user2250246 user2250246 - 9 days ago 5
Linux Question

Why does netstat report lesser number of open ports than lsof

I have storm running on 2 machines.

Each machine runs nimbus process (fancy for master process) and worker processes.

And I wanted to see the communication between them - what ports are open and how they connect to each other.

$ netstat -tulpn | grep -w 10669
tcp 0 0 :::6700 :::* LISTEN 10669/java
udp 0 0 :::42405 :::* 10669/java


$ lsof -i :6700
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 10669 storm 25u IPv6 57830 0t0 TCP host1:50778->host2:6700 (ESTABLISHED)
java 10669 storm 26u IPv6 57831 0t0 TCP host1:6700->host2:57339 (ESTABLISHED)
java 10669 storm 29u IPv6 57843 0t0 TCP host1:6700->host1:50847 (ESTABLISHED)
java 10669 storm 53u IPv6 57811 0t0 TCP *:6700 (LISTEN)
java 10681 storm 53u IPv6 57841 0t0 TCP host1:50780->host2:6700 (ESTABLISHED)
java 10681 storm 54u IPv6 57842 0t0 TCP host1:50847->host1:6700 (ESTABLISHED)


What I dont understand from the above output is that why netstat does not show port 50778 being open in the process with PID=10669 where as
lsof
clearly shows that the same process has an established connection as
host1:50778->host2:6700

Answer

netstat -l limits the results to listening sockets, and prevents the display of sockets in other states.

Try this instead:

netstat -anp | egrep :6700