I'm using AWS linux / RHEL and I am trying to identify & remove zombie PIDs that are hogging ports to ensure clean start/stopping of application services.
man lsof -i : will give me the "listing of files any of whose Internet address matches the address specified in i." so in this case my current hosts's .
[sas@hostname init.d]$ sudo lsof -i:8983
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 4670 solr 154u IPv6 25276 0t0 TCP *:8983 (LISTEN)
man ss -lp will give me the "socket statistics" for all listening ports and their associated PID.
[sas@hostname init.d]$ sudo ss -lp 2>/dev/null | grep 8983
tcp LISTEN 0 50 *:8983 *:* users:(("java",pid=4670,fd=154))
I would expect the two to match all the time, so what is going on here?
[sas@hostname init.d]$ sudo ss -lp 2>/dev/null | grep 8080
[sas@hostname init.d]$
[sas@hostname init.d]$ sudo lsof -i:8080 | grep -v CLOSE_WAIT
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 17493 sas 469u IPv6 71422 0t0 TCP *:webcache (LISTEN)
java 17493 sas 689u IPv6 282980 0t0 TCP localhost:webcache->localhost:60754 (ESTABLISHED)
java 26885 sas 1160u IPv6 286908 0t0 TCP localhost:60754->localhost:webcache (ESTABLISHED)
## Showing that ss does grab this webcache thing:
[sas@hostname init.d]$ sudo ss -lp 2>/dev/null | grep web
tcp LISTEN 0 100 *:webcache *:* users:(("java",pid=17493,fd=469))
Is there something ss is missing? Am I looking for the wrong thing? Why does lsof catch the port and ss not catch a listening port?
You are grepping the
ssoutput on the port. By defaultss(and most other tools) output service names instead of port numbers. Apparently port 8080 is mapped to the webcache service name.Use
ss --numericto output port numbers.