Linux: Force Close A Socket / Port On Server In a TIME_WAIT State

last updated in Categories , ,

I run a BT client and few other server program on Linux. Sometime these programs get overloaded with too many connections and crashes. If I restart my apps, I see lots of old IPs in a TIME_WAIT state. How do I force and and close everything in a TIME_WAIT state under Linux operating systems?

TIME-WAIT state can exists on either server or client program. It represents waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request. [donotprint][/donotprint]The /proc/sys/net/ipv4/tcp_fin_timeout setting determines the time that must elapse before TCP/IP can release a closed connection and reuse its resources. This is known as TIME_WAIT state. TIME_WAIT is a normal part of the TCP connection. However, if you must close a socket in TIME_WAIT state, try:


[a] Restart the networking service

[b] cutter command

Finding out current TIME_WAIT settings

Type the following command
$ cat /proc/sys/net/ipv4/tcp_fin_timeout
Sample outputs:


You can lower the value by typing the following command as root user:
# echo 20 > /proc/sys/net/ipv4/tcp_fin_timeout
To set /proc/sys/net/ipv4/tcp_fin_timeout to 20 permanently, edit the file /etc/sysctl.conf and set it as follows:


Restating the network service

To restart the network service under RHEL / CentOS based systems, enter:
# service network restart
# /etc/init.d/network restart
Ubuntu / Debian Linux, user try the following command:
$ sudo service networking restart
$ sudo /etc/init.d/networking restart

cutter command

Cutter is an open source program that allows Linux firewall administrators to abort TCP/IP connections routed over the firewall or router on which it is run.


To cut all connections from to server, enter:
# cutter
To cut all ssh connection from to server, type:
# cutter 22
To cut all http connection from to ssh server, run:
# cutter 80
See how to install and use the cutter command for more information here.

See also

See the following man pages:
man 7 socket
man 7 tcp
man 7 ip
man 5 proc


Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

3 comment

  1. As far as I know, there is no way (aside from modifying the source, constant TCP_TIMEWAIT_LEN) to modify the MSL nor the TCP TIME_WAIT

    You may have luck with the time_wait bucket (reuse|recycle), but it becomes tricky if your upstream is stateful and doesn’t expect the same source-port so quickly (<2*MSL)

  2. Hello!

    I believe the examples have typos as the IPs do not correspond.


    Still, have a question? Get help on our forum!