David Goodwin

netstat –tcp -lp output not showing a process id

I often use ‘netstat –tcp -lpn’ to display a list of open ports on a server – so i can check things aren’t listening where they shouldn’t be (e.g. MySQL accepting connections from the world) and so on. Obviously I firewall boxes; but I like to have a reasonable default incase the firewall decides to flush itself randomly or whatever.

Anyway, I ran ‘netstat –tcp -lpn’ and saw something like the following :

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      3355/mysqld     
tcp        0      0 0.0.0.0:54283           0.0.0.0:*               LISTEN      -               
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1940/portmap

Now ‘mysqld’ looks OK – and portmap does (well, I need it on this box). But what on earth was listening on port 54283, and why is there no process name/pid attached to it?

After lots of rummaging, and paranoia where I thought perhaps the box had been rooted, I discovered it was from an NFS mount (which explains the lack of a pid, as it’s kernel based).

lsof -i tcp:54283

Didn’t help either. Unmounting the NFS filesystem did identify the problem – and the entry went away.

Posted

in

by

David Goodwin

Tags:

, ,

Comments

3 responses to “netstat –tcp -lp output not showing a process id”

  1. Shakib Avatar
    Shakib

    May be it is root process login as root and execute above command

  2. David Goodwin Avatar
    David Goodwin

    That doesn’t help; the command(s) were executed as root.

  3. JobC Avatar
    JobC

    Most people are saying that this is caused by NFS being a kernel module. As such it does not run as a process and there is no process ID. There are probably other kernel modules that use network ports. I have not found a list yet.

    http://ubuntuforums.org/showthread.php?t=1914610

Leave a Reply

Your email address will not be published. Required fields are marked *