TCP

TIME_WAIT status is designed to ensure that packets associated with one (older/closed) connection (that are delayed in the network) are not accepted by later connections between the same hosts (host/port pair). The end that sends first FIN (signals active close) goes in TIME_WAIT state.

A high number of TIME_WAIT connections may be due to lots of "short lived connections".

CLOSE_WAIT indicates that the other side of the connection (pear) has closed the connection (passive close). TIME_WAIT indicates that this side has closed the connection (active close).

to see the current time wait

cat /proc/sys/net/ipv4/tcp_fin_timeout you can reduce it with

echo 10 > /proc/sys/net/ipv4/tcp_fin_timeout

To check which connections are in what state:

netstat -an|awk '/tcp/ {print $6}'|sort|uniq -c

Count closed connections

netstat -nat | grep ESTAB | wc -l;netstat -nat | grep TIME | wc -l;netstat -nat | grep CLOSE | wc -l

Ref: https://tools.ietf.org/html/draft-faber-time-wait-avoidance-00

ss -tan 'sport = :80' | awk '{print $(NF)" "$(NF-1)}' | sed 's/:[^ ]*//g' | sort | uniq -c