Homo-Adminus Blog

One of the main tasks of any administrator is to create stable environment for different sorts of businesses. Big part of this task is troubleshooting. There are many different tools in UNIX for system monitoring, but, at my mind, one of the most useful tools is lsof- one of the least-talked-about tools in a UNIX sysadmin’s toolkit. Lsof lists information about files opened by processes. But that’s really an understatement.

Most people forget that, in UNIX, (almost) everything is a file. The OS makes hardware available to applications by way of files in /dev. Kernel, system, memory, device etc. information in made available inside files in /proc. TCP/UDP sockets are sometimes represented internally as files. Even directories are really just files containing other filenames.

Lsof works by examining kernel data-structures and provides a variety of information related to files, pipes, sockets and more.

A few days ago, Mohit Muthanna posted awesome article about lsof tool in his 0xFE blog. Honestly speaking, I was going to write an article about lsof tool, but when I came across this article, I have decided to not try to make better explanation because it is impossible! Let me say thanks to Mohit for such detailed article.