Sometimes you want to find a Process ID associated with network activity on your system. For example, you may be looking at the sockets in an ESTABLISHED state on your system and you see one that cannot be readily identified to a running process.
# netstat -Aan | grep EST 702f79f0 tcp4 0 0 192.168.1.113.3276 192.168.1.113.3277 ESTABLISHED
The remove socket command was designed to provide a means to clean up after an application that did not exit gracefully and left TCP sockets open without associated processes and file descriptors that used them. In development and testing environments, use of rmsock can save valuable time. The rmsock command will not remove a socket that still has a valid file descriptor, but instead returns the identity of the process owner. When we use the rmsock command on the same socket PCB address of 702f79f0, we get the following:
# rmsock 702f79f0 tcpcb The socket 0x702f7800 is being held by process 8840 (snmpdv3ne).