I got one quick reply which explained the situation nicely,
thanks to Dan Riley.
We had a server that had been running squid, we stopped all
squid processes and bounced port, but we continued to see
connections to/from port 80 on the host, even though "netstat -a"
showed nothing listening there.
Dan said:
------------------------------------------------------------------------------
> 09:27:59.335059 oursite-pvt.aaa.com.80 > uhgatt10.uhc.com.1718: R 0:0(0) ack
> 3255234 win 0
RST with sequence number 0 to an initial SYN is TCP's way of saying
"go away, nothing is listening on this port".
> Can someone please enlighten me as to why/how a host answers
> on a port where nothing is listening?
So something talking to the port doesn't have to wait for a timeout
to figure out that it isn't going to get a connection. Consider
dsr_lnscu4% telnet lns130 99
Trying 128.84.44.116...
telnet: Unable to connect to remote host: Connection refused
dsr_lnscu4% telnet lns100 99 # system is down
Trying 128.84.46.170...
telnet: Unable to connect to remote host: Connection timed out
The "Connection refused" happens immediately because the remote host
sent back an "I'm not listening" packet like the one you logged, while
the "timed out" to the non-existent system takes several minutes.
------------------------------------------------------------------------------
Thanks, Dan!
Regards,
Judith Reed
jreed_at_appliedtheory.com
Received on Wed Jun 27 2001 - 13:25:53 NZST