<< lsof의 주요사용 예제와 결과 >>
* 특정 파일을 억세스하고 있는 프로세스 확인 : lsof <path/file-name> [root@krcmc1:/] lsof /etc/passwd
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
pwgrd 2073 root 11r REG 64,0x3 1297 767 /etc/passwd
* internet socket 확인 : lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
telnetd 752 root 0u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
telnetd 752 root 1u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
telnetd 752 root 2u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
syslogd 852 root 6u inet 0x4ce7d340 0t0 UDP *:syslog (Idle)
x25snmpwa 1254 root 0u inet 0x4c775640 0t0 UDP *:49233 (Idle)
named 1313 root 6u inet 0x4c775ac0 0t0 UDP *:49153 (Idle)
named 1313 root 7u inet 0x4c775c40 0t0 UDP richie.wipro.tcpn.com:domain (Idle)
named 1313 root 8u inet 0x4c775dc0 0t0 TCP richie.wipro.tcpn.com:domain (LISTEN)
* 특정 호스트(또는 ip)에 대한 접속 확인
[root@krcmc1:/] lsof -i@192.168.1.2
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
named 1313 root 9u inet 0x4ed69080 0t0 UDP 192.168.1.2:domain (Idle)
named 1313 root 10u inet 0x4ed69200 0t0 TCP 192.168.1.2:domain (LISTEN)
xntpd 1975 root 6u inet 0x4f18b500 0t0 UDP 192.168.1.2:ntp (Idle)
- 특정 포트로 접속한 리스트 확인
[root@krcmc1:/] lsof -i@krcmc1:23
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
telnetd 752 root 0u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
telnetd 752 root 1u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
telnetd 752 root 2u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
* 특정 user가 오픈한 프로세스를 확인 : lsof -u <loginname> 혹은 lsof -u <UID>
[root@krcmc1:/] lsof -u root
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
swapper 0 root cwd DIR 64,0x3 98304 2 /
swapper 0 root mem REG 64,0x3 163840 44631 / (/dev/vg00/lvol3)
* 특정 프로세스가 오픈한 파일 리스트 확인 : lsof -p <PID> lsof -p 1
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
init 1 root cwd DIR 64,0x3 98304 2 /
init 1 root txt REG 64,0x3 307200 101217 / (/dev/vg00/lvol3)
init 1 root 0u REG 64,0x3 1560 324 / (/dev/vg00/lvol3)
init 1 root 1u REG 64,0x3 22260 325 / (/dev/vg00/lvol3)
* 특정 파일을 억세스하고 있는 프로세스 확인 : lsof <path/file-name> [root@krcmc1:/] lsof /etc/passwd
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
pwgrd 2073 root 11r REG 64,0x3 1297 767 /etc/passwd
* internet socket 확인 : lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
telnetd 752 root 0u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
telnetd 752 root 1u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
telnetd 752 root 2u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
syslogd 852 root 6u inet 0x4ce7d340 0t0 UDP *:syslog (Idle)
x25snmpwa 1254 root 0u inet 0x4c775640 0t0 UDP *:49233 (Idle)
named 1313 root 6u inet 0x4c775ac0 0t0 UDP *:49153 (Idle)
named 1313 root 7u inet 0x4c775c40 0t0 UDP richie.wipro.tcpn.com:domain (Idle)
named 1313 root 8u inet 0x4c775dc0 0t0 TCP richie.wipro.tcpn.com:domain (LISTEN)
* 특정 호스트(또는 ip)에 대한 접속 확인
[root@krcmc1:/] lsof -i@192.168.1.2
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
named 1313 root 9u inet 0x4ed69080 0t0 UDP 192.168.1.2:domain (Idle)
named 1313 root 10u inet 0x4ed69200 0t0 TCP 192.168.1.2:domain (LISTEN)
xntpd 1975 root 6u inet 0x4f18b500 0t0 UDP 192.168.1.2:ntp (Idle)
- 특정 포트로 접속한 리스트 확인
[root@krcmc1:/] lsof -i@krcmc1:23
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
telnetd 752 root 0u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
telnetd 752 root 1u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
telnetd 752 root 2u inet 0x5383f540 0t0 TCP krcmc1.kor.hp.com:telnet->16.151.73.48:3627 (ESTABLISHED)
* 특정 user가 오픈한 프로세스를 확인 : lsof -u <loginname> 혹은 lsof -u <UID>
[root@krcmc1:/] lsof -u root
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
swapper 0 root cwd DIR 64,0x3 98304 2 /
swapper 0 root mem REG 64,0x3 163840 44631 / (/dev/vg00/lvol3)
* 특정 프로세스가 오픈한 파일 리스트 확인 : lsof -p <PID> lsof -p 1
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
init 1 root cwd DIR 64,0x3 98304 2 /
init 1 root txt REG 64,0x3 307200 101217 / (/dev/vg00/lvol3)
init 1 root 0u REG 64,0x3 1560 324 / (/dev/vg00/lvol3)
init 1 root 1u REG 64,0x3 22260 325 / (/dev/vg00/lvol3)