HowTo: Kill TCP Connections in CLOSE_WAIT State

HowTo: Kill TCP Connections in CLOSE_WAIT State

 

If you are seeing a large number of connections persisting in CLOSE_WAIT state, it’s probably a problem with the application itself.

Restarting it will clear the connections temporarily, but obviously, further investigation will be required to find the cause of the problem.

If restarting of application is undesirable, you can manually kill all connections that are in CLOSE_WAIT state.

Kill CLOSE_WAIT connections by IP

Kill TCP connections in CLOSE_WAIT state, established with the foreign IP address 192.168.0.100:

$ netstat -anp |\
grep 192.168.0.100 |\
grep CLOSE_WAIT |\
awk '{print $7}' |\
cut -d \/ -f1 |\
grep -oE "[[:digit:]]{1,}" |\
xargs kill

The same command in one line:

$ netstat -anp | grep 192.168.0.100 | grep CLOSE_WAIT | awk '{print $7}' | cut -d \/ -f1 | grep -oE "[[:digit:]]{1,}" | xargs kill

Kill CLOSE_WAIT connections by PORT

Use the following command to Kill TCP connections in CLOSE_WAIT state on port 80:

$ netstat -anp |\
grep ':80 ' |\
grep CLOSE_WAIT |\
awk '{print $7}' |\
cut -d \/ -f1 |\
grep -oE "[[:digit:]]{1,}" |\
xargs kill

The same command in one line:

$ netstat -anp | grep ':80 ' | grep CLOSE_WAIT | awk '{print $7}' | cut -d \/ -f1 | grep -oE "[[:digit:]]{1,}" | xargs kill

Kill CLOSE_WAIT connections by IP and PORT

Kill TCP connections in CLOSE_WAIT, state established with foreign IP address 192.168.0.100 on port 80:

$ netstat -anp |\
grep 192.168.0.100 |\
grep ':80 ' |\
grep CLOSE_WAIT |\
awk '{print $7}' |\
cut -d \/ -f1 |\
grep -oE "[[:digit:]]{1,}" |\
xargs kill

The same command in one line:

$ netstat -anp | grep 192.168.0.100 | grep ':80 ' | grep CLOSE_WAIT | awk '{print $7}' | cut -d \/ -f1 | grep -oE "[[:digit:]]{1,}" | xargs kill

How Does It Work?

$ netstat -anp |\  # print network connections
grep 192.168.0.100 |\  # established with IP 192.168.0.100
grep ':80 ' |\  # established on port 80
grep CLOSE_WAIT |\  #  connections in CLOSE_WAIT state
awk '{print $7}' |\  #  print the 7th column
cut -d \/ -f1 |\  #  extract PIDs
grep -oE "[[:digit:]]{1,}" |\  #  extract PIDs
xargs kill  #  kill PIDs

lsof -i :80 |grep CLOSE_WAIT| awk '{print $2}|uniq| xargs kill
 
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHEL: Enabling standard ftp/telnet
Viewed 1284 times since Sun, May 27, 2018
Linux Audit The Linux security blog about Auditing, Hardening, and Compliance lynis
Viewed 612 times since Thu, Jan 16, 2020
RHEL: How to change a USER/GROUP UID/GID and all owned files
Viewed 6068 times since Sat, Jun 2, 2018
Manage Linux Password Expiration and Aging Using chage
Viewed 1751 times since Tue, Sep 11, 2018
Linux 16 Useful Bandwidth Monitoring Tools to Analyze Network Usage in Linux
Viewed 532 times since Mon, Sep 21, 2020
How to use yum-cron to automatically update RHEL/CentOS Linux
Viewed 570 times since Wed, Oct 17, 2018
20 IPtables Examples For New SysAdmins
Viewed 870 times since Fri, May 15, 2020
SPRAWDZONA KONFIGURACJA RSYSLOG I LOGROTATE, JAKO ZEWNĘTRZNEGO SERWERA SYSLOG
Viewed 1742 times since Fri, Nov 30, 2018
LVM: Extend SWAP size by adding a new Logical Volume
Viewed 913 times since Sat, Jun 2, 2018
Odpalenie polecenia tylko na jedną godzinę
Viewed 1081 times since Thu, May 24, 2018