Re: lsof information

prodigal1 <prodig@xxxxxx> wrote:
Can anyone point me to some clearly written explanations of the output of
lsof? Man lsof gives ather densely worded pages that presume more
background knowledge than I have. Just dicking around here with a
Mandriva 2006 install, and doing lsof with no parameters produced a huge
list. I read disturbing things in there like "unknown protocol" and
"heap: unknown file or directory".
any clues happily taken

For the default output, my version of lsof (4.76) on my machine
(amd64) starts out with the following:

sh 5050 klausman cwd DIR 8,5 73728 258048 /home/klausman
sh 5050 klausman rtd DIR 8,1 4096 2 /
sh 5050 klausman txt REG 8,1 767152 200617 /bin/bash
sh 5050 klausman mem REG 0,0 0 [heap] (stat: No such...
sh 5050 klausman mem REG 8,1 115690 899694 /lib64/
sh 5050 klausman mem REG 8,1 378 913703 /usr/lib64/locale/en_...

(I removed some whitespace and cut the last part of too-long

COMMAND is the binary name of the program that has a reference to this file.
PID is the program id of the very same program
USER is the user who the program runs as
FD is a description of the meaning this file has for the program.
For example: cwd=current working dir, rtd=root dir, txt=text
file (binary program), mem=piece of mapped memory (this is
the heap but also shared libraries)
TYPE is the type of file (DIR=directory, REG=regular file, FIFO=
fifo/pipe, unix=unix domain socket)
DEVICE is the major and minor device number of the device the
file is on (if applicable). The numbers correspond with the
major and minor device numbers used for /dev. More info can be
found in /usr/src/linux/Documentation/devices.txt
SIZE is just that, the size of the file.
NODE The I-Node of the file (if applicable). This is what you'd
see if you'd run stat on the file.
NAME The name of the file (if applicable).

Note that on most systems, lsof only reports the files of the
user it runs as if not running as root. Also note that it's much
better (faster) to let lsof filter stuff using its command line
switches than to use convoluted regexen with grep.


You don't need eyes to see, you need vision.