install it as a service (with admin privilege) tcpmon -install

uninstall it from service tcpmon -uninstall

run it normally as an command application tcpmon -normal

test email function tcpmon -testmail

Please rename settings-sample.json to settings.json and modify its content.

settings template (settings.json)

{ "service":{ "restart": true, "name": "dualshield", "condition":200, "timeout":120 }, "smtp": { "enabled": true, "server":"you email server fqdn or IP", "port":587, "ssl":true, "auth":true, "username":"email sender account", "password":"email sender password", "to":["email recipients"], "customize":{ "subject":"Alert: There are a lot of CLOSE_WAIT connections",
"body":"Please check the log at {0} for details, and notify the vendor" }

},
"period": 600,
"port":8074,
"threshold":20,
"state": 8

}

Note:

service: condition: when the total of CLOSE_WAIT sockets reaches this amount, the specified service is restarted timeout: we give 2 minutes (120 sec) for stopping and starting service

state: socket state. here we are interested in CLOSE_WAIT = 8 threshold: if the total exceeds it, notify admin by email port: the port is being monitored period: seconds, the monitor will check the socket status per 10 minutes if it is set to 600.

MIB_TCP_STATE_CLOSED = 1,
MIB_TCP_STATE_LISTEN = 2,
MIB_TCP_STATE_SYN_SENT = 3,
MIB_TCP_STATE_SYN_RCVD = 4,
MIB_TCP_STATE_ESTAB = 5,
MIB_TCP_STATE_FIN_WAIT1 = 6,
MIB_TCP_STATE_FIN_WAIT2 = 7,
MIB_TCP_STATE_CLOSE_WAIT = 8,
MIB_TCP_STATE_CLOSING = 9,
MIB_TCP_STATE_LAST_ACK = 10,
MIB_TCP_STATE_TIME_WAIT = 11,
MIB_TCP_STATE_DELETE_TCB = 12