Re: TCP connection is still in ESTABLISH state actually it is disconnected

[Andrew Hood <ajhood () fl net au>]

Bo Xu wrote:
> Hello Guys ,
>
>          Today I have found 2 TCP connection is in ESTABLISH state while the
> peer side said they have already disconnected the connection ,
>
> but even they stopped the application , the 2 TCP connection is till there
> :(  .
>
>          Now I am wondering when the OS will release these 2 fake ESTABLISH
> connection .  I digged this issue by google , and I have found
>
> these parameter in  my OS which is AIX 5.8 .  So AIX will release these 2
> connection according the tcp_keepidle (2 hours ) , Am I right ?
>
> And what tcp_keepintvl  stands for ?
>
>         tcp_keepidle = 14400
>              tcp_keepinit = 150
>             tcp_keepintvl = 150

Let me guess. The AIX and peer are separated by a firewall.

There was an APAR applied to AIX 4.3.3 and built in to all later
versions to force AIX to behave according to RFC 1122. This requires
that tcp keepalives only be sent if the application explicitly requests
them. This is done by calling setsockopt() with the SO_KEEPALIVE option
value set to 1.

I have never been able to find an option to restore the non-RFC
compliant behaviour, and this cause us lots of grief.

The only way to get those connections to close is to create a new
connection from the peer with that same port numbers, or fake an RST
packet, or stop/start the process owning them.

-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe