Wireshark mailing list archives
Re: TCP connection is still in ESTABLISH state actually it is disconnected
From: Bo Xu <xubo.leo () gmail com>
Date: Mon, 31 May 2010 20:22:44 +0800
Hello Andew ,
There is firewall in the whole path .
I have captured the packets about 3 hours , the file size is 24 , but
after i download it ,there is not any packets.
-rw-r--r-- 1 root system 24 May 31 19:34 65274.pcap
So if i want to fix this issue , i have to change my application code
slightly ?
BR
Xu Bo
On Mon, May 31, 2010 at 7:58 PM, Andrew Hood <ajhood () fl net au> wrote:
Bo Xu wrote:It is still in Established state after 13 hours . 2010-5-31 1:40:29 state information tcp4 0 0 10.7.127.104.6553 10.7.184.23.61537 ESTABLISHED tcp4 0 0 10.7.127.104.6553 10.7.184.23.65274 ESTABLISHED 2010-5-31 14:43:30 state information tcp4 0 0 10.7.127.104.6553 10.7.184.23.61537 ESTABLISHED tcp4 0 0 10.7.127.104.6553 10.7.184.23.65274 ESTABLISHED Now I am doing the tcpdump in my AIX server , the file size is still 0afterabout 10 minutes . According to MR.Andrew point , if the SO_KEEPALIVE option is 0 which issetby application , so these 2 connection will be in Established state forever?Correct. If SO_KEEPALIVE is 0 - the default value - AIX will never close the connection. If keepalives were being used, you would have to wait tcp_keepidle/2 seconds after the last data packet before a keepalive test packet was sent. Your 10 minute tcpdump is unlikely to see one. You would need to run it for at least tcp_keepidle/2 seconds. The two zeroes in your netstat output are the receive and send queue lengths. If they were non-zero and the other end of the connection was down, TCP duplicate ACKs and/or retransmits would have closed the connection within a couple of minutes. You did not confirm or deny my hypothesis that there was a firewall in the path. -- There's no point in being grown up if you can't be childish sometimes. -- Dr. Who ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- TCP connection is still in ESTABLISH state actually it is disconnected Bo Xu (May 30)
- Message not available
- Re: TCP connection is still in ESTABLISH state actually it is disconnected Jack Jackson (May 30)
- Message not available
- Re: TCP connection is still in ESTABLISH state actually it is disconnected Andrew Hood (May 30)
- Re: TCP connection is still in ESTABLISH state actually it is disconnected Bo Xu (May 31)
- Re: TCP connection is still in ESTABLISH state actually it is disconnected Andrew Hood (May 31)
- Re: TCP connection is still in ESTABLISH state actually it is disconnected Bo Xu (May 31)
- Re: TCP connection is still in ESTABLISH state actually it is disconnected Andrew Hood (May 31)
- Re: TCP connection is still in ESTABLISH state actually it is disconnected Bo Xu (May 31)