This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TCP connection closure

0

Hi,

I have two questions

1) In case of active close, after FIN_WAIT state how much time will it take to close the connection?

I understood /proc/sys/net/ipv4/tcp_fin_timeout will decide (default 60 sec) in case of ubuntu and in case of BSD socket implementation 2 * MSL will take... AM I RIGHT ??? Kindly Confirm

2) In case of passive close, similarly after receiving last ack from other terminal how much time will it take to close the connection?

Can u share some more details on this???

Regards

hi Jasper Bongertz,

1) In Ubuntu 12.XX ver we observed FIN_WAIT time as 60sec and other one is less than one sec is taking... even after modifying /proc/sys/net/ipv4/tcp_fin_timeout, it is not changing...

2) Using Wireshark, capture traffic, can we get the FIN_WAIT sate time??? i understood, Fin_wait / close states are internals of tcp stack, this info can n't get through captures? AM I RIGHT?

regards

asked 17 Apr '15, 02:39

srinu_bel's gravatar image

srinu_bel
20151620
accept rate: 0%

edited 18 Apr '15, 20:07

From my point of view it could be that you mixed up TIME-WAIT with FIN_WAIT_1/2

(19 Apr '15, 09:39) Christian_R

One Answer:

1

how about you capture your own traffic for a while and simply check what happens? Those timings often depend on stack behavior, so it could be completely different on each system/stack.

It's always better to try and see what happens than reading design documents, wondering what reality is like. Use Wireshark, capture traffic, verify.

answered 17 Apr '15, 05:25

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

hi Jasper Bongertz,

1) In Ubuntu 12.XX ver we observed FIN_WAIT time as 60sec and other one is less than one sec is taking... even after modifying /proc/sys/net/ipv4/tcp_fin_timeout, it is not changing...

2) Using Wireshark, capture traffic, can we get the FIN_WAIT sate time??? i understood, Fin_wait / close states are internals of tcp stack, this info can n't get through captures? AM I RIGHT?

regards

(18 Apr '15, 20:08) srinu_bel

1) No idea, I don't know what the Ubuntu stack does with this.

Yep, regarding 2) you're right, you need capture and netstat/ss for this. The capture is to check if the tear down isn't done via RST, and to see who tears down the connection. Then you can compare it to what you see on the OS tools.

(19 Apr '15, 01:55) Jasper ♦♦