Help!

A connection that never closes

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Networking RSS
Next:  Bug#540504: python-scipy: please clarify license ..  
Author Message
Mark Hobley
External


Since: Jan 14, 2009
Posts: 28
PostPosted: Wed Aug 19, 2009 7:10 am    Post subject: A connection that never closes
Archived from groups: comp>os>linux>networking (more info?)
I am running Debian. I appear to have a socket that never closes:

netstat -a
tcp 0 0 neptune.markhobley:8000 118-168-141-172.dy:3388 ESTABLISHED

That socket has been open for days. I am running tcpdump against the port,
but I never see any traffic to the 118.168.141.172 host. Should I be seeing
some sort of keepalive here, and shouldn't the socket eventually close with
an idle timeout?

There is no traffic to and from that host, as far as I can tell.

Interestingly, address 118.168.141.172 is blocked via netfilter, but has
somehow managed to make the connection in the first place, though I have
not yet managed to capture the packets used to establish the connection.

Has anyone seen anything like this?

Mark.

--
Mark Hobley
Linux User: #370818 http://markhobley.yi.org/
Back to top
kevindotpaulus
External


Since: Aug 19, 2009
Posts: 1
PostPosted: Wed Aug 19, 2009 7:10 am    Post subject: Re: A connection that never closes [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Mark Hobley wrote:
> I am running Debian. I appear to have a socket that never closes:
>
> netstat -a
> tcp 0 0 neptune.markhobley:8000 118-168-141-172.dy:3388 ESTABLISHED
>
> That socket has been open for days. I am running tcpdump against the port,
> but I never see any traffic to the 118.168.141.172 host. Should I be seeing
> some sort of keepalive here, and shouldn't the socket eventually close with
> an idle timeout?
>
> There is no traffic to and from that host, as far as I can tell.
>
> Interestingly, address 118.168.141.172 is blocked via netfilter, but has
> somehow managed to make the connection in the first place, though I have
> not yet managed to capture the packets used to establish the connection.
>
> Has anyone seen anything like this?
>
> Mark.
>
see which process controls it and terminate it
netstat -ap
Back to top
David Schwartz
External


Since: Apr 29, 2007
Posts: 57
PostPosted: Wed Aug 19, 2009 7:10 am    Post subject: Re: A connection that never closes [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Aug 19, 3:08 am, markhob... RemoveThis @hotpop.donottypethisbit.com (Mark
Hobley) wrote:

> I am running Debian. I appear to have a socket that never closes:

You mean a socket that has not closed yet.

> netstat -a
> tcp        0      0 neptune.markhobley:8000 118-168-141-172..dy:3388 ESTABLISHED
>
> That socket has been open for days. I am running tcpdump against the port,
> but I never see any traffic to the 118.168.141.172 host. Should I be seeing
> some sort of keepalive here, and shouldn't the socket eventually close with
> an idle timeout?

Keepalives and idle timeouts are not typical. Some process owns that
connection and has decided that the connection is still valid.

> There is no traffic to and from that host, as far as I can tell.

No need for any. A connection can remain established with no traffic
for days or weeks. What if you have a link that's expensive to bring
up and is rarely used? Why bring it up for no reason?

> Interestingly, address 118.168.141.172 is blocked via netfilter, but has
> somehow managed to make the connection in the first place, though I have
> not yet managed to capture the packets used to establish the connection.

That may make it hard for the connection to ever close.

DS
Back to top
Mark Hobley
External


Since: Jan 14, 2009
Posts: 28
PostPosted: Sat Aug 22, 2009 3:10 pm    Post subject: Re: A connection that never closes [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
goarilla@work <kevindotpaulus.TakeThisOut@mtmdotkuleuven.be> wrote:
> see which process controls it and terminate it
> netstat -ap

Yeah. That works. I can kill the wiki server, and the connection will close.
However, after a few days, the connection will come back again.

Mark.

--
Mark Hobley
Linux User: #370818 http://markhobley.yi.org/
Back to top
Mark Hobley
External


Since: Jan 14, 2009
Posts: 28
PostPosted: Sat Aug 22, 2009 5:10 pm    Post subject: Re: A connection that never closes [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
David Schwartz <davids.TakeThisOut@webmaster.com> wrote:

> Keepalives and idle timeouts are not typical.

Right. I thought that was typical of tcp session handling.

> Some process owns that
> connection and has decided that the connection is still valid.

Right, so is session handled at application level, rather than by the
networking stack?

> No need for any. A connection can remain established with no traffic
> for days or weeks.

Ok.

> What if you have a link that's expensive to bring
> up and is rarely used? Why bring it up for no reason?

I don't know what that means. I would have thought a listening socket, and
a syn request was all that was needed to establish a link, so no expense
involved.

>
>> Interestingly, address 118.168.141.172 is blocked via netfilter
> That may make it hard for the connection to ever close.

Yeah. It is very odd. I restart the service, and the connection closes,
but becomes reestablished again after a few days. I have got tcpdump watching
this, so hopefully I will be able to capture some traffic as the connection
becomes established.

It couldn't be some sort of address redirection could it? (ie, the connection
is opened from one address that is not blocked by netfilter, but becomes
established against another address which is blocked?)

Mark.

--
Mark Hobley
Linux User: #370818 http://markhobley.yi.org/
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Networking All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum