Using lsof to Find Open Files

"One of the most useful utilities you'll find on Linux and *nix systems is lsof. Short for "list open files," the lsof utility can help identify which files are being used by any given application, which network ports are open, and much more.

"The lsof utility has all manner of useful applications. My first serious application of lsof was hunting down rootkits and IRC bots that were deployed on shared Linux servers. A process would show up in top or ps aux, but the executable didn't seem to exist. Using lsof, I could hunt down the scripts or executables used to run the malware.

"You can do a lot with lsof, but let's focus on a couple of basics for starters. If you run just lsof, it will attempt to show all files (which includes network sockets, pipes and special files) that are open."

Complete Story

Related Stories:

• Linux: Find Out Which Process Is Listening Upon a Port(Nov 01, 2010)
• Socket Statistics on Linux(Oct 06, 2010)
• Device Or Resource Busy Errors In Linux(Mar 05, 2010)
• Names Pipes... or how to get two separate applications to interact(Jun 30, 2009)
• Recovering Deleted Files With lsof(Jun 01, 2009)
• lsof, sockets and trojans(Apr 30, 2009)
• lsof Seeks All Open Files(Apr 08, 2009)