What does LAST_ACK mean, as a State value in netstat?

If a Windows server has several thousand ports open in LAST_ACK state (as shown by netstat), what could this mean? Is it because one endpoint is waiting for the other to respond?


The last_ack state (if I recall my TCP stack correctly) is the state when you have received your FIN message to close the connection from your neighbour, but you still need to flush and shut down your connection. You send the final FIN yourself and wait for an ACK.

Typically hanging in last_ack means your application keeps a socket open even when the the other end has finished sending data. This can happen for multiple reasons. There might be a firewall or other load balancer which loses last ACK from the client, and leaves you stuck in the last_ack state. If the connections are not timed out after a few minutes (10 or so) you probably have a bug.

Have a look at the state diagram at http://tangentsoft.net/wskfaq/articles/debugging-tcp.html


LAST_ACK means your end has received a FIN from the peer, sent an ACK, sent a FIN, and is waiting for the final ACK from the peer. At this point there is nothing further the application can do: the socket is closed. The application may even have exited. From here on it is up to TCP to resend the FIN until it gets the final ACK, or time out doing so. Not much you can do as an admin except investigate the network.


LAST_ACK is the last state right before closing the down the TCP connection.