Sockets found by lsof but not by netstat

networking linux tcp udp socket

This can occur if you create a socket, but never connect() or bind() with it. Your best bet may be to strace (-fF) the application, and then cross-reference with the output of lsof to determine which sockets are causing the issue. As a bonus method of debugging: if you wrap your socket calls with debugging information and write them out to /dev/null, it'll appear in strace without giving you hilariously-large log files.


Using Python, I have encountered the same problem on SSL sockets:

  • When I use socket.close(), the socket stays in CLOSE_WAIT state for an indefinite time
  • when I use socket.shutdown(), lsof says "can't identify protocol"

The solution was to unwrap the SSL layer before closing:

  • origsock = socket.unwrap()
  • origsock.close()

This closes the sockets properly in my app.

Related

Window 256 characters path name limitation
VPN within a Remote Desktop session
pg_dump backup compression
ulimit -n not changing - values limits.conf has no effect
Command line tools to analyze Apache log files [closed]
Mirrored Mode RAM: Is it worth it?
How to keep time on resumed KVM guest with libvirt?
What is the Rowhammer DRAM bug and how should I treat it?
How to assign an empty value to a variable in Ansible?
Suspicious .htaccess File
How long should resize2fs take on a 1TB partition?
Should I be using iptables or ufw?