FRAMINGHAM (09/18/2003) - When I use the netstat command to look at the open TCP/IP connections on my PC, there are connections that should be closed that are in the TIME_WAIT state. What is this, and why do connections stay open? Can you close them faster?
TCP uses a three-way handshake to close open connections. The TIME_WAIT state is used at the end of the shutdown sequence to handle possible problems with unreliable delivery. Packets in an IP network can be duplicated, delayed or delivered out of order, which can cause problems for TCP because applications can reuse protocol port numbers. If TCP allowed immediate reuse of port numbers, a duplicated close request from a previous connection could shut down a later connection. TCP compensates by placing closed connections in the TIME_WAIT state. Theoretically, connections should remain in TIME_WAIT for twice the amount of time a packet can remain active in the IP network. Windows systems use a TcpTimedWaitDelay registry entry to control the actual wait time. Linux and Unix systems offer differing methods. Modifying TIME_WAIT delays can create side effects, so test first before making changes.
Blass is a network architect at Change@Work in Houston. He can be reached at firstname.lastname@example.org.