I have a lot of ports in WAIT states. Why?
The state of sockets can be seen with the "netstat -a" command. Whena process attempts to close an ESTABLISHED connection, the transition
will show a number of WAIT states, depending on which stage of the
shutdown the port is at.
When the initial FIN is sent from side a) of the connection, side a)
will change to FIN_WAIT_1, side b) will change to CLOSE_WAIT, and
acknowledge the FIN packet. The acknowledgement causes side a) to
change to FIN_WAIT_2. A socket will rarely be in FIN_WAIT_1 for
more than a couple of seconds unless there is a problem with
communications. In this state, data may still be sent from side b)
to side a), but not vice versa. When side b) receives a close from
the associated application, or the FIN_WAIT_2_FLUSH_INTERVAL is
reached without data being sent, it will send a FIN and change to
LAST_ACK. Side a) moves to TIME_WAIT upon receiving this FIN and
acknowledges the packet, causing any references to this connection on
side b) to disappear. The socket in TIME_WAIT will remain for twice
the maximum segment lifetime (normally a total of four minutes) before
dropping, in case dropped data packets are resent and misinterpreted
by a new application on this port.
Thanks to Stuart Whitby
| Home | FAQ |
XML Feeds