How to kill a tcp connection
Joom
With netstat -an I see all the connection from/to my machine.
When a connection has a state CLOSE_WAIT during some hours, I think this
should be sleeping or has some problem.
How could I kill it?What's command?
Ex:
netstat -an
tcp4 127.0.0.1.199 127.0.0.32774 CLOSE_WAIT
Could someone help me, some idea?
Thanks
jmm
Jurjen Oskam
> netstat -an
> tcp4 127.0.0.1.199 127.0.0.32774 CLOSE_WAIT
>
> Could someone help me, some idea?
CLOSE_WAIT means that the connection was closed by the other end.
At this point the application on your end has two options:
1) Also close the connection, going from CLOSE_WAIT to LAST_ACK
and then the connection is gone
2) Continue sending data to the application on the other end. The
other end can't send anything back over this connection, since
it has closed its end of the connection.
Option 1 is what almost always happens.
Anyway: the application on your end doesn't close the connection
for some reason. That reason might be legitimate or it might not,
there's not much to go on with the information you provided I'm
afraid.
--
Jurjen Oskam
PGP Key available at http://www.stupendous.org/
Joom
The source and the destination from this connection CLOSE_WAIT is the same
machine and use snmpd.
If you need more info, please ask me!
On the other hand, if one time I'll see a connection ESTABLISHED from a
"foreigner" I couldn't remove it?
Thanks for u answers,
-jmm
"Jurjen Oskam" <jos...@quadpro.stupendous.org> wrote in message
news:slrnbkpuaj...@calvin.quadpro.stupendous.org...
Jurjen Oskam
[Connections in CLOSE_WAIT]
> Do you means that I doesn't have the possibilities to kill this connections?
Of course you have. One is to reboot the machine.
But the first thing is to determine if you have a problem at all. Why do you
think these CLOSE_WAIT connections are bad? Did they start to appear suddenly?
Has it always been like this? Is something not working which was working
before?
You say these connections are from snmpd. Check its logfile to see if
something is wrong.
> On the other hand, if one time I'll see a connection ESTABLISHED from a
> "foreigner" I couldn't remove it?
What do you mean by "foreigner"? If you have an unwanted TCP connection,
you should prevent that connection from succeeding in the first place
(for example, with a firewall) and not try to remove it when it's
already established.
An ESTABLISHED connection can normally only be closed by the application(s)
involved.
Joom
> In article <3f4d9ee1$0$28824$5402...@news.sunrise.ch>, Joom wrote:
>
> [Connections in CLOSE_WAIT]
> > Do you means that I doesn't have the possibilities to kill this
connections?
>
> Of course you have. One is to reboot the machine.
Yeah, but not the best solutions, I think....
>
> But the first thing is to determine if you have a problem at all. Why do
you
> think these CLOSE_WAIT connections are bad? Did they start to appear
suddenly?
> Has it always been like this? Is something not working which was working
> before?
>
> You say these connections are from snmpd. Check its logfile to see if
> something is wrong.
The following message appears continuously in the snmp logfile:
08/27/03 18:14:59 EXCEPTIONS: simpleOpen rejected (badIdentity): 0.0 (SMUX
160.xx.xx.30+39884+58)
08/27/03 18:46:38 NOTICE: SMUX relation started with (160.xx.xx.30+39897+59)
08/27/03 18:46:38 NOTICE: SMUX packet from (160.xx.xx.30+39897+59)
08/27/03 18:46:38 EXCEPTIONS: simpleOpen rejected (badIdentity): 0.0 (SMUX
160.xx.xx.30+39897+59)
08/27/03 20:03:38 NOTICE: SMUX relation started with (160.xx.xx.30+39915+60)
08/27/03 20:03:38 NOTICE: SMUX packet from (160.xx.xx.30+39915+60)
...and that correspond with the result of netstat -an, like:
tcp4 0 0 160.xx.xx.30.39915 160.xx.xx.30.199
CLOSE_WAIT
tcp4 0 0 127.0.0.1.199 127.0.0.1.32799
ESTABLISHED
tcp4 0 0 127.0.0.1.32799 127.0.0.1.199
ESTABLISHED
the state of CLOSE_WAIT has been there for already a few days and I think
that there's a problem.
Isn't it? What do you think about that???
This's why, I'd like to delete it without having to stop the service snmpd.
Any Ideas??
Thanks
jmm
Jurjen Oskam
>> > Do you means that I doesn't have the possibilities to kill this
> connections?
>>
>> Of course you have. One is to reboot the machine.
>
> Yeah, but not the best solutions, I think....
Another one might be to stop and start the SNMP (and related) daemons,
since, as I posted earlier, CLOSE_WAIT means that the application on
*your* side doesn't close the connection. But I'm certain this won't solve
your actual problem.
> The following message appears continuously in the snmp logfile:
>
> 08/27/03 18:14:59 EXCEPTIONS: simpleOpen rejected (badIdentity): 0.0 (SMUX
> 160.xx.xx.30+39884+58)
> This's why, I'd like to delete it without having to stop the service snmpd.
You have to fix the *cause* of the problem instead of the symptoms. Manually
removing the connections in CLOSE_WAIT is a symptom, not a cause. Try to fix
snmpd. I can't really help with that, since I don't know much about it. The
"badIdentity" error in the log looks like some user/password/communityname-
error, but I really won't know.
Joom
Ok, I'll try to do that (to fix the cause of the problem) and hope to find
something.
Anyway, thank you for your help and your ideas... was great!!
jmm
"Jurjen Oskam" <jos...@quadpro.stupendous.org> wrote in message
news:slrnbkrjrc...@calvin.quadpro.stupendous.org...
Randy Romano
127.0.0.1 is loopback address, .199 is snmp port (grep 199
/etc/services)
If you don't use snmp, turn it off. "stopsrc -s snmpd". A useful
opensource command is "lsof". I believe I downloaded "lsof" from
aixpdslib.seas.ucla.edu/aixpdslib.html, search for lsof.