How to clean up orphaned TCP/UDP ports on a server system? [closed]
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
Issue: Linux server (centos) has tons of open listening ports, but the client code that opened those ports (on other systems) terminated.
I am tracing an issue that seems to be caused by client code opening sockets to my linux server, and orphaning those ports on linux. (e.g. the client code is not doing a clean close on the socket)
Result: 2000+ open ports on server, when there should be 100.
Result of result: Linux server often stops listening to new connections
The client code appears hopeless. The question is: is there an OS setting in CentOS I can use to let the OS clean up the orphaned ports?
(The ports are in front of logstash, fwiw)
What I see:
ls -al /proc/`pgrep -f logstash`/fd |wc -l
2131
ls -al /proc/`pgrep -f logstash`/fd
lr-x------ 1 logstash logstash 64 Feb 26 20:39 969 -> socket:[153690]
lr-x------ 1 logstash logstash 64 Feb 26 16:31 97 -> socket:[118192]
lr-x------ 1 logstash logstash 64 Feb 26 20:40 970 -> socket:[153716]
<etc>
centos networking socket
edited Mar 2 at 8:31
Kiwy
5,36743350
asked Feb 27 at 18:19
samsmith
4231414
closed as unclear what you're asking by derobert, Archemar, G-Man, Jesse_b, garethTheRed Mar 4 at 22:11
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
 |Â
show 4 more comments
up vote
1
down vote
favorite
Issue: Linux server (centos) has tons of open listening ports, but the client code that opened those ports (on other systems) terminated.
I am tracing an issue that seems to be caused by client code opening sockets to my linux server, and orphaning those ports on linux. (e.g. the client code is not doing a clean close on the socket)
Result: 2000+ open ports on server, when there should be 100.
Result of result: Linux server often stops listening to new connections
The client code appears hopeless. The question is: is there an OS setting in CentOS I can use to let the OS clean up the orphaned ports?
(The ports are in front of logstash, fwiw)
What I see:
ls -al /proc/`pgrep -f logstash`/fd |wc -l
2131
ls -al /proc/`pgrep -f logstash`/fd
lr-x------ 1 logstash logstash 64 Feb 26 20:39 969 -> socket:[153690]
lr-x------ 1 logstash logstash 64 Feb 26 16:31 97 -> socket:[118192]
lr-x------ 1 logstash logstash 64 Feb 26 20:40 970 -> socket:[153716]
<etc>
centos networking socket
edited Mar 2 at 8:31
Kiwy
5,36743350
asked Feb 27 at 18:19
samsmith
4231414
closed as unclear what you're asking by derobert, Archemar, G-Man, Jesse_b, garethTheRed Mar 4 at 22:11
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
1
unused listening IP ports simply do not hang around for long. Could you be more specific? You are asking people to guess things. This is also highly specific to whatever app you are talking about.
– Rui F Ribeiro
Feb 27 at 18:28
Which command is showing you the thousands of listening ports? And could you paste that output (it's fine if you want to redact e.g., IP addresses) into your question? I think that'd help us a lot to understand exactly what you're asking... (Use the 'edit' link under the tags to edit your question)
– derobert
Feb 27 at 18:30
yeah we'll need to see thess -tmpieoutput or such
– thrig
Feb 27 at 19:41
2
@samsmith ok, those are open sockets — not necessarily listening ports.ss(or good ol'netstat) are the tools you want to use to see what those are, or evenlsof. Those tools (especiallyss) can give vital info about the state of the socket, especially if its a TCP connection.
– derobert
Feb 27 at 21:22
1
E.g., tryss -taop(on a wide terminal for most readability) for TCP socket info. Adding-e,-m, and-ican get even more info about TCP sockets.
– derobert
Feb 27 at 21:26
 |Â
show 4 more comments
up vote
1
down vote
favorite
up vote
1
down vote
favorite
Issue: Linux server (centos) has tons of open listening ports, but the client code that opened those ports (on other systems) terminated.
I am tracing an issue that seems to be caused by client code opening sockets to my linux server, and orphaning those ports on linux. (e.g. the client code is not doing a clean close on the socket)
Result: 2000+ open ports on server, when there should be 100.
Result of result: Linux server often stops listening to new connections
The client code appears hopeless. The question is: is there an OS setting in CentOS I can use to let the OS clean up the orphaned ports?
(The ports are in front of logstash, fwiw)
What I see:
ls -al /proc/`pgrep -f logstash`/fd |wc -l
2131
ls -al /proc/`pgrep -f logstash`/fd
lr-x------ 1 logstash logstash 64 Feb 26 20:39 969 -> socket:[153690]
lr-x------ 1 logstash logstash 64 Feb 26 16:31 97 -> socket:[118192]
lr-x------ 1 logstash logstash 64 Feb 26 20:40 970 -> socket:[153716]
<etc>
centos networking socket
edited Mar 2 at 8:31
Kiwy
5,36743350
asked Feb 27 at 18:19
samsmith
4231414
Issue: Linux server (centos) has tons of open listening ports, but the client code that opened those ports (on other systems) terminated.
I am tracing an issue that seems to be caused by client code opening sockets to my linux server, and orphaning those ports on linux. (e.g. the client code is not doing a clean close on the socket)
Result: 2000+ open ports on server, when there should be 100.
Result of result: Linux server often stops listening to new connections
The client code appears hopeless. The question is: is there an OS setting in CentOS I can use to let the OS clean up the orphaned ports?
(The ports are in front of logstash, fwiw)
What I see:
ls -al /proc/`pgrep -f logstash`/fd |wc -l
2131
ls -al /proc/`pgrep -f logstash`/fd
lr-x------ 1 logstash logstash 64 Feb 26 20:39 969 -> socket:[153690]
lr-x------ 1 logstash logstash 64 Feb 26 16:31 97 -> socket:[118192]
lr-x------ 1 logstash logstash 64 Feb 26 20:40 970 -> socket:[153716]
<etc>
centos networking socket
edited Mar 2 at 8:31
Kiwy
5,36743350
asked Feb 27 at 18:19
samsmith
4231414
edited Mar 2 at 8:31
Kiwy
5,36743350
edited Mar 2 at 8:31
Kiwy
5,36743350
edited Mar 2 at 8:31
Kiwy
5,36743350
5,36743350
asked Feb 27 at 18:19
samsmith
4231414
asked Feb 27 at 18:19
samsmith
4231414
asked Feb 27 at 18:19
samsmith
4231414
4231414
closed as unclear what you're asking by derobert, Archemar, G-Man, Jesse_b, garethTheRed Mar 4 at 22:11
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as unclear what you're asking by derobert, Archemar, G-Man, Jesse_b, garethTheRed Mar 4 at 22:11
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
1
unused listening IP ports simply do not hang around for long. Could you be more specific? You are asking people to guess things. This is also highly specific to whatever app you are talking about.
– Rui F Ribeiro
Feb 27 at 18:28
Which command is showing you the thousands of listening ports? And could you paste that output (it's fine if you want to redact e.g., IP addresses) into your question? I think that'd help us a lot to understand exactly what you're asking... (Use the 'edit' link under the tags to edit your question)
– derobert
Feb 27 at 18:30
yeah we'll need to see thess -tmpieoutput or such
– thrig
Feb 27 at 19:41
2
@samsmith ok, those are open sockets — not necessarily listening ports.ss(or good ol'netstat) are the tools you want to use to see what those are, or evenlsof. Those tools (especiallyss) can give vital info about the state of the socket, especially if its a TCP connection.
– derobert
Feb 27 at 21:22
1
E.g., tryss -taop(on a wide terminal for most readability) for TCP socket info. Adding-e,-m, and-ican get even more info about TCP sockets.
– derobert
Feb 27 at 21:26
 |Â
show 4 more comments
1
unused listening IP ports simply do not hang around for long. Could you be more specific? You are asking people to guess things. This is also highly specific to whatever app you are talking about.
– Rui F Ribeiro
Feb 27 at 18:28
Which command is showing you the thousands of listening ports? And could you paste that output (it's fine if you want to redact e.g., IP addresses) into your question? I think that'd help us a lot to understand exactly what you're asking... (Use the 'edit' link under the tags to edit your question)
– derobert
Feb 27 at 18:30
yeah we'll need to see thess -tmpieoutput or such
– thrig
Feb 27 at 19:41
2
@samsmith ok, those are open sockets — not necessarily listening ports.ss(or good ol'netstat) are the tools you want to use to see what those are, or evenlsof. Those tools (especiallyss) can give vital info about the state of the socket, especially if its a TCP connection.
– derobert
Feb 27 at 21:22
1
E.g., tryss -taop(on a wide terminal for most readability) for TCP socket info. Adding-e,-m, and-ican get even more info about TCP sockets.
– derobert
Feb 27 at 21:26
1
1
unused listening IP ports simply do not hang around for long. Could you be more specific? You are asking people to guess things. This is also highly specific to whatever app you are talking about.
– Rui F Ribeiro
Feb 27 at 18:28
unused listening IP ports simply do not hang around for long. Could you be more specific? You are asking people to guess things. This is also highly specific to whatever app you are talking about.
– Rui F Ribeiro
Feb 27 at 18:28
Which command is showing you the thousands of listening ports? And could you paste that output (it's fine if you want to redact e.g., IP addresses) into your question? I think that'd help us a lot to understand exactly what you're asking... (Use the 'edit' link under the tags to edit your question)
– derobert
Feb 27 at 18:30
Which command is showing you the thousands of listening ports? And could you paste that output (it's fine if you want to redact e.g., IP addresses) into your question? I think that'd help us a lot to understand exactly what you're asking... (Use the 'edit' link under the tags to edit your question)
– derobert
Feb 27 at 18:30
yeah we'll need to see the
ss -tmpie output or such– thrig
Feb 27 at 19:41
yeah we'll need to see the
ss -tmpie output or such– thrig
Feb 27 at 19:41
2
2
@samsmith ok, those are open sockets — not necessarily listening ports.
ss (or good ol' netstat) are the tools you want to use to see what those are, or even lsof. Those tools (especially ss) can give vital info about the state of the socket, especially if its a TCP connection.– derobert
Feb 27 at 21:22
@samsmith ok, those are open sockets — not necessarily listening ports.
ss (or good ol' netstat) are the tools you want to use to see what those are, or even lsof. Those tools (especially ss) can give vital info about the state of the socket, especially if its a TCP connection.– derobert
Feb 27 at 21:22
1
1
E.g., try
ss -taop (on a wide terminal for most readability) for TCP socket info. Adding -e, -m, and -i can get even more info about TCP sockets.– derobert
Feb 27 at 21:26
E.g., try
ss -taop (on a wide terminal for most readability) for TCP socket info. Adding -e, -m, and -i can get even more info about TCP sockets.– derobert
Feb 27 at 21:26
 |Â
show 4 more comments
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
1
unused listening IP ports simply do not hang around for long. Could you be more specific? You are asking people to guess things. This is also highly specific to whatever app you are talking about.
– Rui F Ribeiro
Feb 27 at 18:28
Which command is showing you the thousands of listening ports? And could you paste that output (it's fine if you want to redact e.g., IP addresses) into your question? I think that'd help us a lot to understand exactly what you're asking... (Use the 'edit' link under the tags to edit your question)
– derobert
Feb 27 at 18:30
yeah we'll need to see the
ss -tmpieoutput or such– thrig
Feb 27 at 19:41
2
@samsmith ok, those are open sockets — not necessarily listening ports.
ss(or good ol'netstat) are the tools you want to use to see what those are, or evenlsof. Those tools (especiallyss) can give vital info about the state of the socket, especially if its a TCP connection.– derobert
Feb 27 at 21:22
1
E.g., try
ss -taop(on a wide terminal for most readability) for TCP socket info. Adding-e,-m, and-ican get even more info about TCP sockets.– derobert
Feb 27 at 21:26