cannot identify process associated with open port
Hi,
I'm trying to understand why a port is kept open on my linux server, but I cannot associate it with any process whatsoever, so I'm not really sure what is running there. netstat -tulpn shows: Code:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name Neither lsof or ss showed my anything. Any ideas how I can trace that back to a process? Thanks. |
You'll need to run netstat as root to get the process information.
|
Hi,
That's not the issue. Everything is run as root. Otherwise I wouldn't have seen most (if any) of the processes that are already displayed by netstat. Telnetting to 33855 does work, but I'm not sure what it expects. |
Does lsof show the PID of the process at least? Then you could try looking using ps
Code:
ps -p xxxxx -o pid,ppid,user,args |
PID of the process would probably have been all I wanted, but lsof doesn't show anything at all related to these two ports. Only ss and netstat do.
I should also mention that this is also the behaviour of docker swarm when you initiate it. No related process is being shown, but I know the port pops up in netstat/ss. In that case, of course, it's easy to trace it back to swarm, because it's a known port. |
How about:
Code:
ss -plten |
Code:
ss -plten | grep 33855 lsof -ni :33855 * lists nothing. Code:
ss -tanp | grep 3385 Code:
netstat -nlp | grep 33855 |
|
This is what I've got based on the link you've shared.
find -inum 14772 Quote:
Quote:
|
If I connect through telnet to the port, I get this:
Code:
Feb 26 16:39:01 vm1010798 kernel: [8494225.482696] RPC: fragment too large: 218762506 |
Quote:
This is the sort of thing that would have driven the security compliance team I worked with some years ago right up the wall. (The electrical power generation industry gets a little testy about port use they cannot attribute to software that should be running on systems.) |
All times are GMT -5. The time now is 04:17 PM. |