I am running a server program that listens on port 2811, and a few clients that communicate on that port. When I run netstat from the command line to see which process is using port 2811, I get that process 0 is also using it:
C:>netstat -ano | find ":2811"
TCP 0.0.0.0:2811 0.0.0.0:0 LISTENING 5448
TCP 127.0.0.1:62391 127.0.0.1:2811 TIME_WAIT 0
TCP 127.0.0.1:62392 127.0.0.1:2811 TIME_WAIT 0
... about 20 more similar lines with pid=0. Then:
TCP 192.168.50.64:2811 192.168.50.64:62237 ESTABLISHED 5448
TCP 192.168.50.64:2811 192.168.50.64:62262 ESTABLISHED 5448
TCP 192.168.50.64:2811 192.168.50.64:62434 ESTABLISHED 5448
TCP 192.168.50.64:62237 192.168.50.64:2811 ESTABLISHED 9472
TCP 192.168.50.64:62262 192.168.50.64:2811 ESTABLISHED 7640
TCP 192.168.50.64:62434 192.168.50.64:2811 ESTABLISHED 5076
If I understand correctly, process 0 is the idle process and it does nothing. So why should it be using my port?
Because the port is in TIME-WAIT state, which means it has been closed by both peers and is just timing out per RFC 793. So no actual process is attributable to it, so its PID shows as zero.