Process Artifacts

Start by looking at the running processes. ps -auxww

Display process specific to a single user ps -u username

Process tree pstree

The Linux operating system provides a powerful utility called lsof (List Open Files) that allows users to gain insights into the files currently open on their system. lsof command stands for List Open Files. This command provides a list of files that are opened. Basically, it gives the information to find out the files which are opened by which process. With one go it lists out all open files in output console. It cannot only list common regular files but it can list a directory, a block special file, a shared library, a character special file, a regular pipe, a named pipe, an internet socket, a UNIX domain socket, and many others. it can be combined with grep command can be used to do advanced searching and listing.

  • FD represents as File descriptor.

  • cwd : Current working directory.

  • txt : Text file.

  • mem : Memory file.

  • mmap : Memory mapped device.

  • DIR: Directory

  • REG: Regular file

  • CHR: Character special file

List all files opened by a user:

lsof -u username

How to List all files which are opened by everyone except a specific user

lsof -u ^root

How to list all open files by a particular process

lsof -c Mysql

How to List all open files that are opened by a particular process

lsof -p processID

How to List all files opened by a parent process ID

To find out the list of files opened by parent process Id lsof command is used with the option -R. lsof -R

List all files opened in a Directory

lsof -D directory_path OR lsof +D directory_path

How to Check Open connections by processes

List open files associated with network connections.

lsof -i OR lsof -i tcp

Log loaded modules. Start with lsmod but consider using modinfo if more detail is needed.

More Process & System related Stuff

top - Display Linux tasks.

top -n 1 - Display top processes.

htop - Interactive process viewer.

uptime - Show system uptime.

ps aux - Show currently running processes.

ps -ef - Display all the currently running processes on the system.

ps -eo pid,tt,user,fname,rsz - Show processes in custom format.

pstree - Show running processes as a tree.

pstree -p - Display processes in a tree format with PIDs.

free -m - Show memory usage in MB.

cat /proc/meminfo - Display memory information.

cat /proc/mounts - Display mounted filesystems.

PreviousLinux Home:NextNetwork Artifacts

Last updated