Re: After a while all outbound connections get stuck in SYN_SENT

jamesnichols3 wrote:

SYN_SENT means the local host has transmitted a SYN requesting the
creation of a connection but has not yet received either an RST
response indicating that nothing's listening nor a ACK SYN response
indicating that something *is* listening. Probable culprits would be,
in roughly descending order,

- firewall problems,
- the remote host has gone down or is not responding to network
traffic,
- firewall problems,
- misconfiguration somewhere in between your machine and the remote
host, and
- firewall problems.

Dig up a copy of Wireshark and watch the actual network traffic
between your machine and the host you're calling services on to see
which of these is likely. If possible run it from both inside and
outside your own firewall so you can see if your firewall is blocking
the returning ACK+SYN or even the outgoing SYN or not.

Hi,

I've had this problem over multiple types of firewall devices, versions, and
configurations. It's not possible for me to packet capture outside of the
firewall. Unfortunately, the data rate is such that it's nearly impossible
to gain many insights from the internal packet capture that I can take. This
problem is occuring when connecting to 1000's of hosts spread out all over
the internet, so it's highly unlikely that they are all going down at once or
there is some misconfiguration that occurs- every 38 hours. It is indicative
of something systematic happening in the OS, but I can't figure out what it
is.

Are you running iptables on the system in question? What happens if you disable
it?

It's just possible that the state table is filling up so ESTABLISHED,RELATED
packets are no longer being accepted. This would result in the SYN,ACK response
from the remote end being dropped, and a socket hung in the SYN_SENT state.

You can look at the iptables state table using some esoteric magic incantation,
which I can't remember offhand. I should have it in my firewall notes, I'll try
to locate it (it's not something I have to do very often...)

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@xxxxxxxxxxxx
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
.

Relevant Pages

  • Re: After a while all outbound connections get stuck in SYN_SENT
    ... response indicating that nothing's listening nor a ACK SYN response ... indicating that something *is* listening. ... firewall problems, ... firewall problems. ...
    (comp.lang.java.programmer)
  • Re: After a while all outbound connections get stuck in SYN_SENT
    ... response indicating that nothing's listening nor a ACK SYN response ... indicating that something *is* listening. ... firewall problems, ...
    (comp.lang.java.programmer)
  • Re: Xbox MCX Issue -- Cant View Online Spotlight Videos
    ... I don't have any third-party firewall running. ... and the MCX ... >> Thanks for your response. ... >> worked fine before I disable simple file sharing. ...
    (microsoft.public.windows.mediacenter)
  • Systemn Mechanic 7 Professional sucks!
    ... I posted below in response to someone who said never to use registry ... According to the advertising on the cover Iolo's product has one many ... awards and is also a virus protector and firewall. ... that should not be a critical error, ...
    (microsoft.public.windowsxp.general)
  • Real connection spoofing (Firewall Tester)
    ... Real connection spoofing (Firewall Tester) ... response because they aren't related with any ongoing connection. ... - The sniffer sniff the packet and the stack response ... INFIS Network Administrator & Security Officer ...
    (Pen-Test)