查看一个文件正在被哪个进程使用
[root@sre01 ~]# lsof /var/log/messages
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
abrt-watc 954 root 4r REG 253,0 7591 34736172 /var/log/messages
rsyslogd 1511 root 7w REG 253,0 7591 34736172 /var/log/messages查看一个终端启动了哪些进程
[root@sre01 ~]# lsof /dev/pts/0
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash 20321 root 0u CHR 136,0 0t0 3 /dev/pts/0
bash 20321 root 1u CHR 136,0 0t0 3 /dev/pts/0
bash 20321 root 2u CHR 136,0 0t0 3 /dev/pts/0
bash 20321 root 255u CHR 136,0 0t0 3 /dev/pts/0
lsof 20376 root 0u CHR 136,0 0t0 3 /dev/pts/0
lsof 20376 root 1u CHR 136,0 0t0 3 /dev/pts/0
lsof 20376 root 2u CHR 136,0 0t0 3 /dev/pts/0
-p查看指定PID的进程打开的文件
[root@sre01 ~]# lsof -p 951
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
vmtoolsd 951 root cwd DIR 253,0 265 64 /
vmtoolsd 951 root rtd DIR 253,0 265 64 /
vmtoolsd 951 root txt REG 253,0 61368 101591511 /usr/bin/vmtoolsd
vmtoolsd 951 root mem REG 253,0 36712 102733708 /usr/lib64/open-vm-tools/plugins/vmsvc/libvmbackup.so
-c查看指定进程打开的文件
[root@sre01 ~]# lsof -c crond
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
crond 1518 root cwd DIR 253,0 265 64 /
crond 1518 root rtd DIR 253,0 265 64 /
crond 1518 root txt REG 253,0 70128 17974 /usr/sbin/crond
crond 1518 root mem REG 253,0 61560 65582 /usr/lib64/libnss_files-2.17.so
crond 1518 root mem REG 253,0 106176928 100887827 /usr/lib/locale/locale-archive
crond 1518 root mem REG 253,0 142144 66944 /usr/lib64/libpthread-2.17.so
crond 1518 root mem REG 253,0 23968 97275 /usr/lib64/libcap-ng.so.0.0.0
crond 1518 root mem REG 253,0 402384 78299 /usr/lib64/libpcre.so.1.2.0
crond 1518 root mem REG 253,0 2156592 65564 /usr/lib64/libc-2.17.so
crond 1518 root mem REG 253,0 127184 97279 /usr/lib64/libaudit.so.1.0.0
crond 1518 root mem REG 253,0 19248 65570 /usr/lib64/libdl-2.17.so
crond 1518 root mem REG 253,0 61680 15223 /usr/lib64/libpam.so.0.83.1
crond 1518 root mem REG 253,0 155744 66967 /usr/lib64/libselinux.so.1
crond 1518 root mem REG 253,0 163312 65557 /usr/lib64/ld-2.17.so
crond 1518 root 0r CHR 1,3 0t0 6513 /dev/null
-u查看指定用户打开的文件
[root@sre01 ~]# lsof -u root
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root cwd DIR 253,0 265 64 /
systemd 1 root rtd DIR 253,0 265 64 /
systemd 1 root txt REG 253,0 1632960 33622659 /usr/lib/systemd/systemd
systemd 1 root mem REG 253,0 20064 78255 /usr/lib64/libuuid.so.1.3.0
systemd 1 root mem REG 253,0 265576 15240 /usr/lib64/libblkid.so.1.1.
0
systemd 1 root mem REG 253,0 90160 78241 /usr/lib64/libz.so.1.2.7
systemd 1 root mem REG 253,0 157440 78243 /usr/lib64/liblzma.so.5.2.2
systemd 1 root mem REG 253,0 23968 97275 /usr/lib64/libcap-ng.so.0.0
.0
systemd 1 root mem REG 253,0 19896 97243 /usr/lib64/libattr.so.1.1.0
systemd 1 root mem REG 253,0 19248 65570 /usr/lib64/libdl-2.17.so
systemd 1 root mem REG 253,0 402384 78299 /usr/lib64/libpcre.so.1.2.0
systemd 1 root mem REG 253,0 2156592 65564 /usr/lib64/libc-2.17.so
systemd 1 root mem REG 253,0 142144 66944 /usr/lib64/libpthread-2.17.
so
-i查看指定ip或端口打开的文件
[root@sre01 ~]# lsof -i -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1508 root 3u IPv4 23720 0t0 TCP *:ssh (LISTEN)
sshd 1508 root 4u IPv6 23838 0t0 TCP *:ssh (LISTEN)
master 1689 root 13u IPv4 24764 0t0 TCP 127.0.0.1:smtp (LISTEN)
master 1689 root 14u IPv6 24765 0t0 TCP [::1]:smtp (LISTEN)
sshd 20317 root 3u IPv4 180689 0t0 TCP 172.16.0.50:ssh->172.16.0.1:63751 (ESTABLISHED)
[root@sre01 ~]# lsof -i@127.0.0.1
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
master 1689 root 13u IPv4 24764 0t0 TCP localhost:smtp (LISTEN)
[root@sre01 ~]# lsof -i:22 -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1508 root 3u IPv4 23720 0t0 TCP *:ssh (LISTEN)
sshd 1508 root 4u IPv6 23838 0t0 TCP *:ssh (LISTEN)
sshd 20317 root 3u IPv4 180689 0t0 TCP 172.16.0.50:ssh->172.16.0.1:63751 (ESTABLISHED)
查看指定进程打开的网络连接
[root@sre01 ~]# lsof -i -n -a -p 20317
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 20317 root 3u IPv4 180689 0t0 TCP 172.16.0.50:ssh->172.16.0.1:63751 (ESTABLISHED)
查看制定状态的连接
[root@sre01 ~]# lsof -n -P -i TCP -s TCP:ESTABLISHED
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 20317 root 3u IPv4 180689 0t0 TCP 172.16.0.50:22->172.16.0.1:63751 (ESTABLISHED)
[root@sre01 ~]#
-n:no host names, -P:no port names,-i TCP指定协议,-s指定协议状态通过多个参数可以清晰的查看网络连接情况、协议连接情况等
