Wireshark-users: Re: [Wireshark-users] TCP connection is still in ESTABLISH state actually it is
At 11:16 AM 5/30/2010, Bo Xu wrote:
Hello Guys ,
Today I have found 2 TCP connection is in ESTABLISH state while
the peer side said they have already disconnected the connection ,
but even they stopped the application , the 2 TCP connection is till
there :( .
Now I am wondering when the OS will release these 2 fake
ESTABLISH connection . I digged this issue by google , and I have found
these parameter in my OS which is AIX 5.8 . So AIX will release these
2 connection according the tcp_keepidle (2 hours ) , Am I right ?
And what tcp_keepintvl stands for ?
tcp_keepidle = 14400
tcp_keepinit = 150
tcp_keepintvl = 150
My understanding is that tcp_keepidle is the time before the first
keep-alive probe is sent. If no response is received, tcp_keepintvl
determines how often subsequent probes are sent. tcp_keepcnt determines
how many probes are sent without a response before the connection is dropped.
Since I believe those values for AIX are in unit of 1/2 seconds, after 2
hours the first probe will be sent. Every 75 seconds another probe will be
sent. When the tcp_keepcnt number have been sent (probably something like
8) with nothing received, the connection will be dropped. So I would
expect the connection to be dropped about 2 hours and 11 minutes after the
connection goes idle.
