netstat -anp is not giving the pid/process_name!

vamsi9042 · 11-08-2011, 03:32 AM

Hi friends!

To get the process attached to which a port is attach; we give netstat -anp, isn't it? but when I give the following command

Code:

root@localhost# netstat -anp|less
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:2813            0.0.0.0:*               LISTEN      2164/monit      
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1312/mysqld     
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      1967/sendmail: MTA:
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      1509/vsftpd     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1126/sshd       
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      2083/cupsd      
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1967/sendmail: MTA:
tcp        0      0 10.30.10.213:42668      74.125.236.151:443      ESTABLISHED 28238/firefox-bin
tcp        0      0 10.30.10.213:35433      10.30.10.233:22         ESTABLISHED 22496/ssh       
tcp        0      0 10.30.10.213:47876      209.85.175.125:5222     ESTABLISHED 12716/pidgin    
tcp        0      0 10.30.10.213:34369      10.30.10.233:22         ESTABLISHED 26696/ssh       
tcp        0      0 10.30.10.213:35513      10.30.10.233:22         ESTABLISHED 8127/ssh        
tcp        0      0 10.30.10.213:45263      74.125.235.51:443       ESTABLISHED 28238/firefox-bin
tcp        0      0 10.30.10.213:47877      209.85.175.125:5222     ESTABLISHED 12716/pidgin    
tcp        0      0 10.30.10.213:54086      199.101.236.156:143     ESTABLISHED 10734/thunderbird-b
tcp        0      0 10.30.10.213:60827      74.125.236.138:443      ESTABLISHED 28238/firefox-bin
tcp        0      0 10.30.10.213:53540      10.30.10.233:22         ESTABLISHED 318/ssh         
tcp6       0      0 :::445                  :::*                    LISTEN      1482/smbd       
tcp6       0      0 :::139                  :::*                    LISTEN      1482/smbd       
tcp6       0      0 :::80                   :::*                    LISTEN      2302/apache2    
tcp6       0      0 :::22                   :::*                    LISTEN      1126/sshd       
tcp6       0      0 ::1:631                 :::*                    LISTEN      2083/cupsd      
tcp6       0      0 10.30.10.213:80         10.30.10.196:2659       TIME_WAIT   -               
udp        0      0 0.0.0.0:42782           0.0.0.0:*                           839/avahi-daemon: r

find the bold line in the code, there is no process name.

Quote:

I checked the man page of netstat, in which it is given that, the processes to those we don't have permissions will not be displayed. But I'm running as a root there.

I searched over net also, in yahoo answers, it is given that, it is a bug in OS. (I don't think it's a bug).

Can anybody explain the reasons for this sort of output.

Thanks in advance.

MensaWater · 11-08-2011, 07:46 AM

No but lsof might show you if netstat doesn't:

lsof -i @10.30.10.196 = Show whatever is going to that IP
lsof -i :2659 = Show whatever is using port 2659
lsof -i @10.30.10.196:2659 = Show whatever is on that IP at that port.
lsof -i @10.30.10.213:80 = Show whatever is on IP 10.30.10.213 port 80.

vamsi9042 · 11-08-2011, 10:32 PM

Thanq for responding MensaWater!

Here I have a context eating my head.

Quote:

This context has 3 systems with ips 10.30.10.191, 10.30.10.192 and 10.30.10.213. 10.30.10.213 is running the server containing two threads and each of them is listening on 2002 and 3003. 10.30.10.191 and 10.30.10.192 are trying to connect and send data to 10.30.10.213 on port numbers 2002 and 3003 respectively. Even though binaries running on both 191 and 192 are same, 2002 is not woriking fine. When I do netstat I got the following output.

Code:

For 10.30.10.191
[root@localhost ~]# netstat -nap|grep 2002
tcp        0  21720 10.30.10.191:59830           10.30.10.213:2002            ESTABLISHED 1280/sctp_assembler

for 10.30.10.213
[root@dbsrvr1 ~]# netstat -nap|grep 2002
tcp        0      0 10.30.10.213:2002            0.0.0.0:*                   LISTEN      14113/sigtran_assem
tcp  2385800      0 10.30.10.213:2002            10.30.10.191:59830           ESTABLISHED -
[root@dbsrvr1 ~]# 
[root@dbsrvr1 ~]# netstat -nap|grep 3003
tcp        0      0 10.30.10.213:3003            0.0.0.0:*                   LISTEN      14113/sigtran_assem
tcp        0      0 10.30.10.213:3003            10.30.10.192:36777           ESTABLISHED 14113/sigtran_assem

For port 2002, when it is in listen state, its PID is shown whereas in established state it is not there. Also it is not reading data (RecvQ is not 0). But for 3003 everything is fine.

Could anybody explain the reason behind for this? Thanks in Advance!

zenkj · 05-27-2018, 11:31 PM

may be too late, https://serverfault.com/a/914044/471657

AwesomeMachine · 05-29-2018, 03:38 PM

I think the guy probably figured it out sometime during the last seven years.