If you are seeing a large number of connections persisting in a CLOSE_WAIT state, it is probably an issue with the application itself.
Restarting it will clear the connections temporarily, but to find the real cause of the issue you would have to do the investigation.
If restarting of application is undesirable, you can manually kill all connections that are in the CLOSE_WAIT state.
Kill CLOSE_WAIT connections
Kill CLOSE_WAIT connections by IP
Kill TCP connections in CLOSE_WAIT state, established with the foreign IP address 192.168.0.100:
$ netstat -anp |\
grep 192.168.0.100 |\
grep CLOSE_WAIT |\
awk \'{print $7}\' |\
cut -d \/ -f1 |\
grep -oE \"[[:digit:]]{1,}\" |\
xargs kill
The same command in one line :
$ netstat -anp | grep 192.168.0.100 | grep CLOSE_WAIT | awk \'{print $7}\' | cut -d \/ -f1 | grep -oE \"[[:digit:]]{1,}\" | xargs kill
Kill CLOSE_WAIT connections by Port
Kill TCP connections in CLOSE_WAIT state on port 80:
$ netstat -anp |\
grep \':80 \' |\
grep CLOSE_WAIT |\
awk \'{print $7}\' |\
cut -d \/ -f1 |\
grep -oE \"[[:digit:]]{1,}\" |\
xargs kill
The same command in one line:
$ netstat -anp | grep \':80 \' | grep CLOSE_WAIT | awk \'{print $7}\' | cut -d \/ -f1 | grep -oE \"[[:digit:]]{1,}\" | xargs kill
Kill CLOSE_WAIT connections by IP & Port
Kill TCP connections in CLOSE_WAIT, state established with foreign IP address 192.168.0.100 on port 80:
$ netstat -anp |\
grep 192.168.0.100 |\
grep \':80 \' |\
grep CLOSE_WAIT |\
awk \'{print $7}\' |\
cut -d \/ -f1 |\
grep -oE \"[[:digit:]]{1,}\" |\
xargs kill
The same command in one line:
$ netstat -anp | grep 192.168.0.100 | grep \':80 \' | grep CLOSE_WAIT | awk \'{print $7}\' | cut -d \/ -f1 | grep -oE \"[[:digit:]]{1,}\" | xargs kill
Explanation
$ netstat -anp |\ # print network connections grep 192.168.0.100 |\ # established with IP 192.168.0.100 grep \':80 \' |\ # established on port 80 grep CLOSE_WAIT |\ # connections in CLOSE_WAIT state awk \'{print $7}\' |\ # print the 7th column cut -d \/ -f1 |\ # extract PIDs grep -oE \"[[:digit:]]{1,}\" |\ # extract PIDs xargs kill # kill PIDs
I meet this problem, but My program is close, the close_wait state has existed, do you have some way to close this connections
Thanks for this. It helped me.
Another script which can work is :
lsof -i :80 |grep CLOSE_WAIT| awk '{print $2}|uniq| xargs killIn my case, the pid is of application only, so killing it will kill the application. How to handle that?
This is ridiculous, all this to ultimately kill the application 😀
In some cases there are no PID’s and it is showing as blank, what to do in this scenario?
If your process is running and you don’t want to kill the process but just the fd then use gdb. Get the pid and fd info from lsof and execute this.
# gdb -p –batch -ex ‘call close()’
This is killing the application
You might wanna look at this git repo
https://github.com/rghose/kill-close-wait-connections/blob/master/kill_close_wait_connections.pl
7 66.30.221.181
7 89.64.125.52
10 2a0b
19 188.27.58.131
27 82.77.87.9
44 77.81.98.70
58 188.27.61.9
87 5.254.56.252
89 77.232.147.81
118 185.144.83.13
[11:03 root@RB-174 ~] > netstat -an|awk ‘/tcp/ {print $6}’|sort|uniq -c
740 ESTABLISHED
3 FIN_WAIT2
21 LISTEN
13 TIME_WAIT
[11:03 root@RB-174 ~] >
In my case i have 118 open connections on IP 185.144.83.13 (they are open but not used) how can i close them?
A reboot will trow them away but there has to be a command for..