Today I came across ISOF command in one interview, the interviewer of this interview is a tricky guy and a great Linux/nix guru. He asked me many questions which I can’t answer, in that lsof command is one. This command really impressed me and this is one of the most powerful command I ever come across till this point in Linux in respect of monitoring. So I did some research on this command and come across numerous examples for making network/system admin work bit more simple and meaning full.

What is lsof command?

lsof is nothing but LiSt Open Files, which will show all the open files by

1) a process in system.

2) a user.

3) a command.

4) a network service.

5) a regular file.

6) a directory.

7) a block special file.

8) a character special file.

9) an executing text reference.

10) a library.

11) stream or

12) network file (Internet socket, NFS file or UNIX domain socket.).

Where we will use this lsof command?

In many situations such as when troubleshooting network related issues, file related issues and process related issue.

USAGE 1 : To see all the open files in system without filtering which lists all open files belonging to all          active processes.


USAGE 2 : Some times we will face an issue like, some service will not bind to a port and cannot start the service, this is due to some process already using that port(though the process died). So we have to see which process is using this port and kill that process. this will eliminate restarting the server. Suppose we want to start ftp server which will not starting due to above problem.

#lsof -i TCP:ftp

here -i is used to specify Internet

USAGE 3 : To see what files are opened when you execute a command

#lsof -c httpd

here -c is for specifying command.

USAGE 4 : To see which file opened for a device

#lsof /dev/hdc

USAGE 5 : To see which process or user is accessing the file.

#lsof -f filename


[[email protected] Script]# lsof -f passwd
vim 14122 root 4u REG 253,0 12288 234655 /etc/.passwd.swp
[[email protected] Script]#

USAGE 6: To monitor network, what people are doing with what network services

#watch lsof -i

Note: watch is an excellent command to repeat a command execution on a regular interval please have a look in to my other blog post about this watch command.

USAGE 7: To see all open INTERNET files

#lsof -i -U

USAGE 8: To see Ports either it’s TCP or UDP

#lsof -i TCP:22

For checking all the connection for ssh port

#lsof -i UDP:69

This is for tftp connections to the machine.

USAGE 9:To watch all the files accessing by a user in live..?

#watch lsof –u user-name

A good link for learning more about lsof command link1 some sister commands for this command are pstree, ps and netstat

NOTE : Some strange things I observed about this command is

1) Till this point I know that to use any commands options we have to use – but for this command there are both + and – options too.

2)In Linux every thing is considered as files even a network socket, hardware device for some examples.

Please comment your thoughts regarding this post:-). Please give us your feed back here