In lsof output what are those 'sock' lines?

lsof

This line is displayed when lsof cannot find additional informations on the TCP socket: it knows it's a TCP socket but not more.

There are two reasons I can think of:

  • Unlikely: the socket is still not listening nor connecting: ie a server or client used for example socket(AF_INET, SOCK_STREAM, 0) to create a TCP socket but didn't call yet listen(2) or connect(2). This could be caused by lack of resources or a buggy software.

  • Most likely today: the process seen by lsof runs in an other network namespace, typically in a container (Docker, LXC, LXD ...) and thus lsof doesn't have access to the relevant information and doesn't display it.

    You should then run lsof from the same network namespace as the process. The lsns and nsenter commands can greatly help for this. For your case this would then probably work:

      nsenter -t 829 --net lsof -n -p 829

In normal cases lsof would display IPv4 or IPv6 instead of sock and would have additional informations, like listening port or addresses involved. Even a connection still ongoing would be displayed with the addresses involved and for example SYN_SENT.

Related

Kubernetes rename cluster
Libvirt has no KVM capabilities even though qemu-kvm works
Slow RAID performance for Samsung EVO's
Cache SSD shutdown data loss
Generating a MD5 Hash with Qt
How can I get mouse selection to work in emacs and iTerm2 on Mac?
How to ping or check status of WCF service using net.tcp endpoint from remote server?
When to use Hibernate projections?
Setting a string in a body of httpResponse
Running two commands sequentially in a cron job?
utf8_bin vs. utf_unicode_ci
Redirect Python 'print' output to Logger