -t path/to/file

  - List files opened by the given user:
    lsof -u username

  - List files opened by the given command or process:
    lsof -c process_or_command_name

  - List files opened by a specific process, given its PID:
    lsof -p PID

  - List open files in a directory:
    lsof +D path/to/directory

  - Find the process that is listening on a local TCP port:
    lsof -iTCP:port -sTCP:LISTEN


$> lsof --help
lsof 4.89
 latest revision:
 latest FAQ:
 latest man page:
 usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-E] [+|-e s] [+|-f[gG]]
 [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]
 [+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]
Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.
  -?|-h list help          -a AND selections (OR)     -b avoid kernel blocks
  -c c  cmd c ^c /c/[bix]  +c w  COMMAND width (9)    +d s  dir s files
  -d s  select by FD set   +D D  dir D tree *SLOW?*   +|-e s  exempt s *RISKY*
  -i select IPv[46] files  -K list tasKs (threads)    -l list UID numbers
  -n no host names         -N select NFS files        -o list file offset
  -O no overhead *RISKY*   -P no port names           -R list paRent PID
  -s list file size        -t terse listing           -T disable TCP/TPI info
  -U select Unix socket    -v list version info       -V verbose search
  +|-w  Warnings (+)       -X skip TCP&UDP* files     -Z Z  context [Z]
  -- end option scan     
  -E display endpoint info              +E display endpoint info and files
  +f|-f  +filesystem or -file names     +|-f[gG] flaGs 
  -F [f] select fields; -F? for help  
  +|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)
                                        +m [m] use|create mount supplement
  +|-M   portMap registration (-)       -o o   o 0t offset digits (8)
  -p s   exclude(^)|select PIDs         -S [t] t second stat timeout (15)
  -T qs TCP/TPI Q,St (s) info
  -g [s] exclude(^)|select and print process group IDs
  -i i   select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]
  +|-r [t[m<fmt>]] repeat every t seconds (15);  + until no files, - forever.
       An optional suffix to t is m<fmt>; m must separate t from <fmt> and
      <fmt> is an strftime(3) format for the marker line.
  -s p:s  exclude(^)|select protocol (p = TCP|UDP) states by name(s).
  -u s   exclude(^)|select login|UID set s
  -x [fl] cross over +d|+D File systems or symbolic Links
  names  select named files or files on named file systems
Anyone can list all files; /dev warnings disabled; kernel ID check disabled.