PEEID=$(sudo pgrep -u root ) && for device in `sudo lsof -anP -i -u root | grep ':9814' | awk '{print $6}'` ; do echo "${device} time" ; sudo find /proc/1/fd -lname "socket:[${device}]" -printf %T+\n 2> /dev/null ; echo ; done
This questions was helpful to me, but I found using lsof instead of netstat let me avoid all the HEX stuff:
For a process ${APP} run by user ${USER}, the following returns all the open sockets to the IP address ${IP}:
PEEID=$(sudo pgrep -u ${USER} ${APP}) && for i in `sudo lsof -anP -i -u logstash | grep ${IP} | awk '{print $6}'` ; do echo "${device} time" ; sudo find /proc/${PEEID}/fd -lname "socket:[${device}]" -printf %t 2> /dev/null ; echo ; done
The lsof contains the PID too, but I am not sure how to get it and the device number.
This was tested on Amazon Linux.