lsof

lsof [options] [files]

lsof (List Open Files) is a diagnostic tool that reports all files currently opened by running processes. In Unix-like systems, the concept of a "file" extends well beyond regular files on disk -- it includes network sockets, Unix domain sockets, pipes, device files, and directories. Each open file is represented internally by a file descriptor, and lsof maps these descriptors back to the processes that hold them.This makes lsof an essential troubleshooting tool for a wide range of scenarios. It can identify which process is listening on a specific TCP/UDP port (`-i :port`), find processes preventing a filesystem from being unmounted (`+D /mount`), or reveal network connections established by a particular program. The output includes the process name, PID, user, file descriptor number, file type, and the file path or network address, providing a comprehensive view of how processes interact with system resources.

FILES

Specific files to check.

Files opened by user.

Files opened by process.

Network connections.

Files in directory.

Files opened by processes whose command name starts with COMMAND.

Inhibit conversion of network numbers to host names (faster).

Inhibit conversion of port numbers to service names.

Terse output: list PIDs only (useful for piping to kill).

Field-formatted output for machine parsing (e.g., -Fpcu for PID, command, user).

Repeat mode: re-list every seconds (default 15) until interrupted.

Show only files with link count less than 1 (i.e. unlinked but still open — useful for finding "deleted but open" files filling a disk).

Display help information.

Without root, lsof only sees files opened by your own processes. Output can be very long; combine with -c, -u, or -i to filter. +D descends recursively and may be slow on large trees — prefer +d for non-recursive listing.

lsof was created by Vic Abell in 1988 and has become a standard Unix diagnostic tool.

fuser(1), netstat(8), ss(8), ps(1)