SUMMARY: netstat showing non-existent connections

From: Rahul Sen <>
Date: Fri Jan 12 2007 - 11:14:13 EST
RESOLUTION (Thanks to Casper Dik for his help and prompt responses):

The answer is that if netstat shows "ESTABLISHED" connections then there
*are* ESTABLISHED connections (also verified using pfiles). The problem is
that the client went offline rather abruptly (was not shutdown gracefully)
while some connections were in ESTABLISHED state. That meant that the client
never sent a "FIN" to initiate closing of the connections. When that happens
then connections can stay in ESTABLISHED state on the server for days. The
only other way to close these connections is to make the server application
send a CLOSE which can be accomplished by restarting the server process
(which was not done in order to investigate this problem).

My original problem was:

I have a Solaris 10 LDAP server which is showing "ESTABLISHED" connections
on the LDAP port from a client. I am *absolutely* sure and have verified
that the client has not connected to the server in the last three days. The
"ESTABLISHED" connections have been there for the last 3 days when the
client last connected. No i have not restarted the LDAP process. I want to
get to the bottom of these phantom connections before i restart LDAP and
possibly lose the symptom.

Why is netstat reporting established TCP connection when they are not
actually there? Anybody seen this before?

System - Netra 1280, Solaris 10, Kernel patch level 118833-23

Phantom connections (netstat output):

myserver.ldap     client.14279  61440      0 49232      0 ESTABLISHED
myserver.ldap     client.24855  61440      0 49232      0 ESTABLISHED
myserver.ldap     client.63975  61440      0 49232      0 ESTABLISHED
myserver.ldap     client.47819  61440      0 49232      0 ESTABLISHED
myserver.ldap     client.29304  61440      0 49232      0 ESTABLISHED

sunmanagers mailing list
Received on Fri Jan 12 11:14:54 2007

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:03 EST