lsof

lsof is a command meaning 'list open files', which is used in many Unix-like systems to report a list of all open files and the processes that opened them.^[1]

Open files in the system include disk files, pipes, network sockets and devices opened by all processes. One use for this command is when a disk cannot be unmounted because (unspecified) files are in use. The listing of open files can be consulted (suitably filtered if necessary) to identify the process that is using the files.^[1]

Project Homepage [EN]
- Repository

lsof [EN] @ Fedora Package
lsof [EN] @ Homebrew Formula

lsof [EN] @ Wikipedia
lsof [DE] @ Wikipedia

Documentation

man 8 'lsof' [EN]

Syntax

lsof [PARAMETER ...] [NAMES]

Parameters

-a: This option causes list selection options to be ANDed.
-c COMMAND: This option selects the listing of files for processes executing the command that begins with the characters of COMMAND. Multiple commands may be specified, using multiple -c options. If COMMAND begins with a ^, then the following characters specify a command name whose processes are to be ignored. If COMMAND begins and ends with a slash (/), the characters between the slashes are interpreted as a regular expression.
-i [46][TCP|UDP][@HOSTNAME|HOSTADDRESS][:SERVICE|PORT]: This option selects the listing of files any of whose Internet address matches the address specified. If no address is specified, this option selects the listing of all Internet and x.25 (HP-UX) network files.
-l: This option inhibits the conversion of user ID numbers to login names. It is also useful when login name lookup is working improperly or slowly.
-n: This option inhibits the conversion of network numbers to host names for network files. Inhibiting conversion may make lsof run faster. It is also useful when host name lookup is not working properly.

-P: This option inhibits the conversion of port numbers to port names for network files. Inhibiting the conversion may make lsof run a little faster. It is also useful when port name lookup is not working properly.
-s [PROTOCOL:STATE]: -s alone directs lsof to display file size at all times. It causes the SIZE/OFF output column title to be changed to SIZE. If the file does not have a size, nothing is displayed.; When followed by a protocol name (PROTOCOL), either TCP or UDP, a colon (:) and a comma-separated protocol state name list, the option causes open TCP and UDP files to be excluded if their state name(s) are in the list (STATE) preceded by a ^; or included if their name(s) are not preceded by a ^.
-u USER: This option selects the listing of files for the user whose login names or user ID numbers are in the comma-separated set USER e.g. alex or alex,1001. (There should be no spaces in the set.) If a login name or user ID is preceded by a ^, it becomes a negation.

Examples

Show all processes using the CD-ROM drive

lsof -l '/media/cdrom'

Show all listening TCP ports

lsof -i 'TCP' -n -P -s 'TCP:LISTEN'

Show all established TCP connections

lsof -i 'TCP' -n -P -s 'TCP:ESTABLISHED'

Show all open TCP 80 & 443 ports

lsof -i 'TCP:80,443' -n -P

Show all ports opened by dnsmasq

lsof -a -c 'dnsmasq' -i -n -P

Show all ports opened by the Ubiquiti UniFi Controller

lsof -a -c 'java' -i -n -P -u 'ubnt'

References

↑ ^1.0 ^1.1 https://en.wikipedia.org/wiki/Lsof

[wikipedia-1] 1.0 ^1.1 https://en.wikipedia.org/wiki/Lsof

[1]