Linux – netstat -ntap doesn’t show pid/process name for some connections

linuxnetstatnetworkingUbuntu

I have ubuntu/hardy server, with kernel 2.6.24-23-server and netstat:

# netstat --version
net-tools 1.60
netstat 1.42 (2001-04-15)

The problem is that we have a lot of ESTABLISHED connections that don't show PID nor Program name in netstat -ntap output. Netstat was called from root, there are no chroots, grsecurity, nor anything like this (or so I was told :).

Any idea on what might be wrong?

UPDATE

lsof -n -i works ok, and shows pid/process name for the connections.

Best Answer

198_141:~ # netstat  -anp|grep 33000
tcp        0      0 0.0.0.0:53000           0.0.0.0:*               LISTEN       -                   
198_141:~ # lsof -i:33000
COMMAND   PID USER   FD   TYPE     DEVICE SIZE NODE NAME
vsftpd  28147 root    3u  IPv4 4089990174       TCP *:33000 (LISTEN)
198_141:~ # id
uid=0(root) gid=100(users) groups=16(dialout),100(users)
198_141:~ #

in my oninion,there could be two situations:

1) normal privilege user excute "netstat" cann't see those processes launched by root

2) some processes run in kernel

Best Answer

Related Solutions

Linux – Mount RootFS error: VFS: Cannot open root device “mtdblock4” or unknown-block(0,0)

Netstat reports PID that doesn’t exist – wtf and how to close it

Related Topic