Search

System observations using terminal utilities: lsof and lsblk

Share it

Exploration of System Obervations through Terminal Applications: lsof and lsblk

Delving into the realm of Linux system insights involves examining crucial command-line utilities that offer a glimpse into the hardware and status of the system. Building upon discussions surrounding tools like lscpu, lsusb, dmidecode, and lspci, we now shift our focus towards lsof and lsblk. These utilities prove to be invaluable for scrutinizing open files, active network connections, and mounted block devices within your Fedora Linux environment.

Unveiling Open File Information with lsof

lsof (list open files) emerges as a robust command-line instrument. Given that Linux treats almost everything as a file, lsof offers intricate insights across various system components by enumerating utilized files, the processes accessing them, and even open network ports.

Basic Functions

An initial step involves executing the fundamental lsof command to gain an overview of the system’s open files:

$ sudo lsof

The use of sudo is imperative for extended privileges, enabling the retrieval of data on files not accessed by processes initiated by your user. The command generates an abundance of information, which can be overwhelming. Subsequently, we aim to pinpoint specific details regarding common use cases through the following samples.

Sample 1: Locating Open Files by User or Process

For identifying files open by a specific user or process, lsof proves to be a valuable ally.

To exhibit all files accessed by a designated user:

$ sudo lsof -u <username>

Executing the above command presents a list of open files owned by the specified user. For instance:

$ sudo lsof -u johndoe

This reveals particulars such as the Process ID (PID), file descriptor, file type, and path.

To filter by process, utilize the -p flag:

$ lsof -p <PID>

This functionality is particularly beneficial for troubleshooting issues linked to specific processes or when investigating the files retained open by a service. Employ sudo if the process isn’t associated with your user.

Illustrative output:

$ lsof -p 873648
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF     NODE NAME
bash    873648 user  cwd    DIR   0,39     8666      257 /home/user
...

Sample 2: Identifying Active Network Connections via Sockets

By being adept at listing network connections, lsof transforms into a handy troubleshooting tool for network-related complications, especially prevalent on hardened, minimalist systems.

To exhibit all active network connections (TCP/UDP sockets), execute:

$ sudo lsof -i

This showcases ongoing Internet connections alongside their respective protocol, port, and process specifics.

Refining this display for particular protocols (e.g., TCP or UDP), involving/excluding IPv4 and v6, and combining multiple values can be achieved through varied options:

$ sudo lsof -i tcp
$ sudo lsof -i udp
$ sudo lsof -i 4tcp
$ sudo lsof -i 6tcp
$ sudo lsof -i [email protected]

To determine connections linked to a specific port:

$ sudo lsof -i :<port_number>

For instance, to list connections to port 22 (SSH):

$ sudo lsof -i :22
COMMAND    PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
sshd    904379 root    3u  IPv4 5622530      0t0  TCP *:ssh (LISTEN)
...

This data plays a pivotal role in identifying unauthorized connections or monitoring network activities for diagnostic purposes.

Exploration of Block Devices with lsblk

Another indispensable tool is lsblk, which furnishes information about all accessible block devices in your system. These block devices encompass hard drives, SSDs, and USB storage, with the command rendering a hierarchical representation aiding the comprehension of partitions, devices, and associated mount points.

Primary Functions

Launching lsblk devoid of any extra parameters unveils a structured presentation of the block devices:

$ lsblk

This hierarchical depiction unveils all block devices in a tree-like format, encompassing size, type (disk, partition), and mount point (if available) data.

Illustrative Instances

For an in-depth exploration of the file systems across block devices, engage the -f flag:

$ lsblk -f

This command showcases not only the block devices but also intricate details concerning the file systems on each partition, including type (e.g., ext4, vfat, swap), UUID, and existing mount points.

If the objective is to reduce the device-specific information (eschewing partitions or mount points), consider the -d parameter:

$ lsblk -d

Furthermore, an -J or –json option exists. Its utilization results in information being presented in JSON format, offering a structured outlook beneficial for scripting and automation purposes.

Sample outputs delineated from a laptop instance:

$ lsblk
NAME                     MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
sda                        8:0    1     0B  0 disk  
sdb                        8:16   1     0B  0 disk  
sdc                        8:32   1     0B  0 disk  
zram0                    252:0    0     8G  0 disk  [SWAP]
nvme0n1                  259:0    0 931,5G  0 disk  
...

Insights and Conclusions

The applications of lsof and lsblk extend to shedding light on file usage, network behaviors, and block device configurations. Whether the task entails tracking active file operations, troubleshooting network anomalies, or reviewing storage devices, these utilities supply pertinent data facilitating a better grasp and management of your Fedora Linux ecosystem. The upcoming installment promises a deeper dive into additional beneficial listing and informational command-line tools and their practical implementations.

🤞 Don’t miss these tips!

Related Posts:

🤞 Don’t miss these tips!

Digital Virtual Domain 2024

Facebook Pinterest-square Instagram

About us

Contact us

Newsmail

Privacy Policy & Terms of service

Cookie policy

A creation of Konstantinos Chatzikostas developments ©

Solverwp- WordPress Theme and Plugin