Find open files with lsof

Filed under
HowTos

For a heavy-duty investigative or forensics tool, look no further than lsof. It comes bundled with pretty much every Linux distribution, and it's an indispensable program. The name of the tool stands for "list open files," and that's exactly what it does, with an amazing amount of detail.

For instance, on a Web server that sends e-mail, has a POP3 and IMAP server, and has MySQL, mailman, etc., executing lsof provides more than 6,200 lines of data. Now, "open files" is a bit of a misnomer as lsof will also display open TCP ports, open UDP ports, open sockets, and so forth. For instance, you could display listening TCP connections and their programs by using the netstat command.

Full Story.