How to kill a TCP connection which has status TIME_WAIT & no PID

Davinder31may · June 25, 2010, 6:30am

Hi,

I want to kill TCP connections which have status as TIME_WAIT & no PID

(as per the output of the "netstat - p" command).

Is there any command/utility available to kill connections to a specific port or IP address.

The problem is that these connections don't have process ID (see below).

[remedy@CNDAUNREDBOP13 ~]$ netstat -p |grep 56000
tcp        0      0 CNDAUNREDBOP13:59388        10.5.45.39:56000            TIME_WAIT   -
tcp        0      0 CNDAUNREDBOP13:59389        10.5.45.39:56000            TIME_WAIT   -
tcp        0      0 CNDAUNREDBOP13:59390        10.5.45.39:56000            TIME_WAIT   -
tcp        0      0 CNDAUNREDBOP13:59385        10.5.45.39:56000            TIME_WAIT   -
tcp        0      0 CNDAUNREDBOP13:59386        10.5.45.39:56000            TIME_WAIT   -
tcp        0      0 CNDAUNREDBOP13:59411        10.5.45.39:56000            TIME_WAIT   -

thiemel · June 29, 2010, 3:33am

Hi,
there are two ways of "killing" TIME_WAIT connection:
1) change time of ip_conntrack_timeout_time_wait (via sysctl or by writing number of seconds to /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait by "echo" command)
2) use "lsof" (list opened files) command, eg:

gate1:~# lsof -n -i@127.0.0.1
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd      878 thiemtom   12u  IPv4 276087      0t0  TCP 127.0.0.1:57480->127.0.0.1:openvpn (ESTABLISHED)
sshd      878 thiemtom   13u  IPv4 276139      0t0  TCP 127.0.0.1:60649->127.0.0.1:xmpp-client (ESTABLISHED)
named    1494     bind   20u  IPv4   5358      0t0  TCP 127.0.0.1:domain (LISTEN)
named    1494     bind   26u  IPv4   5371      0t0  TCP 127.0.0.1:953 (LISTEN)
named    1494     bind  512u  IPv4   5357      0t0  UDP 127.0.0.1:domain 
lwresd   1591     root  512u  IPv4   5589      0t0  UDP 127.0.0.1:921 
ntpd     1605      ntp   18u  IPv4   5618      0t0  UDP 127.0.0.1:ntp 
openvpn  1637   nobody    7u  IPv4 276088      0t0  TCP 127.0.0.1:openvpn->127.0.0.1:57480 (ESTABLISHED)
epmd     1707 ejabberd    4u  IPv4   6890      0t0  TCP 127.0.0.1:4369->127.0.0.1:39726 (ESTABLISHED)
zebra    1708   quagga    9u  IPv4   6480      0t0  TCP 127.0.0.1:zebra (LISTEN)
ospfd    1758   quagga    7u  IPv4   6548      0t0  TCP 127.0.0.1:ospfd (LISTEN)
beam     1816 ejabberd    8u  IPv4   6889      0t0  TCP 127.0.0.1:39726->127.0.0.1:4369 (ESTABLISHED)
beam     1816 ejabberd   20u  IPv4   7591      0t0  TCP 127.0.0.1:5555 (LISTEN)
beam     1816 ejabberd   22u  IPv4   7756      0t0  TCP 127.0.0.1:5555->127.0.0.1:40447 (ESTABLISHED)
beam     1816 ejabberd   24u  IPv4 276140      0t0  TCP 127.0.0.1:xmpp-client->127.0.0.1:60649 (ESTABLISHED)
python   1840   pyicqt    3u  IPv4   7755      0t0  TCP 127.0.0.1:40447->127.0.0.1:5555 (ESTABLISHED)
sshd    29453     root    8u  IPv4 311274      0t0  TCP 127.0.0.1:6010 (LISTEN)

But I don't see the reason why to "kill" TCP_WAIT connection - it will timeout itself after some time (see ip_conntrack_timeout_time_wait)

agn · June 29, 2010, 3:47am

There's a utility called tcpdrop on BSDs. Not sure if its ported to any other OS.

gsiva · June 29, 2010, 8:02pm

What is the same scenario if there is snyc_rec instead of time_wait. So how to kill those process.

fpmurphy · June 29, 2010, 10:04pm

BSD's tcpdrop is not available on Linux because Linux does not support the TCPCTL_DROP ioctl (or the equivalent TCP_IOC_ABORT_CONN in Solaris) There is pushback against introducing such an ioctl in Linux every time the issue is raised.