Networking :: Netstat Displaying Wrong Process Name/id?
Feb 9, 2010
While running some live tests last week I saw an odd situation where netstat appeared to be displaying the wrong PID and process name for TCP connections. I'm trying to figure out if this is just a strange netstat bug or if it could indicate something odd is happening with our software.
We have a main program which establishes a number of connections, including connecting to a JMS server and listening/accepting a TCP connection. The main program also creates a child process which it uses to communicate with another server. On at least three occasions we saw a situation we saw netstat reporting all the expected TCP connections (correct ip/port for both source and destination), however the child process, instead of the main, was listed for the PID. The main process was still running but netstat no longer reported any TCP connections established by the main program. The main program continued to function correctly, the JMS communication continued to work and we believe the other TCP connection was functioning correctly despite the program supposedly not having any TCP connections.
I'm wondering if this could simply be a bug and/or obscure functionality of netstat that I don't understand which would cause netstat to report the child process as 'owning' the parents TCP connections. I don't know how this would happen or why the parent would continue functioning despite the problem otherwise.
I am developing a node application and there is an option to set the process title (process name). This only sets it in some tools (like ps and top), but not in htop or netstat.
I found this article that explained how most applications do it, but it doesn't change in netstat.
That lead me to wonder where those programs are getting the process name. Would they be getting it from /proc/##/cmdline? (## being the PID of the process)
I figure messing with things in /proc is a bad idea (and probably not possible), so if this is where those programs are getting it, is there a way to change it?
I have a shell script to identify whether the process is running or not. If the process is not running, then I execute another script file to run my application. Below is my script and saved this script as monitorprocess.sh Code: #!/bin/bash
I recently built a new computer. For CPU, I am using AMD Athlon II X2 @ 2.8GHz... However, when I do cat /proc/cpuinfo, I get the following:
processor : 0 vendor_id : AuthenticAMD cpu family : 16 model : 6 model name : AMD Athlon(tm) II X2 240 Processor stepping : 2 cpu MHz : 800.000 cache size : 1024 KB
and same thing for processor: 1 Notice that for cpu MHz, it says 800.000. However, that is not correct... Shouldn't it say 2800? Is this a bug? Am I looking at this wrong?
I have installed ubuntu many times before and never encountered this problem. The installer shows partition sizes which do not match my current sizes at all. This occurs during LiveCD too, I have taken a screenshot of the problem. GParted seems to be showing incorrect partitions while the one the right is correct.
how to configure X11 forwadring over SSH so, that when I open any app over SSH, I get displayed window of a process that is already running on my server (in case its running ), not a new instance of it.
While issuing the command netstat -M it shows netstat: no support for `ip_masquerade' on this system. But this system is used as a gateway and iptable rules are set for ip forwarding. Also internet is getting another machine through this machine. What about the message?
I just found something "strange" by using netstat tcp 0 0 myhost.deprecated:53719 amaretti.chimfar.:54406 ESTABLISHED How can I check what is the program that is responsible for this line?
I've been experiencing some home web-server slowdown issues lately, and I wanted to see if it's a problem with the server itself. I'm not sure if this might be the problem, but upon checking netstat -tn, I see over 15 instances of the following:
[Code]...
where 192.168.2.9 is the server's local address, the local address port varies, and the foreign address is the server's web address. If anyone knows what might be causing this and/or how to fix i
I assume that *:* means that any foreign host can connect from any port, but then what does [::]:* mean? and localhost:ipp... what port is ipp? Shouldn't ports be numeric?
I install CentOS5.5 on VMWARE,the system is working properly.I want to test reinstall CentOS5.5 on VMWARE,So,I make a snapshot.My system partition(Manually partition )is:/(1G),/boot(512M),swap(2G),/usr(30G),/var(10G),/data(20G).Each partition is independent of the ] partition.I reinstall CentOS5.5 by CentOS5.5.ISO.I format / partition,and other partition unchanged.However, the installation process was wrong:
I have a small office network (about 30 machine) with linux gateway (6Mbps internet bandwidth). Every user get only 500Kbps bandwidth, and they use the internet very poor. The internet getting slow lately, and I noticed that there are huge amount of small packets (78 byte, 48 byte) coming to linux machines. My question is: How can I solve which machine(s) sending those small packets? Do you have any ideas with netstat command?
Using netstat I can get a lot of network related information which is pretty useful at times. But when I use for example 'netstat -s' it gives me a lot of counts for bits transferred or data packets transferred etc. Now one thing I am not sure of is that for how long those counts will keep rolling and when will they get reset (when I restart the machine?, when I restart the network services? Or if there is some kinda threshold set on it?) How exactly netstat counts those things (I mean what is the source of those counts for netstat).
We are running a combination of Apache-2 with mod_jk connecting to tomcat workers running on separate hardware.Strange: "netstat -tn" on the Apache server outputs identical combinations of source address, source port, destination address and destination port.
Has anybody else experienced this phenomenon? (I googled and searched LQ but couldn't find anybody else reporting this)Is netstat broken, or is there another explanation?
My Ubuntu system is occasionally becoming very sluggish. I'm running many things simultaneously and it's very difficult to tell which program is the culprit.
I suspect that the sluggishness is due to disk activity since the CPU usage is consistently under 50% on each of the 4 cores of the CPU, and over 30% of the 6GB of RAM are free.
Is there a tool that can show me in real time the number of disk IO operations per second and the amount of data read/written per second? Can all this info be broken down and displayed per process?
I have setup NTOP on Centos 5.5 and am not seeing traffic that I am supposed to be seeing. We have a product that uses many different services including ssh. I have this system as a target on mirrored ports but am not seeing any ssh connections or activity when I look at the host machine that is connected to the target ssh client and vice versa. When I look under TCP/UDP Service/Port Usage it is not displaying all the services that are being used especially SSH. What could it be?
A small "mom and pop" WISP would like to provide account usage information to customers.Basically, when a person connecting to the WISP's web site is a customer with an IP address from within the WISP's subnets, a link would appear on the web page where customers could read total bandwidth usage (daily, weekly, monthly, and yearly totals and averages) and public IP address. Information could include the top five bandwidth URLs visited; graphs or charts of usage; and usage during specific periods, such as business hours (8AM-5PM), evening hours (5PM-10PM), night (10PM-8AM), and weekends (10PM Friday-8AM Monday).
The WISP has installed cricket (http://cricket.sourceforge.net) and rrdtool (http://oss.oetiker.ch/rrdtool). The next trick is to grab and format the data for customers.I'm not looking for answers like "look at xyz package." Helpful responses will include a rudimentary outline to solve the problem. That is, "xyz package" might indeed be what the WISP needs, but some guidance how to use xyz is needed to move down the road.I have no experience with this type of thing. I appreciate responses from people who are experienced.
I have a network connection between 3 computers sharing the same net bandwidth with the same router (modem), I wanted to know how much every one of this network taking from the bandwidth, I want an easy program like switch-sniffer (see the pic) to scan the network and tell me how much every one taking from this network in real time.
I have a linux box that I'm using to mount a windows 7 share with samba or cifs. The mounting itself goes fine, but directories with more subdirs or files do not seem to have all the content they actually have.
For example, viewing my music folder shows only first 37 subdirs. The ls says "total 49", which is the correct amount, but the listing itself shows only 37 first in alphapetical order.
On the other hand, my wallpaper folder contains 122 files. Ls claims there is 41872 and displays only 70.
Adding the mount option noserverino increases the listed files or dirs, but it still does not show them all.
I've tried to enable debug printk level, but dmesg doesn't show anything interesting.
I've tried to change values in /proc/fs/cifs, but it does not seem to have any effect.
I've tried changing samba package. So far I've tested with 3.5.7, 3.5.2, 3.5.4 and now 3.5.8.
My distribution was yesterday slackware 13.1. Today I upgraded to 13.37 (with samba 3.5.8) but the problem persists.
I've tried with kernel versions 2.6.35.12, 2.6.38.2 and 2.6.37.6.
I've used linuxquestions.org from time to time, but never needed to register until now.An in-depth explanation of this issue is already described over here: [URL], so I will merely quote it again here - it seems nobody knows the solution over at Ubuntu's forums...:
Quote: I recently switched my home server from debian lenny to ubuntu maverick. I've managed to port all my configs and stuff and so far I'm very happy. There's one tiny thing that's griping me, that I never experienced before with debian's (older) packages/configuration... Here's the situation: My server dials up 2 pppoe (adsl) interfaces (different isp's) with split internet routes.
If I run a general traceroute to an internet IP, all the hops which are not routed via the same interface as the destination host/IP, will appear as "* * *" in the traceroute. This was never the case before and it would be preferred to see the IP's of all routers along the way regardless of whether they are routed... (I used to be able to see IP's like 10.0.0.x before through INTERNET traceroutes if they were hops along the way [IP's which would be unreachable if traced directly], and that's no longer the case) - isn't this kinda defeating the point of traceroute?
