I've built a small Windows Service which exposes perfmon counters to track sockets in
TIME_WAITstate. It can be downloaded from the links later in this post.
Back in 2011 I was helping a client look for issues in their systems caused by having too many sockets in a
TIME_WAITstate (see here for why this can be a problem). This was affecting their connectivit. Rather surprisingly there seemed to be no way to track the number of sockets in
TIME_WAITusing perfmon as there didn't seem to be a counter exposed. A counter would have been useful so that we could track the
TIME_WAIT; connections over time along with all of the other metrics that we track for their system. Anyway, I put together a quick and dirty tool for the client, this worked like a special version of
netstatwhich totalled up the number of sockets in each state by polling the system using
At the time I suggested that it wouldn't take much to build a small service which did this polling and exposed the results as a perfmon counter so that we COULD track this metric in the usual way. Well, I've finally got around to doing that (thanks to the encouragement of another client who had a similar issue). The result is TCPStatsPerfCounters which is a service that you can install and which provides counters for all of the states in the TCP table for both IPv4 and IPv6;
CLOSE_WAIT, etc. There's an x86 and and x64 build available and the services come as a single exe which automatically deploy and install the required counter dlls when you run them with /install.
- Unzip. You will end up with either
TCPStatsPerfCounters64.exe. All of the rest of the instructions apply equally to either version of the program.
/?command line switch to see help.
/installcommand line switch to install the service. You may be prompted to elevate your credentials if you are not an admin.
- To run as a service, open the services applet and locate the "JetByte TCP Stats Perfmon Counters" service, start it and, optionally set its start-up type to automatic.
- To run
TCPStatsPerfCounters.exeas an exe rather than as a service you still need to have installed it as a service but you can run from the command line with the
/runcommand line switch.
- You can get
TCPStatsPerfCounters.exeto produce a log file - this may be useful if you want to track socket states outside of perfmon. Either
/runwith the additional
/createLogcommand line switch. By default the log is created in the same directory as the exe, you can change this with the addition of the
/logPathcommand line switch.
- By default the program polls the system every second, you can change this by using the
/pollcommand line switch (again supply this either with
/run. The polling interval is specified in seconds.
CountersThere are counters for all of the socket states for both IPv4 and IPv6. Sockets transition through some of the states very quickly and so you may not see many of the states. There are also maximum counters for
TIME_WAITwhich show the highest value seen. In addition there are counters for the
TcpTimedWaitDelayregistry keys. I found it useful to have these values clearly visible for situations where machines happened to be configured in an unusual way and nobody had thought to check the registry. These values are set once on program start up and will be zero if the registry key is not set and the operating system's default value is in operation.