Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I understand that TIME_WAIT in netstat is the ports that are just waiting for a period of time, and that's normal to have some in there.
My question is, at what point do you know that it's too high? Is there a max connections in there somewhere, or can it just keep on going up and they are just waiting and that's fine? If there is a limit, does it matter what speed network card you have?
that is a rather high number of TIME_WAIT sockets (if we are talking a home pc without a server). There are ways to adjust both the maximum number of connections and the length of the time wait but I think the First and most appropriate step would be to determine what was causing all the TIME_WAIT sockets. Usually these are sockets that are finished being used and just a waiting a recommended amount of time to be sure all data clears them.
things that cause high TIME_WAIT sockets can be running a busy http server, P2P software (Gnutella/Bittorrent/etc make and release tons of connection while running), etc there is a chance it could be a DoS attack but the # of sockets doesn't seem high enough for that.. it looks more like you have some app running that is just very busy on the net and one that is using a lot of short lived connections.
I'd only suggest tuning the TCP settings if you are running a server and finding that your TCP stack is bring over run but even then it'd probably be best to adjust the server rather then the TCP stack.. If you are just running a home computer you might want to see what app is responsible for the connections, netstat -tuvnap the "p" will let you see which process is causing the if you just see a - in the PID/Program column then you need to sudo netstat -tuvnap
once you have identified the offending application you can tell it to reduce the # of connection it makes, or stop running it, or whatever.
I read. I agree with solution, but suppose if there are many processes that offending applications then to reduce the # of connection it makes, or stop running it, or whatever. It will take too much time.
This way, you make sure the kernel will remove faster the already dead connection. I would love to give you a better explanation, but I'm not very good at it. Anyway try it out, wont do anything bad, in any case if it doesnt do the job just remove them from sysctl.conf and reboot computer.
Time to hold socket in state FIN-WAIT-2, if it was closed by our side. Peer can be broken and never close its side, or even died unexpectedly. Default value is 60sec. Usual value used in 2.2 was 180 seconds, you may restore it, but remember that if your machine is even underloaded WEB server, you risk to overflow memory with kilotons of dead sockets, FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1, because they eat maximum 1.5K of memory, but they tend to live longer. Cf. tcp_max_orphans.
How often TCP sends out keepalive messages when keepalive is enabled. Default: 2hours.
How frequent probes are retransmitted, when a probe isn't acknowledged. Default: 75 seconds.
Enable fast recycling TIME-WAIT sockets. Default value is 1. It should not be changed without advice/request of technical experts.
This allows reusing sockets in TIME_WAIT state for new connections when it is safe from protocol viewpoint. Default value is 0 (disabled). It is generally a safer alternative to tcp_tw_recycle