When I use ss (socket statistics) to show the usages of port 5432 I get:
$ sudo ss -ln | grep -E 'State|5432' Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess u_str LISTEN 0 244 /var/run/postgresql/.s.PGSQL.5432 54481 * 0 tcp LISTEN 0 244 127.0.0.1:5432 0.0.0.0:* When using lsof (list of open files) instead I get no result:
$ sudo lsof -i tcp:5432 Why is that?
Related to:
- Why do nmap, ss (netscan?) and lsof give different results?
- Difference between lsof -i : & socket statistics ss -lp | grep ?
Edit with answers from comments:
sudo ss -lnpdoes not show the pid of the process(es) that have that listening socket- the
127.0.0.1:5432 0.0.0.0:*on the last line was a copy-paste error, sorry about that, I have removed it - I am running those commands in a WSL terminal, Postgres is not running anywhere
Edit with new findings:
I have found out this is happening only when Docker Desktop is running (even though there is no container running): ss doesn't output anything once I quit Docker Desktop. It looks like this might be an issue somehow related with Docker Desktop: I have reported it in this GitHub issue.
sudo ss -lnpshow the pid of the process(es) that have that listening socket?ssoutput?lsofneeds/proc, whilessdoesn't unless you use-p.lsof's documentation is wrong (at least on Linux), and it doesn't need to access /dev/[k]mem to do its thing, but simply walks /proc/*/fd and talks to netlink to get network info. But seriously, no good reason to use lsof to monitor TCP ports: a quickstrace lsof -i tcp:1234tells us thatlsofstill walks all /proc/*/fd/* (that's over 10000 on my machine right now), although it needs none of that. Simply don't uselsoffor a job it's not meant to do.