Why we got stale TCP connections in CLOSE_WAIT status for a long time and how to resolve this?
27 views
Skip to first unread message
Joseph Zhou
Dec 3, 2022, 1:25:33 AM12/3/22
to cas-...@apereo.org
To whom it may concern,
From time to time, maybe rotate after hours or day, we saw some stale TCP connections in CLOSE_WAIT status like the following:
java 74936 root 109u IPv6 5558780 0t0 TCP olc.wccnet.edu:39944->cust-64.79.132.101.switchnap.com:https (CLOSE_WAIT)
java 74936 root 113u IPv6 5667290 0t0 TCP olc.wccnet.edu:48712->server-65-8-49-109.ord52.r.cloudfront.net:https (CLOSE_WAIT)
java 74936 root 118u IPv6 5138832 0t0 TCP olc.wccnet.edu:45586->ec2-3-14-202-102.us-east-2.compute.amazonaws.com:https (CLOSE_WAIT)
java 74936 root 119u IPv6 5613790 0t0 TCP olc.wccnet.edu:50148->na07.alma.exlibrisgroup.com:https (CLOSE_WAIT)
java 74936 root 120u IPv6 5529494 0t0 TCP olc.wccnet.edu:54112->ec2-52-1-97-220.compute-1.amazonaws.com:https (CLOSE_WAIT)
java 74936 root 113u IPv6 5667290 0t0 TCP olc.wccnet.edu:48712->server-65-8-49-109.ord52.r.cloudfront.net:https (CLOSE_WAIT)
java 74936 root 118u IPv6 5138832 0t0 TCP olc.wccnet.edu:45586->ec2-3-14-202-102.us-east-2.compute.amazonaws.com:https (CLOSE_WAIT)
java 74936 root 119u IPv6 5613790 0t0 TCP olc.wccnet.edu:50148->na07.alma.exlibrisgroup.com:https (CLOSE_WAIT)
java 74936 root 120u IPv6 5529494 0t0 TCP olc.wccnet.edu:54112->ec2-52-1-97-220.compute-1.amazonaws.com:https (CLOSE_WAIT)
We suspect those might be used for SAML metadata connections or some other SAML related connections.
I tried to use pktcap-uw to catch what's there, however it seemed that we got nothing in a short time window which could show us any network traffic related to those connections.
Is there any new version of CAS software or any way to get this resolved ?
Appreciate your help very much!
Joe
Reply all
Reply to author
Forward
0 new messages