In my custom linux image using netstat 1.42 (2001-04-15) from the package net-tools 1.60 I am seeing different behaviors for different linux versions..

On Linux 5.4.28:

# netstat -tnp | grep ESTABLISHED
tcp        0      0 <local_ip>:22          <client_ip>:14321       ESTABLISHED 29342/1
tcp        0     40 <local_ip>:22          <client_ip>:22470       ESTABLISHED 28443/0

On Linux 5.10.65:

#  netstat -tnp | grep ESTABLISHED
tcp6       0     52 <local_ip>:22          <client_ip>:22470       ESTABLISHED 1/init
tcp6       0     52 <local_ip>:22          <client_ip>:33679       ESTABLISHED 1/init

The thing to note here is that on Linux 5.10, netstat shows PID as 1 and process as init for all ssh sessions. But in older linux, I am seeing correct PIDs for all ssh sessions. I need to know the client_ip and the PID for every ssh session so I can kill the session for whichever client I want.

From online searches, I could not figure out any fixes.

One alternative that I can see till now is using who to get this output:

# who
root            pts/1           00:00   Jan 12 07:16:19  <client_ip>
root            pts/2           00:03   Jan 12 08:21:07  <client_ip>

grep this with client_ip then use ps and grep that with the second column, like ps | grep pts/1 for first client.

Is there anything I can do to netstat to fix this though? Because netstat also give the client port which is useful for me.