Is it possible to configure Linux to keep a tcp connection visible for netstat/lsof after being closed? (doesn't matter the connection state). I need to detect it with netstat/lsof but if the connection is very short, it's not detected.
是否可以配置Linux以在关闭后保持netstat / lsof的tcp连接可见? (与连接状态无关)。我需要使用netstat / lsof检测它,但如果连接很短,则无法检测到。
The socket I cannot register seems to be the one that receives the first FIN
我无法注册的套接字似乎是接收第一个FIN的套接字
1 个解决方案
#1
1
It depends on which end closes the connection first.
这取决于哪一端首先关闭连接。
The port that closes first (sends the first FIN) will be in the TIME_WAIT state for a little while, the default number of seconds is in /proc/sys/net/ipv4/tcp_fin_timeout, and is normally 60 seconds, so you can see these with netstat after the program has closed the socket.
首先关闭的端口(发送第一个FIN)将处于TIME_WAIT状态一段时间,默认的秒数在/ proc / sys / net / ipv4 / tcp_fin_timeout,通常是60秒,所以你可以看到这些与程序关闭套接字后的netstat。
You can tune that if you need to, echo 120 > /proc/sys/net/ipv4/tcp_fin_timeout
如果需要,你可以调整它,回显120> / proc / sys / net / ipv4 / tcp_fin_timeout
The peer port (the one that receives the first FIN) seem to be erased immediately once it have received the FIN and sends FIN from its end - I havn't found anything to tune that behavior.
对等端口(接收第一个FIN的端口)似乎一旦收到FIN就立即被删除,并从其结束发送FIN - 我没有找到任何调整该行为的东西。
#1
1
It depends on which end closes the connection first.
这取决于哪一端首先关闭连接。
The port that closes first (sends the first FIN) will be in the TIME_WAIT state for a little while, the default number of seconds is in /proc/sys/net/ipv4/tcp_fin_timeout, and is normally 60 seconds, so you can see these with netstat after the program has closed the socket.
首先关闭的端口(发送第一个FIN)将处于TIME_WAIT状态一段时间,默认的秒数在/ proc / sys / net / ipv4 / tcp_fin_timeout,通常是60秒,所以你可以看到这些与程序关闭套接字后的netstat。
You can tune that if you need to, echo 120 > /proc/sys/net/ipv4/tcp_fin_timeout
如果需要,你可以调整它,回显120> / proc / sys / net / ipv4 / tcp_fin_timeout
The peer port (the one that receives the first FIN) seem to be erased immediately once it have received the FIN and sends FIN from its end - I havn't found anything to tune that behavior.
对等端口(接收第一个FIN的端口)似乎一旦收到FIN就立即被删除,并从其结束发送FIN - 我没有找到任何调整该行为的东西。