locked
system error on collecting TIME_WAIT sockets?? RRS feed

  • Question

  • recently, we ran into some issues that some machine cant establish a network connnecttion.then we found out there are tons of time wait status entries after running the netstate -ano command.and you must know , even for a server machine,it is not normal,Not to mention this is a personal desktop windows 10.

    after all ,the reason i say this maybe a  system error ,it is because i have done some diagnosis :

    1.sorted all the time wait entries , we have 2 ip take up 80% .and know which app is  connecting these 2 ips

    2.so i terminate these apps ,and at the same time we start up procmon.exe to monitor the network activity

    3.but after about 10 mins ,there are still so much time wait entries,and the 80% are the same

    and there is one more weird thing,there are some duplicate entries that they have same localip and port but not destip!!

    ps:here are some example from command "netstat -ano"

    Line 137326:   TCP    192.168.16.74:65507    172.16.200.15:80       TIME_WAIT       0
    Line 137328:   TCP    192.168.16.74:65508    172.16.200.15:80       TIME_WAIT       0
    Line 137330:   TCP    192.168.16.74:65511    172.16.202.10:443      TIME_WAIT       0
    Line 137331:   TCP    192.168.16.74:65512    172.16.200.15:443      TIME_WAIT       0
    Line 137335:   TCP    192.168.16.74:65514    172.16.202.10:443      TIME_WAIT       0
    Line 137336:   TCP    192.168.16.74:65515    172.16.200.15:80       TIME_WAIT       0
    Line 137337:   TCP    192.168.16.74:65515    172.16.202.10:443      TIME_WAIT       0
    Line 137338:   TCP    192.168.16.74:65516    172.16.202.10:443      TIME_WAIT       0
    Line 137339:   TCP    192.168.16.74:65517    172.16.202.10:443      TIME_WAIT       0
    Line 137340:   TCP    192.168.16.74:65518    172.16.200.15:80       TIME_WAIT       0
    Line 137341:   TCP    192.168.16.74:65518    172.16.200.15:443      TIME_WAIT       0
    Line 137342:   TCP    192.168.16.74:65519    172.16.200.15:80       TIME_WAIT       0
    Line 137343:   TCP    192.168.16.74:65519    172.16.202.10:443      TIME_WAIT       0
    Line 137344:   TCP    192.168.16.74:65520    172.16.200.15:80       TIME_WAIT       0
    Line 137345:   TCP    192.168.16.74:65520    172.16.202.10:443      TIME_WAIT       0
    Line 137346:   TCP    192.168.16.74:65521    172.16.202.10:443      TIME_WAIT       0
    Line 137347:   TCP    192.168.16.74:65522    172.16.200.15:80       TIME_WAIT       0
    Line 137349:   TCP    192.168.16.74:65524    172.16.200.15:80       TIME_WAIT       0
    Line 137352:   TCP    192.168.16.74:65526    172.16.200.15:80       TIME_WAIT       0
    Line 137354:   TCP    192.168.16.74:65527    172.16.202.10:443      TIME_WAIT       0
    Line 137356:   TCP    192.168.16.74:65529    172.16.202.10:443      TIME_WAIT       0
    Line 137358:   TCP    192.168.16.74:65530    172.16.202.10:443      TIME_WAIT       0
    Line 137359:   TCP    192.168.16.74:65531    172.16.200.15:443      TIME_WAIT       0
    Line 137360:   TCP    192.168.16.74:65531    172.16.202.10:443      TIME_WAIT       0


    Thursday, February 27, 2020 7:12 AM