netstat shows an ESTABLISHED connection with no process

Question

I am debugging some problems with postfix. When I establish a connection nothing happens and netstat shows:

$ netstat -anp
...
tcp        0      0 129.132.202.106:25          129.132.179.232:60154       ESTABLISHED -                   

Why is the process missing?

lsof does not show the established connection

$ lsof -n -i :25
COMMAND   PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
master   6139    root   11u  IPv4 472858      0t0  TCP 127.0.0.1:smtp (LISTEN)
master  20033    root   11u  IPv4 523921      0t0  TCP 129.132.202.106:smtp (LISTEN)
smtpd   20042 postfix    6u  IPv4 523921      0t0  TCP 129.132.202.106:smtp (LISTEN)

Traffic:

11:26:44.182443 IP 129.132.179.232.59517 > 129.132.202.106.25: S 3522488764:3522488764(0) win 65535 <mss 1460,nop,wscale 5,nop,nop,timestamp 73851028 0,sackOK,eol>
11:26:44.182831 IP 129.132.202.106.25 > 129.132.179.232.59517: S 3950923498:3950923498(0) ack 3522488765 win 5792 <mss 1460,sackOK,timestamp 18832449 73851028,nop,wscale 7>
11:26:44.183150 IP 129.132.179.232.59517 > 129.132.202.106.25: . ack 1 win 4117 <nop,nop,timestamp 73851029 18832449>

and then nothing more

How do I find out why the listening process is not there? If I attach strace to master nothing is shown. No activity whatsoever during the attempted connection.

Answer 1

You need to run netstat using sudo.

Without root privileges, netstat is unable to go poking around in the processes of other users (denoted by a - in the last column of your output), so the -p option will only identify processes owned by you, and this process is apparently not owned by you.

So the solution simply becomes:

sudo netstat -apn