We have a server application which is facing TCP exhaustion problems at around 4000 connections. This will occur every 3 or 4 weeks (approximately). The vendor, which has created this server application tells us after examining the output of netstat -b that some connections are remaining open even if the clients have dropped.
I've been given the task of investigating why a particular client application is not closing the TCP connection properly. I'm of the belief that if a client computer is shut down, that it can not POSSIBLY report from the server that a TCP connection is still established with that client. Unfortunately, I can not find any information to validate my view. I don't want to waste any more time investigating a potential problem that I don't think can even be a problem.
tldr;
Can a server report an established connection to a computer that is turned off?
TCP makes no effort to detect a dead connection except on a side that is transmitting data. It is the responsibility of the application code calling into the TCP stack to do this. What protocol is involved here? (The one on top of TCP.)
It's a horrifically ugly "solution", but you can enable TCP keepalives. There's more in this article.
Yes it is possible. As David and Paul stated in their answers, there's no mechanism in TCP (other than TCP keep-alives, which are optional) to detect a half-open connection. It's up to the application vendor to determine the state of the connection and to take appropriate action accordingly.
As far as TCP is concerned there's no detection of or distinction between a half-open connection and a long idle connection.
You're going to have to start troubleshooting this from layer 1 (physical) of the OSI model up to layer 7 (application) to figure out where the problem is occurring. My advice would be to install and run a packet capture program on one of the affected clients until the problem occurs, and then analyze the capture to try and determine what's causing the client to not close the connection.
When a workstation wants to close a connection with a server it sends a TCP FIN. If the client is not behaving properly and not closing its connections, they could in fact remain established on the server. You can set timeouts for open connections on the server to clean these up - although it would be better to find the cause. What port are the open connections coming into? Once you know what service is being accessed you might be able to identify the client app that's hitting the server.