Solved

Brand new squid server shows many connections stuck in TIME_WAIT

Posted on 2006-07-12
10
1,207 Views
Last Modified: 2008-02-01
Hi all!

The title really says it all.  I deployed the squid server to a small number of highly used computers yesterday and this morning I checked the server with a netstat -t and saw that several of the computers were still in the TIME_WAIT state.  Is there a way that I could clear them or, better yet prevent the connections from getting stuck in this state permanently?
0
Comment
Question by:brussell123
  • 3
  • 2
  • 2
  • +1
10 Comments
 
LVL 14

Expert Comment

by:pablouruguay
ID: 17091065
do a netstat -np  and check the process that hang the connection
0
 
LVL 14

Expert Comment

by:pablouruguay
ID: 17091071
sorry netstat -ap
0
 

Author Comment

by:brussell123
ID: 17091769
All of the ESTABLISHED connections (except my ssh connection) are associated with squid.  The TIME_WAIT connections just have a "-" in the PID/Program field.
0
 
LVL 14

Expert Comment

by:pablouruguay
ID: 17092017
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 39

Expert Comment

by:noci
ID: 17095716
TIME_WAIT's are half closed connections..., The FIN packet has left your system but the FIN-ACK hasn't been received yet.
so there is no process associated anymore with the socket (hence the - in the PID field).

The problem might be a slow response from a remote system like:

Squid closes the link, your netfilter settings close down a few seconds later but the FIN-ACK hasn't been received yet.
AFTER 60 seconds that socket will get killed too.

Here is a similar reference.
http://www.mail-archive.com/netfilter-devel%40lists.samba.org/msg00644.html
0
 

Author Comment

by:brussell123
ID: 17193627
No luck.  I have resorted to simply ignoring the TIME_WAIT connections.  I have no idea what the max connections of my box is but I really cant think of what else to do except restart the server once a week at night.
0
 
LVL 39

Expert Comment

by:noci
ID: 17344119
I was on holiday since 27-07-2006, and obviously missed the update; if brussel123 want to persue or close I leave it to him
regarding the points there's no real solution only a pointer were to look, and an explanation.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17419346
PAQed with points refunded (125)

DarthMod
Community Support Moderator
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now