TCP netstat TIME_WAIT & CLOSE_WAIT

TIME_WAIT is different from CLOSE_WAIT, and it's not necessarily a client-side fault. It happens due to how TCP handles connection termination.

Key Differences

TCP State Cause Who is responsible? Fix/Optimization
CLOSE_WAIT Server didn't close() the socket after client closed it. Server-side issue (socket left open). Ensure close(client_fd); is always called.
TIME_WAIT Server closed the socket first, waiting to ensure the client received the FIN. Normal behavior (not necessarily a problem). Use SO_LINGER or SO_REUSEADDR to mitigate excessive TIME_WAIT.

Why Does TIME_WAIT Happen?

  • When your server calls close(client_fd); , it sends a FIN to the client.
  • If the client follows the normal TCP closure process , it replies with ACK and sends its own FIN, which your server then ACKs.
  • Your server enters TIME_WAIT for 2×MSL (Maximum Segment Lifetime, usually 60s total) to ensure any delayed packets are handled before fully releasing the connection.

Is TIME_WAIT the Client's Fault?

  • If the client closes the connection first , the server goes to CLOSE_WAIT (which we fixed).
  • If the server closes first , TIME_WAIT is expected.
  • Too many TIME_WAIT sockets? It usually means many short-lived connections are being closed quickly.

How to Reduce TIME_WAIT Issues?

  1. Enable SO_REUSEADDR

    • Allows immediate reuse of the same port, even in TIME_WAIT state.
    c 复制代码
    int opt = 1;
    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
  2. Use SO_LINGER to Force Immediate Closure

    • Not recommended unless necessary, as it can cause packet loss.
    c 复制代码
    struct linger sl;
    sl.l_onoff = 1;  // Enable linger
    sl.l_linger = 2; // Close socket after 2 seconds
    setsockopt(client_fd, SOL_SOCKET, SO_LINGER, &sl, sizeof(sl));
  3. Keep Connections Open Longer

    • If possible, reuse connections instead of opening/closing frequently.
  4. Tune TCP Stack (sysctl)

    • Reduce TIME_WAIT timeout if necessary:
    sh 复制代码
    sudo sysctl -p | grep net.ipv4.tcp_fin_timeout  # net.ipv4.tcp_fin_timeout = 2
    sysctl -w net.ipv4.tcp_fin_timeout=30

Conclusion

  • CLOSE_WAIT is a server-side issue (fixed by properly closing sockets).
  • TIME_WAIT is expected behavior when the server closes first.
  • Too many TIME_WAIT sockets? Use SO_REUSEADDR , linger options , or connection pooling if appropriate.
相关推荐
laoli_coding4 小时前
如何配置HTTPS站点访问的免费SSL域名证书
网络协议·https·node.js·ssl
IpdataCloud6 小时前
担心IP暴露隐私?用安全IP查询工具自查,三步配置网络出口
网络·tcp/ip·安全·ip
xy34536 小时前
wireshark 如何捕获信息
网络·测试工具·渗透测试·wireshark
玖玥拾8 小时前
C# 语言进阶(十五)C# 游戏服务端 MySQL 数据库
服务器·开发语言·网络·数据库·mysql·c#
一个有温度的技术博主9 小时前
【VulnHub 实战】DC-1 靶机渗透测试笔记(一):信息收集与主机发现
服务器·网络·笔记
白帽小阳10 小时前
2026前端面试题!(附答案及解析)
javascript·网络·python·安全·web安全·网络安全·护网行动
hehelm11 小时前
Linux网络编程—TCP字典翻译系统
linux·开发语言·网络·c++·tcp/ip
持力行12 小时前
D-BUS会话总线
运维·网络
pt104312 小时前
思科网络自动化-API常用数据编码格式(JSON/XML/YAML)课程与实践
linux·服务器·网络
糖果店的幽灵12 小时前
安全测试从入门到精通_网络基础与HTTPS
网络·https·php