question on SYN_SENT
Chad Leigh Shire.Net LLC
chad at shire.net
Fri May 11 21:49:14 UTC 2012
it is my understanding that SYN_SENT is when MY SIDE sends out a request and is awaiting a reply?
One of the jails we run for a customer had hundreds (if not thousands) of attempts to connect from the 147. address you see below. It was exhausting resources so that new tcp connections could not be made until some closed.
I added that address to a "pf" block statement to stop it but now we get a rolling connections in a "netstat -a" as show below (host. being a generic name used in place of actual host on our side). I am wondering if this shows something on our side trying to connect out? That is what it appears to me to be, which does not make sense.
tcp4 0 0 host.52562 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52561 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52560 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52559 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52558 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52557 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52556 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52555 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52554 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52553 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52552 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52551 147.237.76.155.http SYN_SENT
tcp4 0 0 host.52550 147.237.76.155.http SYN_SENT
thanks
Chad
More information about the freebsd-questions
mailing list