LSOF ¼³Ä¡ ¹× »ç¿ë°¡À̵å

2001. 6.30

 

°øÀç¼ø/ kong@certcc.or.kr

 

1. ¼Ò°³

LSOF´Â 'List Open File'ÀÇ ¾àÀÚ·Î, ÇØ´ç System¿¡¼­ ±¸µ¿µÇ°í ÀÖ´Â ÇÁ·Î¼¼½ºµé¿¡ ÀÇÇؼ­ ¿­·ÁÁø ÆÄÀϵéÀ» È®ÀÎ ÇÒ ¼ö ÀÖ´Â ÅøÀÌ´Ù. ½Ã½ºÅÛÀÇ Àǽɽº·¯¿î ÇÁ·Î¼¼½º¿¡ ´ëÇÑ È®ÀÎÀÌ ¿ëÀÌÇÏ°í, ¼³Ä¡°¡ ºñ±³Àû ½¬¿ö ¸¹ÀÌ ÀÌ¿ëµÇ°í ÀÖ´Ù.

[cert:root]:/user/kong/lsof_4.56> lsof
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sched 0 root cwd VDIR 32,0 1024 2 /
sched 0 root 0u VCHR 12,2 0t0 140375 /devices/pseudo/sad@0:user(COMMON)
.....
.....
sendmail 23403 root 13u inet 0x603ca5b8 0t2290 TCP cert:52969->211.45.162.90:smtp (ESTABLISHED)
sendmail 23403 root 14u inet 0x603ca5b8 0t2290 TCP cert:52969->211.45.162.90:smtp (ESTABLISHED)
......

[±×¸² 1] LSOF ½ÇÇà ¿¹

Top

2. LSOF ´Ù¿î·Îµå ¹Þ±â

ÃֽŠ¹öÀüÀº ftp://vic.cc.purdue.edu/pub/tools/unix/lsof ¿¡¼­ È®ÀÎ ÇÒ ¼ö ÀÖÀ¸¸ç, ¿©·¯ °³ÀÇ Mirror site °¡ Á¸ÀçÇØ ½±°Ô ´Ù¿î·Îµå ¹ÞÀ» ¼ö ÀÖ´Ù.

Mirror site URL :

* ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutiles/lsof
* ftp://ftp.cert.dfu.du/pub/tools/admin/lsof
* ftp://ftp.cetis.hvu.nl/pub/lsof
* ftp://ftp.crc.doc.ca/packages/

Version 4 LSOF ´Â gzipÀ¸·Î ¾ÐÃàµÇ¾î ÀÖÀ¸¸ç, ÆÄÀÏ¸í¿¡ revision number¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Ù.

ftp://vic.cc.purdue.edu/pub/tools/unix/lsof_<rev>_W.tar.gz
¶Ç´Â ftp://vic.cc.purdue.edu/pub/tools/unix/lsof_<rev>_W.tar.Z

¡Ø ¸®´ª½º ½Ã½ºÅÛÀÇ °æ¿ì¿¡´Â, ´ëºÎºÐ ±âº»ÀûÀ¸·Î LSOF°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù. (¸¸¾à ¼³Ä¡°¡ ¾ÈµÇ¾î ÀÖ´Â »óŶó¸é rpm ÆÐÅ°Áö·Î ¹èÆ÷ÇÏ°í ÀÖÀ¸¹Ç·Î linux ¹èÆ÷»çÀÌÆ®¸¦ ÀÌ¿ëÇÏ¸é µÉ °ÍÀÌ´Ù.)

Top

3. ¾ÐÃàÇØÁ¦

ÀÌ ¹®¼­¿¡¼­´Â ver.4(revision 4.56) LSOF¸¦ Solaris OS¿¡¼­ ¼³Ä¡ÇÏ´Â °úÁ¤À» º¸À̵µ·Ï ÇÑ´Ù.

gzip -d lsof_4.56_W.tar.gz
tar -xvf lsof_4.56_W.tar

¡Ø Âü°í·Î 4.56 ¹öÀüÀÇ lsof.tar ÆÄÀÏÀÇ md5 checksum °ªÀº ´ÙÀ½°ú °°À¸¸ç, MD5 (lsof_4.56.tar) = 92155bb6430d14d044f8ca96858e63b8

md5 checksum toolÀº ¾Æ·¡ »çÀÌÆ®¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Ù.
ftp://ftp.cerias.purdue.edu/pub/tools/unix/crypto/md5

Top

4. ¼³Ä¡Çϱâ

LSOF ¼³Ä¡°úÁ¤Àº Å©°Ô ¾ÐÃàÇØÁ¦ -> Inventory -> Configure -> Install 4´Ü°è·Î º¼ ¼ö ÀÖ´Ù.

¨ç ¾ÐÃà Ç®±â

¿ì¼± Ãʱâ Wrapper¿¡ ½×ÀÎ ÆÄÀÏ ¾ÐÃàÀ» Ç®¸é ÇØ´ç µð·ºÅ丮 ³»¿¡ ´ÙÀ½°ú °°Àº 5°³ ÀÇ ÆÄÀÏÀÌ »ý¼ºµÇ°í, ÀÌ¿Í ÇÔ²² lsof_4.56 µð·ºÅ丮°¡ »ý¼ºµÈ´Ù.

[cert:root]:/user/kong> tar -xvf lsof_4.56_W.tar
x RELEASE.SUMMARY_4.56, 12803 bytes, 26 tape blocks
x README.lsof_4.56, 4129 bytes, 9 tape blocks
x 00.README.FIRST_4.56, 700 bytes, 2 tape blocks
x lsof_4.56.tar, 3317760 bytes, 6480 tape blocks
x lsof_4.56.tar.asc, 284 bytes, 1 tape blocks

»ý¼ºµÇ´Â ÆÄÀÏ

¼³¸í

00.README.FIRST_4.56

Readme file for the distribution

README.lsof_4.56

Contains distribution and security information

RELEASE.SUMMARY_4.56

Summary of the lsof 4.56 distribution

lsof_4.56.tar

LSOF 4.56 tar archive

lsof_4.56.tar.asc

Detached PGP certificate for lsof_4.56.tar

[Ç¥ 1] lsof_4.56_W.tar ¾ÐÃà ÇØÁö ÈÄ »ý¼ºµÇ´Â ÆÄÀϵé

Top

¡Ø »ý¼ºµÈ lsof_4.56 µð·ºÅ丮¿¡ »ý¼ºµÇ´Â ÁÖ¿ä ÆÄÀϵé

[sparc5:root]:/user/kong/lsof_4.56> ls
./ 00DIST 00README arg.c lsof_fields.h proto.h
../ 00FAQ 00XCONFIG dialects/ main.c regex.h
00.README.FIRST 00LSOF-L AFSConfig* lib/ misc.c scripts/
00CREDITS 00MANIFEST Configure* lsof.8 node.c store.c
00DCACHE 00PORTING Customize* lsof.h print.c usage.c
00DIALECTS 00QUICKSTART Inventory* lsof.man proc.c version

¨è Inventory

LSOF¸¦ ¼³Ä¡ ÇÒ¶§ Àý´ëÀûÀ¸·Î ÇÊ¿äÇÑ °úÁ¤Àº ¾Æ´Ï´Ù. ±×·¯³ª subdirectoryµéÀ» üũÇÏ°í, °¢ ½ºÅ©¸³Æ®µé°ú ÆÄÀÏ Çì´õµé, ¼Ò½ºÆÄÀϵéÀÌ ½ÇÁ¦·Î Á¸ÀçÇÏ´ÂÁö µî ÆÐÅ°Áö »óŸ¦ üũ ÇØ º¼ ÇÊ¿ä°¡ ÀÖ´Ù. ´ÙÀ½°ú °°ÀÌ Inventory ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏ°Ô µÇ¸é, inventory ÀÛ¾÷¿¡ ´ëÇÑ ¼Ò°³ °¡ ³ª¿À°í ½ÇÇàÇÒ °ÍÀÎÁö ¿©ºÎ¸¦ ¹°¾î¿À´Âµ¥ 'y' ·Î ´äÇϸ鼭 ÁøÇàÇÏ°Ô µÇ¸é µð·ºÅ丮µéÀÇ list ¸¦ È®ÀÎÇÒ ¼ö ÀÖ´Ù.

[cert:root]:/user/kong/lsof_4.56> ./Inventory
Conducting an inventory of the lsof distribution; this will take a while.
Examining /user/kong/lsof_4.56: OK
Examining dialects: OK
....
....
Examining lib: OK
Examining scripts: OK
This lsof distribution seems to be complete.

Top

¨é Configure

ȯ°æ¼³Á¤¿¡ ÇÊ¿äÇÑ ¿©·¯ ´Ü°èÀÇ ÀÛ¾÷À» ÇÏ°Ô µÇ´Âµ¥, ¾Æ·¡¿Í °°ÀÌ ÇØ´ç OS¿¡ ¸Â °Ô ¼±ÅÃÇÏ°í Configure ½ºÅ©¸³Æ®¸¦ ±¸µ¿ÇÏ¸é µÈ´Ù.

¡ØConfigure ½ºÅ©¸³Æ® ±¸µ¿¹æ¹ý

Configure <options> <target-dialect>
<options>: -clean : clean up previous configuration
-d|-dialects : display a list of supported dialect versions
-h|-help : display help information
-n : avoid AFS, customization, and inventory checks

aix | aixgcc : IBM AIX xlc (aix)
or gcc (aixgcc)
bsdi : BSDI BSD/OS
darwin : Apple Darwin
decosf : DEC OSF/1
digital_unix|du : Digital UNIX
freebsd : FreeBSD
hpux|hpuxgcc : HP-UX cc (hpux)
or gcc (hpuxgcc)
linux : Linux
netbsd : NetBSD

nextstep|next|ns|nxt : NEXTSTEP
openbsd : OpenBSD
openstep|os : OpenStep
osr | sco : SCO OpenServer,
SCO devloper's compiler
osrgcc|scogcc : SCO OpenServer,gcc compiler
ptx : Sequent PTX
solaris | solariscc : Solaris gcc (solaris)
or cc(solariscc)
tru64 : Tru64 UNIX
unixware | uw : SCO UnixWare

[Ç¥ 2] Configure ½ºÅ©¸³Æ® ±¸µ¿½Ã OS ÁöÁ¤

Top

[sparc5:root]:/user/kong/lsof_4.56> ./Configure solaris
Testing prdata.h for PR_GWINDOWS, using gcc
Testing prdata.h for PR_LDT, using gcc
Testing vnode.h for VSOCK, using gcc
.....

°¢ Çì´õÆÄÀÏ testingÀÌ ³¡³ª¸é, ´Ù½Ã inventory ÇØ º¼ °ÍÀÎÁö¸¦ ¹°¾îº¸´Âµ¥ file treeµéÀ» º¯È­½Ãų °ÍÀÌ ¾ø´Ù¸é inventory°úÁ¤À» re-runÇÒ ÇÊ¿ä¾ø´Ù.

....
....
Do you want to take inventory (y|n) [y]? n
rm -f ddev.c dfile.c dlsof.h dmnt.c dnode*.c dproc.c dproto.h dsock.c dstore.c kernelbase.h machine.h machine.h.old new_machine.h __lseek.s Makefile
ln -s dialects/sun/ddev.c ddev.c
ln -s dialects/sun/dfile.c dfile.c
ln -s dialects/sun/dlsof.h dlsof.h
.....
ln -s dialects/sun/machine.h machine.h
kernelbase.h assembled.
Makefile and lib/Makefile created.

Top

À§ °úÁ¤¿¡¼­ Make ÆÄÀÏÀÌ »ý¼ºµÊÀ» º¼ ¼ö ÀÖÀ¸¸ç, À̾î LSOF¸¦ customize ÇÒ °ÍÀÎÁö¸¦ ¹°¾î¿À´Âµ¥ [yes/no] questionÀ» µû¶ó ´ÙÀ½ÀÇ °¢ ¿É¼ÇÀ» »ç¿ëÀÚ°¡ ¼±ÅÃÇÒ ¼ö ÀÖ´Ù.

Name

Description

Default Value

HASSECURITY

enabled : root ¸¸ÀÌ lsof¸¦ ÀÌ¿ëÇØ ¿­·ÁÁø ÆÄÀϵéÀ» È®ÀÎ ÇÒ ¼ö ÀÖÀ½.
disabled :´©±¸µç ¸ðµç ¿­·ÁÁø ÆÄÀϵéÀ» lsof¸¦ ÀÌ ¿ëÇØ È®ÀÎ ÇÒ ¼ö ÀÖÀ½.

Disabled

WARNINGSTATE

enabled : lsof°¡ ÇÊ¿äÇÒ °æ¿ì ¾ðÁ¦µçÁö warning messages¸¦ Ãâ·ÂÇÔ.
disabled : warning messages¸¦ Ãâ·ÂÇÏÁö ¾ÊÀ½. -w (disables) +w (enables) ·Î Á¶Àý °¡´ÉÇÔ.

Enabled

WARNDEVACCESS

enabled : lsof°¡ /dev (¶Ç´Â /devices)¸¦ ¾ï¼¼½º ÇÒ ¼ö ¾øÀ» ¶§, warning messages¸¦ Ãâ·ÂÇÔ.
disabled : lsof°¡ /dev (¶Ç´Â /devices)¸¦ ¾ï¼¼½º ÇÒ ¼ö ¾øÀ» ¶§, skip ÇØ ¹ö¸².

Enabled

HASDCACHE

enabled : lsof°¡ /dev (¶Ç´Â /devices)ÀÇ ÆÄÀϵ鿡 °üÇÑ Á¤º¸¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Â
device cache fileÀ» »ý¼ºÇÔ.

< define path options >

HASENVDC, HASPERSDC,
HASPERSDCPATH, HASSYSDC
disabled : lsof °¡ device cache file »ý¼ºÇÏÁö ¾ÊÀ½.

Enabled

HASENVDC

HASPERSDC

HASPERSDCPATH

HASDCACHE¸¦ Á¤ÀÇÇϸé, device cache file path¸¦ ±â¼úÇϱâ À§ÇØ ¿¬°üµÈ
´Ù¸¥ ¿É¼ÇµéÀÇ ±¸¼ºµµ Á¤ÀÇÇØ ÁÖ¾î¾ß ÇÑ´Ù.

< ÇöÀç ¼³Á¤µÈ path options >

#define HASENVDC "LSOFDEVCACHE"
#define HASPERSDC "%h/%p.lsof_%L"
#define HASPERSDCPATH "LSOFPERSDCPATH"
¡Ø ÀÚ¼¼ÇÑ »çÇ×Àº 00DCACHE ,00FAQ Âü°í

"LSOFDEVCACHE"

"%h/%p.lsof_%L"

"LSOFPERSDCPATH"

HASKERNIDCK

lsof°¡ ÇöÀçÀÇ Ä¿³Î»óÅÂ¿Í ÃÖÃÊ lsof°¡ ¼³Ä¡µÇ¾î ±¸µ¿µÇ¾úÀ» ´ç½ÃÀÇ Ä¿³Î°ú ºñ±³ÇÏ¿©,
½Ã½ºÅÛ¿¡¼­ ºÎÀûÀýÇÏ°Ô ½ÇÇàµÇ´Â °ÍÀ» ŽÁöÇÒ ¼ö ÀÖ´Ù.

kernel identity check·Î ÀÎÇØ ÀϺΠUNIX
(¿¹:AIX) ½Ã½ºÅÛ¿¡¼­ ±¸µ¿½Ã°£ÀÌ ¸¹ÀÌ °É¸®´Â °æ¿ì°¡ À־ disable ½ÃÄÑ¾ß ÇÒ ¶§°¡ ÀÖÀ» ¼öµµ ÀÖÁö¸¸,
lsof¸¦ ºÎÀûÀýÇÏ°Ô ±¸µ¿ÇÔÀ¸·Î½á ¿À´Â À§Çè¿ä¼Ò°¡ Áõ°¡ÇÒ ¼ö ÀÖ´Ù´Â °ÍÀ» ¹èÁ¦ÇÒ ¼ö ¾ø´Ù.

Enabled

[Ç¥ 3] Customize ¿É¼Ç

Top

À§ÀÇ °¢ Ç׸ñµé ¹× ¼³Á¤°ªµéÀº LSOF°¡ ±âº»ÀûÀ¸·Î Á¦°øÇÏ´Â °ÍÀ¸·Î º¯°æÀ» ¿øÇÒ °æ¿ì¿¡´Â machine.h ÆÄÀÏÀ» Á÷Á¢ ¼öÁ¤Çϰųª Customize ½ºÅ©¸³Æ®¸¦ Á÷Á¢ ±¸µ¿ÇÏ¿© º¯°æÇÒ ¼öµµ ÀÖ´Ù.

¨ê build & install

Configure °úÁ¤À» ¸¶Ä¡°í ³ª¸é, ½Ã½ºÅÛ¿¡ ÀνºÅç ÇÒ ¼ö ÀÖ´Ù. ±âº»ÀûÀÎ install °ú Á¤Àº ¾Æ·¡¿Í °°´Ù.

¡á build LSOF system

[cert:root]:/user/kong/lsof_4.56> make
(cd lib; make DEBUG="-O" CFGF="-Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK -DLSOF_VSTR=\"5.6\"")
gcc -Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK -DLSOF_VSTR="5.6" -O -c ckkv.c
.....
.....
gcc -o lsof -Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK -DLSOF_VSTR=\"5.6\" -O ddev.o dfile.o dmnt.o dnode.o dnode1.o dnode2.o dproc.o dsock.o dstore.o arg.o main.o misc.o node.o print.o proc.o store.o usage.o -L./lib -llsof -lkvm -lelf -lsocket -lnsl

Top

¡á Install LSOF system

[cert:root]:/user/kong/lsof_4.56> make install
(cd lib; make DEBUG="-O" CFGF="-Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK -DLSOF_VSTR=\"5.6\"")
Constructing version.h
gcc -Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK -DLSOF_VSTR=\"5.6\" -O -c usage.c
gcc -o lsof -Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK -DLSOF_VSTR=\"5.6\" -O ddev.o dfile.o dmnt.o dnode.o dnode1.o dnode2.o dproc.o dsock.o dstore.o arg.o main.o misc.o node.o print.o proc.o store.o usage.o -L./lib -llsof -lkvm -lelf -lsocket -lnsl

¿©±â±îÁö °úÁ¤À» ¸¶Ä¡¸é ÀϹÝÀûÀÎ ¼³Ä¡´Â ¸ðµÎ ³¡³ª°í lsof ½ÇÇàÆÄÀÏÀÌ »ý¼ºµÈ´Ù.

¡Ø º°µµ·Î install ruleset ÁöÁ¤ÇÏ°íÀÚ ÇÒ °æ¿ì

°¡»ó¸Þ¸ð¸®ÀÇ Ä¿³Î image¸¦ ´ã°íÀÖ´Â ÆÄÀÏÀÎ /dev/kmem(¶Ç´Â /dev/mem)¸¦ read ÇÒ ¼ö ÀÖµµ·Ï LSOF´Â setgid ·Î ¼³Ä¡µÇ¾î¾ß Çϴµ¥, ÀϹÝÀûÀ¸·Î ´ÙÀ½°ú °°Àº ruleset ÇüÅ·ΠÁöÁ¤ÇÑ´Ù.

SunOS install rule actions :
install <options> -m 2755 -g kmem lsof <bin_dest>
install <options> -m 444 lsof.8 <man_dest>
Solaris install rule actions :

install -[cf] <bin_dest> <options> -m 2755 -g sys lsof
install -[cf] <man_dest> <options> -m 444 lsof.8

Top

5. LSOF »ç¿ëÇϱâ

¡á LSOF ¿É¼Ç

¿É¼Ç

±â ´É

¿É¼Ç

±â ´É

-?
-h

list help

-a

AND selections (OR)

-d
-D

s select by FD set
D ?|i|b|r|u[path]

+|-f

-files +filesys

-l

list UID numbers

-n
-N

no host names
select NFS files

-s

list file size

-t
-T

terse listing
disable TCP/TPI info

-v
-V

display version info
verbose search

-F [f]

select fields;-F? for help

-o o

o 0t offset digits (8)

-S [t]

t second stat timeout(15)

-i i

select by IPv4 address: [proto][@host|addr][:svc_list|port_list]

+|-r [t]

repeat every t seconds (15);
+ until no files, - forever

-b

avoid kernel blocks

-c c

list command c

-P

no port names

-i

select IPv4 files

-p s

select by PID set

-C

no kernel name cache

+|-w

Warnings (+)

-R

list paRent PID

-k k

kernelsymbols (/dev/ksyms)

-U

select Unix socket

-u s

exclude(^)/select login/UID s

-m m

kernel memory (/dev/kmem)

+|-M

portMap registration (-)

--

end option scan

-g [s]

select by process group ID set and print process group IDs

names

select named files or files on named file systems

Top

¡á ½ÇÇà°á°ú º¸±â

½ÇÇà°á°ú¿¡ ÇØ´çµÇ´Â °¢ column µéÀ» °£´ÜÇÏ°Ô »ìÆ캸¸é ´ÙÀ½ [Ç¥5] ¿Í °°´Ù.

Column

¼³ ¸í

Command

ÇÁ·Î¼¼½º¿Í °ü·ÃµÈ Unix command À̸§

PID
PPID
PGRP

Process IDentification number

Parent Process IDentification number
(ÇØ´ç ÇÁ·Î¼¼½ºÀÇ ºÎ¸ð ÇÁ·Î¼¼½º ID)

Process Group IDentification number
(ÇØ´ç ÇÁ·Î¼¼½º¿Í °ü·ÃµÈ ÇÁ·Î¼¼½º ±×·ì ID)

USER

ÇØ´ç ÇÁ·Î¼¼½º¸¦ ¼ÒÀ¯ÇÑ »ç¿ëÀÚ ID ¶Ç´Â login name

FD

File Descriptor number
(ex) cwd : current working directory
r : read access / w : write access / u : read and write access

TYPE

ÇØ´ç ÆÄÀÏ°ú °ü·ÃÇÑ ³ëµå ŸÀÔ
(ex) inet : Internet domain socket

DEVICE

device number

SIZE
SIZE/OFF
OFFSET

file À̳ª file offsetÀÇ »çÀÌÁî

INODE
NODE-ID

local file ÀÇ node number ¶Ç´Â Internet protocol type
¶Ç´Â ¼­¹ö È£½ºÆ®ÀÇ NFS fileÀÇ inode number

NAME

ÇØ´ç ÆÄÀÏÀÌ ¼Ò¼ÓµÈ mount point³ª ÆÄÀÏ ½Ã½ºÅÛÀÇ À̸§

[Ç¥ 6] lsof ½ÇÇà°á°úÀÇ °¢ Column

Top

¡á LSOF ÁÖ¿ä ¿É¼Ç »ç¿ë ¿¹

* ƯÁ¤ ÆÄÀÏÀ» ¾ï¼¼½ºÇÏ°í ÀÖ´Â ÇÁ·Î¼¼½º È®ÀÎ : lsof <path/file-name>

[cert:root]:/> lsof /etc/passwd
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
ns-httpd 244 root 9r VREG 32,0 3044 99217 /etc/passwd
....

* internet socket È®ÀÎ : lsof -i

Internet address Ãâ·ÂÇü½Ä : [protocol][@hostname|hostaddr][:service|port]

Top

- ƯÁ¤ È£½ºÆ®(¶Ç´Â ip)¿¡ ´ëÇÑ Á¢¼Ó È®ÀÎ

[cert:root]:/> lsof -i@172.16.2.146
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
in.telnet 10124 root 0u inet 0x61d4b788 0t71 TCP cert:telnet->172.16.2.146:1109 (ESTABLISHED)
in.telnet 10124 root 1u inet 0x61d4b788 0t71 TCP cert:telnet->172.16.2.146:1109 (ESTABLISHED)
in.telnet 10124 root 2u inet 0x61d4b788 0t71 TCP cert:telnet->172.16.2.146:1109 (ESTABLISHED)
.....

- ƯÁ¤ Æ÷Æ®·Î Á¢¼ÓÇÑ ¸®½ºÆ® È®ÀÎ

[cert:root]:/usr/sbin> lsof -i @certcc.or.kr:23
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
in.telnet 104 root 2u inet 0x612df850 0t152 TCP cert:telnet->172.16.2.159:1176 (ESTABLISHED)
in.telnet 28462 root 0u inet 0x61aee578 0t71 TCP cert:telnet->172.16.2.146:4250 (ESTABLISHED)
.....

Top

* ƯÁ¤ user°¡ ¿ÀÇÂÇÑ ÇÁ·Î¼¼½º¸¦ È®ÀÎ : lsof -u <loginname> ȤÀº lsof -u <UID>

[cert:root]:/> lsof -u kong
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
csh 21309 kong cwd VDIR 32,4 1536 223602 /user/kong/lsof_4.56
csh 21309 kong txt VREG 32,6 158608 298136 /usr/bin/csh
.......

- ƯÁ¤»ç¿ëÀÚ Á¦¿Ü½Ã "^" ½Éº¼À» »ç¿ëÇÏ°í, ¿©·¯¸íÀ» µ¿½Ã¿¡ ÁöÁ¤ÇÏ·Á¸é ","¸¦ ÀÌ¿ëÇÑ´Ù.

[cert:root]:/dev/pts> lsof -u ^root,kong,yjkim
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
csh 8992 yjkim cwd VDIR 32,0 1024 2 /
csh 8992 yjkim txt VREG 32,6 158608 298136 /usr/bin/csh
csh 8992 yjkim txt VREG 32,6 70996 136979 /usr/lib/locale/ko/ko.so.1
csh 8992 yjkim txt VREG 32,6 1024888 6749 /usr/lib/libc.so.1
.....
csh 21309 kong cwd VDIR 32,4 1536 223602 /user/kong/lsof_4.56
csh 21309 kong txt VREG 32,6 158608 298136 /usr/bin/csh
....

Top

* ƯÁ¤ ÇÁ·Î¼¼½º°¡ ¿ÀÇÂÇÑ ÆÄÀÏ ¸®½ºÆ® È®ÀÎ : lsof -p <PID>

- PID 112¸¦ °¡Áø ÇÁ·Î¼¼½º°¡ »ç¿ëÇÏ´Â ÆÄÀϵé È®ÀÎ

[cert:root]:/usr/sbin> lsof -p 143
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
inetd 143 root cwd VDIR 32,0 1024 2 /
inetd 143 root txt VREG 32,6 33492 310933 /usr/sbin/inetd
inetd 143 root txt VREG 32,6 10696 6352 /usr (/dev/dsk/c0t0d0s6)
....
....
inetd 143 root 4u inet 0x603cab38 0t0 TCP *:ftp (LISTEN)
inetd 143 root 5u inet 0x610b13c0 0t0 TCP *:telnet (LISTEN)
inetd 143 root 6u inet 0x610b1240 0t0 TCP *:pop3 (LISTEN)
......

Top

* ps ¸í·ÉÀÌ º¯Á¶µÈ ½Ã½ºÅÛ¿¡¼­´Â Àǽɽº·¯¿î Æ÷Æ® È®ÀÎÇϱ⠿¹

[root@linux /root]# netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:auth *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:telnet *:* LISTEN
tcp 0 0 *:login *:* LISTEN
tcp 0 0 *:2626 *:* LISTEN
.......
[root@linux /dev]# fuser -n tcp 2626
2626/tcp: 607
[root@linux /dev]# lsof -p 607
PID TTY STAT TIME COMMAND
607 ? S 0:00 /usr/sbin/mingetty

¡Ø Âü°íÀÚ·á

1. lsof 4.56 README file and man page

2. Installing, configuring and using lsof 4.50 to list open files on systems running Solaris 2.x
http://www.cert.org/security-improvement/implementations/i042.05.html

Top