netstat question
 

Hello All,

There are so many time_wait in our server and when I do netstat -a and it takes so long to response.

How do we who initiated the connection?

hostname.568 remotehostname 632 0 24820 0 TIME_WAIT

Thanks in advance.

Hi -

Q: Did all/most of the other connections in time wait also use port 568?

Q: Did they come from the same remote host?

Q: Does "netstat" show you which process is *listening* on port 568?

1. You can use "lsof" to see which processes are using which TCP ports

2. You can use wireshark to take a trace of what's happening.

Here's one other link that might help:

http://www.cyberciti.biz/tips/netsta...-examples.html

Do we need to find the process to determine who initiated it?

From what information you've given, it sounds like your server is listening on port 568 on your local host (the one you ran "netstat -a" on), and "remotehost" is the guy who connected to it.

If you've got a lot of "TIME_WAIT" ... and they're mostly the same port (e.g. "568") ... then it sounds like your service is being heavily used (a lot of - probably short term - connections).

And I would think you probably (if you don't already happen to know) want to figure out what it is, and what it's being used for.

Hence "lsof" and friends.

'Hope that helps .. PSM

Q: So did you ever find out where all the TIME_WAIT's were coming from?