Re: TCP connection is still in ESTABLISH state actually it is disconnected

[Andrew Hood <ajhood () fl net au>]

Bo Xu wrote:
> It is still in Established  state after 13 hours .
>
> 2010-5-31 1:40:29  state information
>
> tcp4       0      0  10.7.127.104.6553      10.7.184.23.61537
> ESTABLISHED
> tcp4       0      0  10.7.127.104.6553      10.7.184.23.65274
> ESTABLISHED
>
> 2010-5-31 14:43:30 state information
> tcp4       0      0  10.7.127.104.6553      10.7.184.23.61537
> ESTABLISHED
> tcp4       0      0  10.7.127.104.6553      10.7.184.23.65274
> ESTABLISHED
>
> Now I am doing the tcpdump in my AIX server , the file size is still 0 after
> about 10 minutes .
>
> According to MR.Andrew  point , if the SO_KEEPALIVE option is 0 which is set
> by application , so these 2 connection will be in Established state for ever
> ?

Correct. If SO_KEEPALIVE is 0 - the default value - AIX will never close
the connection.

If keepalives were being used, you would have to wait tcp_keepidle/2
seconds after the last data packet before a keepalive test packet was
sent. Your 10 minute tcpdump is unlikely to see one. You would need to
run it for at least tcp_keepidle/2 seconds.

The two zeroes in your netstat output are the receive and send queue
lengths. If they were non-zero and the other end of the connection was
down, TCP duplicate ACKs and/or retransmits would have closed the
connection within a couple of minutes.

You did not confirm or deny my hypothesis that there was a firewall in
the path.

-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe