Date: Fri, 11 May 2012 15:09:22 -0600 From: "Chad Leigh Shire.Net LLC" <chad@shire.net> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: question on SYN_SENT Message-ID: <D8AF0C20-E2C0-44A4-89DF-B614F3DBBFF6@shire.net>
next in thread | raw e-mail | index | archive | help
it is my understanding that SYN_SENT is when MY SIDE sends out a request and is awaiting a reply? One of the jails we run for a customer had hundreds (if not thousands) of attempts to connect from the 147. address you see below. It was exhausting resources so that new tcp connections could not be made until some closed. I added that address to a "pf" block statement to stop it but now we get a rolling connections in a "netstat -a" as show below (host. being a generic name used in place of actual host on our side). I am wondering if this shows something on our side trying to connect out? That is what it appears to me to be, which does not make sense. tcp4 0 0 host.52562 147.237.76.155.http SYN_SENT tcp4 0 0 host.52561 147.237.76.155.http SYN_SENT tcp4 0 0 host.52560 147.237.76.155.http SYN_SENT tcp4 0 0 host.52559 147.237.76.155.http SYN_SENT tcp4 0 0 host.52558 147.237.76.155.http SYN_SENT tcp4 0 0 host.52557 147.237.76.155.http SYN_SENT tcp4 0 0 host.52556 147.237.76.155.http SYN_SENT tcp4 0 0 host.52555 147.237.76.155.http SYN_SENT tcp4 0 0 host.52554 147.237.76.155.http SYN_SENT tcp4 0 0 host.52553 147.237.76.155.http SYN_SENT tcp4 0 0 host.52552 147.237.76.155.http SYN_SENT tcp4 0 0 host.52551 147.237.76.155.http SYN_SENT tcp4 0 0 host.52550 147.237.76.155.http SYN_SENT thanks Chad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D8AF0C20-E2C0-44A4-89DF-B614F3DBBFF6>