This post will provide details on TCP connections reporting ‘CLOSE_WAIT’ states. The possible state values for TCP sockets are as follows:
| BOUND | Bound, ready to connect or listen. |
|---|---|
| CLOSED | Closed. The socket is not being used. |
| CLOSING | Closed, then remote shutdown; awaiting acknowledgment. |
| CLOSE_WAIT | Remote shutdown; waiting for the socket to close. |
| ESTABLISHED | Connection has been established. |
| FIN_WAIT_1 | Socket closed; shutting down connection. |
| FIN_WAIT_2 | Socket closed; waiting for shutdown from remote. |
| IDLE | Idle, opened but not bound. |
| LAST_ACK | Remote shutdown, then closed; awaiting acknowledgment. |
| LISTEN | Listening for incoming connections. |
| SYN_RECEIVED | Active/initiate synchronization received and the connection under way |
| SYN_SENT | Actively trying to establish connection. |
| TIME_WAIT | Wait after close for remote shutdown retransmission. |
‘CLOSE_WAIT‘ state means the other end of the connection has been closed while the local end is still waiting for the application to close.
Details
‘CLOSE_WAIT’ state on tcp connections occurs if the system has not received a close system call from the application, after having received notification (‘FIN’ packet) from the other system that it has closed its endpoint. In other words it means that the local end of the connection has received ‘FIN’ from the other end, but the OS is waiting for the program at the local end to actually close its connection.
The problem is that a program running on the local machine is not closing the socket. It is not a TCP tuning issue. A connection can stay in ‘CLOSE_WAIT’ forever while the program holds the connection open. So mostly this issue happens due to an application bug. However if TCP/IP parameters are not properly set, closed TCP/IP connections will stay for a very long time in various ‘CLOSE’ states which take file descriptors from the process. In order to solve this problem, sometimes it is necessary to tune TCP/IP parameters in /etc/sysctl.conf (such as those net.ipv4.tcp_xxx parameters), so that TCP/IP connections are closed in a short amount of time.
Technical Blog for System Administrator 