LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   netstat -anp is not giving the pid/process_name! (http://www.linuxquestions.org/questions/linux-networking-3/netstat-anp-is-not-giving-the-pid-process_name-912433/)

vamsi9042 11-08-2011 03:32 AM

netstat -anp is not giving the pid/process_name!
 
Hi friends!

To get the process attached to which a port is attach; we give netstat -anp, isn't it? but when I give the following command
Code:

root@localhost# netstat -anp|less
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name
tcp        0      0 0.0.0.0:2813            0.0.0.0:*              LISTEN      2164/monit     
tcp        0      0 0.0.0.0:3306            0.0.0.0:*              LISTEN      1312/mysqld   
tcp        0      0 127.0.0.1:587          0.0.0.0:*              LISTEN      1967/sendmail: MTA:
tcp        0      0 0.0.0.0:21              0.0.0.0:*              LISTEN      1509/vsftpd   
tcp        0      0 0.0.0.0:22              0.0.0.0:*              LISTEN      1126/sshd     
tcp        0      0 127.0.0.1:631          0.0.0.0:*              LISTEN      2083/cupsd     
tcp        0      0 127.0.0.1:25            0.0.0.0:*              LISTEN      1967/sendmail: MTA:
tcp        0      0 10.30.10.213:42668      74.125.236.151:443      ESTABLISHED 28238/firefox-bin
tcp        0      0 10.30.10.213:35433      10.30.10.233:22        ESTABLISHED 22496/ssh     
tcp        0      0 10.30.10.213:47876      209.85.175.125:5222    ESTABLISHED 12716/pidgin   
tcp        0      0 10.30.10.213:34369      10.30.10.233:22        ESTABLISHED 26696/ssh     
tcp        0      0 10.30.10.213:35513      10.30.10.233:22        ESTABLISHED 8127/ssh       
tcp        0      0 10.30.10.213:45263      74.125.235.51:443      ESTABLISHED 28238/firefox-bin
tcp        0      0 10.30.10.213:47877      209.85.175.125:5222    ESTABLISHED 12716/pidgin   
tcp        0      0 10.30.10.213:54086      199.101.236.156:143    ESTABLISHED 10734/thunderbird-b
tcp        0      0 10.30.10.213:60827      74.125.236.138:443      ESTABLISHED 28238/firefox-bin
tcp        0      0 10.30.10.213:53540      10.30.10.233:22        ESTABLISHED 318/ssh       
tcp6      0      0 :::445                  :::*                    LISTEN      1482/smbd     
tcp6      0      0 :::139                  :::*                    LISTEN      1482/smbd     
tcp6      0      0 :::80                  :::*                    LISTEN      2302/apache2   
tcp6      0      0 :::22                  :::*                    LISTEN      1126/sshd     
tcp6      0      0 ::1:631                :::*                    LISTEN      2083/cupsd     
tcp6      0      0 10.30.10.213:80        10.30.10.196:2659      TIME_WAIT  -              
udp        0      0 0.0.0.0:42782          0.0.0.0:*                          839/avahi-daemon: r

find the bold line in the code, there is no process name.
Quote:

I checked the man page of netstat, in which it is given that, the processes to those we don't have permissions will not be displayed. But I'm running as a root there.

I searched over net also, in yahoo answers, it is given that, it is a bug in OS. (I don't think it's a bug).
Can anybody explain the reasons for this sort of output.

Thanks in advance.

MensaWater 11-08-2011 07:46 AM

No but lsof might show you if netstat doesn't:

lsof -i @10.30.10.196 = Show whatever is going to that IP
lsof -i :2659 = Show whatever is using port 2659
lsof -i @10.30.10.196:2659 = Show whatever is on that IP at that port.
lsof -i @10.30.10.213:80 = Show whatever is on IP 10.30.10.213 port 80.

vamsi9042 11-08-2011 10:32 PM

Thanq for responding MensaWater!

Here I have a context eating my head.
Quote:

This context has 3 systems with ips 10.30.10.191, 10.30.10.192 and 10.30.10.213. 10.30.10.213 is running the server containing two threads and each of them is listening on 2002 and 3003. 10.30.10.191 and 10.30.10.192 are trying to connect and send data to 10.30.10.213 on port numbers 2002 and 3003 respectively. Even though binaries running on both 191 and 192 are same, 2002 is not woriking fine. When I do netstat I got the following output.

Code:

For 10.30.10.191
[root@localhost ~]# netstat -nap|grep 2002
tcp        0  21720 10.30.10.191:59830          10.30.10.213:2002            ESTABLISHED 1280/sctp_assembler


for 10.30.10.213
[root@dbsrvr1 ~]# netstat -nap|grep 2002
tcp        0      0 10.30.10.213:2002            0.0.0.0:*                  LISTEN      14113/sigtran_assem
tcp  2385800      0 10.30.10.213:2002            10.30.10.191:59830          ESTABLISHED -
[root@dbsrvr1 ~]#
[root@dbsrvr1 ~]# netstat -nap|grep 3003
tcp        0      0 10.30.10.213:3003            0.0.0.0:*                  LISTEN      14113/sigtran_assem
tcp        0      0 10.30.10.213:3003            10.30.10.192:36777          ESTABLISHED 14113/sigtran_assem


For port 2002, when it is in listen state, its PID is shown whereas in established state it is not there. Also it is not reading data (RecvQ is not 0). But for 3003 everything is fine.

Could anybody explain the reason behind for this? Thanks in Advance!


All times are GMT -5. The time now is 04:00 AM.