Reduce TIME_WAIT socket connections

Rob —  June 12, 2014 — 2 Comments

Some time in your life you’ll run across an Apache server that always has tons of TIME_WAIT connections just seeming to hang out. While these don’t take up as many resources as an ESTABLISHED connection, why keep them around so long? This short article will show you how to identify how many you have, and how to tell your server to reduce them, reuse and recycle them (see, recycling IS a good thing).

First, SSH into your server and become root.

Next, let’s see how many TIME_WAITs you have hanging out:

You should see something like:

So – let’s get that number smaller.

See what your current values are in these files by catting them to the screen:

If you have default settings, you’ll probably see values of 60, 0 and 0. Let’s change those values to 30, 1, 1.

Now, let’s make the change persistent by adding them to the sysctl.conf file. First however, let’s make sure there aren’t any entries in there yet for these settings.. cat the file and grep for the changes we’re about to make:

Make notes of what your settings are if you had any results..

Now, edit the /etc/sysctl.conf with your favorite editor and add these lines to the end of it (or edit the values you have in yours if they exist already):

Now, let’s rerun that command from before and see where your TIME_WAITs are at:

You may need to wait at least a minute or so (depending on what your old values were) to see a change here.

Be sure to comment below if you have any questions or other thoughts!

Related posts from Linux Brigade!

  • Patch your WHM/cPanel machine for heartbleedPatch your WHM/cPanel machine for heartbleed You’ve certainly heard about Heartbleed by now. If not, you can read more about this vulnerability at Continue reading this post to find out if you’re vulnerable, and how […]
  • Globally disable directory listing on WHM/cPanelGlobally disable directory listing on WHM/cPanel One of the things that WHM/cPanel servers have on by default is directory listing. This is something you don’t want – but it’s easy to fix!

    1. Log into WHM
    2. Apache Configuration […]

  • Migrate mail from one server to another with imapsyncMigrate mail from one server to another with imapsync Have you been in the situation where you needed to move everyone’s mail from one provider to another? ┬áIt’s a pain to do using the mail client one at a time, but with this guide, you’ll be […]
  • Block Countries using mod_geoip in cPanelBlock Countries using mod_geoip in cPanel Yesterday, I wrote an article on how to block certain countries from your server using csf. This will block them from accessing your server on any port. You can, however use mod_geoip if […]
  • Turn off unneeded services on your Linux machineTurn off unneeded services on your Linux machine One of the easiest ways to start securing your server (and speeding it up) is to turn off unnecessary services that are usually running by default. This little script will go through and […]

2 responses to Reduce TIME_WAIT socket connections

  1. Nice write-up. I’m sure it will be helpful.

    Anyway, I know it’s not a big deal, but you should avoid using useless use of cat.

    for example, this:

    can be done like this:


    • Thanks for the comment.. Yeah – I hear you, but wanted to keep it as simple as possible and so the reader (if they weren’t seasoned) understood what was happening since they’re going to be root when running most of these commands… ;)

Leave a Reply