Netstat shows an ESTABLISHED connection with no process

I am debugging some problems with postfix. When I establish a connection nothing happens and netstat shows:

$ netstat -anp
...
tcp        0      0 129.132.202.106:25          129.132.179.232:60154       ESTABLISHED -

Why is the process missing?

lsof does not show the established connection

$ lsof -n -i :25
COMMAND   PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
master   6139    root   11u  IPv4 472858      0t0  TCP 127.0.0.1:smtp (LISTEN)
master  20033    root   11u  IPv4 523921      0t0  TCP 129.132.202.106:smtp (LISTEN)
smtpd   20042 postfix    6u  IPv4 523921      0t0  TCP 129.132.202.106:smtp (LISTEN)

Traffic:

11:26:44.182443 IP 129.132.179.232.59517 > 129.132.202.106.25: S 3522488764:3522488764(0) win 65535 <mss 1460,nop,wscale 5,nop,nop,timestamp 73851028 0,sackOK,eol>
11:26:44.182831 IP 129.132.202.106.25 > 129.132.179.232.59517: S 3950923498:3950923498(0) ack 3522488765 win 5792 <mss 1460,sackOK,timestamp 18832449 73851028,nop,wscale 7>
11:26:44.183150 IP 129.132.179.232.59517 > 129.132.202.106.25: . ack 1 win 4117 <nop,nop,timestamp 73851029 18832449>

and then nothing more

How do I find out why the listening process is not there? If I attach strace to master nothing is shown. No activity whatsoever during the attempted connection.

Best Answer

You need to run netstat using sudo.

Without root privileges, netstat is unable to go poking around in the processes of other users (denoted by a - in the last column of your output), so the -p option will only identify processes owned by you, and this process is apparently not owned by you.

So the solution simply becomes:

sudo netstat -apn

Best Answer

Related Solutions

Ssh – does netstat established mean that someone is ssh’d into the machine

Related Question