[root@:/]# netstat -eont
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Timer
tcp 0 0 10.99.92.201:2000 10.99.92.82:63407 ESTABLISHED 0
keepalive (2.28/0/0)
tcp 0 29200 10.99.92.201:2004 10.99.92.82:63408 ESTABLISHED 0
unkn-4 (50.92/0/0)
[root@:/]# netstat -eont
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode Timer
tcp 0 0 10.99.92.201:2000 10.99.92.82:63407 ESTABLISHED 0 385
keepalive (0.35/0/0)
tcp 0 29201 10.99.92.201:2004 10.99.92.82:63408 FIN_WAIT1 0 0
unkn-4 (33.99/0/0)
[root@:/]# netstat -es
Ip:
195 total packets received
0 forwarded
0 incoming packets discarded
194 incoming packets delivered
260 requests sent out
Icmp:
0 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
0 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
Tcp:
0 active connections openings
2 passive connection openings
0 failed connection attempts
0 connection resets received
1 connections established
131 segments received
255 segments send out
1 segments retransmited
0 bad segments received.
0 resets sent
Udp:
10 packets received
0 packets to unknown port received.
0 packet receive errors
4 packets sent
RcvbufErrors: 0
SndbufErrors: 0
[root@:/]#
我有一个在ARM嵌入式系统上运行的Linux(2.6.33)应用程序。TCP 套接字是显示带有"netstat"的粘贴在上面。
计时器的unkn-4状态是什么意思(在此状态下,Send-Q显示29200并且套接字已建立。但是一段时间后,套接字进入 FIN WAIT 1 状态,但和发送 Q 增加 1 个数据包。我希望此数据包使用 RST 标志发送。
但是我没有看到这个RST是用在后台运行的tcpdump捕获的。
请帮助我找出这里发生了什么,它将套接字从 ESTABLISh 状态到 FIN 等待 1 状态。我猜RST是从应用程序中发出的,但它没有发出在以太网接口上并位于TCP OUT Send-Q缓冲区中。所以我无法捕捉。这是正确的吗以及如何验证这一点?
按照参考资料,但仍然没有得到答案。
http://vzkernel.blogspot.in/
这是一个零窗口探针计时器
来源: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=96282
如果另一端未收到您的 SYN 数据包,或者您的一端未收到其 ACK 数据包,则可能会发生这种情况。
一般来说,这通常是数据包丢失的症状。