Results 1 to 5 of 5
Thread: A lot of SYN_RECV connections
Hybrid View
-
04-08-2010, 09:45 AM #1Junior Guru Wannabe
- Join Date
- Jul 2009
- Posts
- 40
A lot of SYN_RECV connections
I'm running webserver on centos5.4 with new 2.6.33.1 kernel. My problem is a lot of apache processes with "..reading.." request (10-15% requests are in ..reading.. status). I think, that problem are TCP connections in SYN_RECV status:
netstat -na | wc -l : 19000
netstat -na | grep SYN_RECV | wc -l : 180
There is always around 0,5-1% connections in SYN_RECV and I'm sure, that it's not DoS/DDoS attack! Could it be problem of new kernel? Or network problem?
Server is very fast and apache handle almost all request very fast but sometime it takes around 10s to handle request (process in ..reading.. state), it's clearly random, not only one IP or group of IPs. Could it problem of any limit in linux?
Server: i7 920, 24GB RAM, 100mbps
Sorry for my bad english...
-
04-08-2010, 09:50 AM #2Corporate Member
- Join Date
- Feb 2008
- Location
- Houston, Texas, USA
- Posts
- 3,262
The SYN_RECV count seems to be reasonable considering the number of active connections on your server. Try to strace the apache process that's doing this and see where it is at.
Regards
Joe / UNIXYUNIXy - Fully Managed Servers and Clusters - Established in 2006
Server Management - Unlimited Servers. Unlimited Requests. One Plan!
cPanel Varnish Plugin -- Seamless SSL Caching (Let's Encrypt, AutoSSL, etc)
Slow Site or Server? Unable to handle traffic? Same day performance fix: joe@unixy
-
04-08-2010, 10:12 AM #3Junior Guru Wannabe
- Join Date
- Jul 2009
- Posts
- 40
10 days ago I've move my web site to the new datacenter and new server and since this time it is happening. Before there was usually around 20 connections in SYN_RECV.
It's very hard to catch (strace) problematic apache process, because there are many processes and while I write strace command, process finish problematic request and continue correctly
WCC.RW_.C.R_CC_WWCCW_RCCCWC_WC_CC._WR_W_C__WWW_CR_C_W_RRCW_RRRRW
WCWC_WCW_C_WC_WW_WCCCC_WCW__CC_CCRC__CW__WC_CWCWW_WCC_W_CCRCRCCC
CWCW___CRC_W_C.W_WW__CWRC_W....W.R.R.C_RW_W......W.._..._.W..WWR
..W.RR._.RR_..WC.W._CRWCC__C._C_._C.C_W.W..RCCWC..W.RW.CC_WW.R..
...............W................................................
................................................................
................................................................
................................................................
-
04-08-2010, 12:44 PM #4Web Hosting Evangelist
- Join Date
- Apr 2003
- Posts
- 454
I recommend installing CSF Firewall (http://configserver.com/cp/csf.html) and enabling connection tracking. This might work as a stopgap for when you're not in front of a terminal.
-
04-08-2010, 01:22 PM #5Junior Guru Wannabe
- Join Date
- Jul 2009
- Posts
- 40
I have CSF already installed, but I have not a problem with unwanted connections, server is not under attack. I'd like to speed up connections, which are in SYN_RECV state. These connections are in this state for a long time (avg 10s) and it is slowing down some request on the web server. Or maybe the problem is doing apache (v2.2.15), I don't know
Similar Threads
-
A lot of connections from 127.0.0.1
By myk8022 in forum Hosting Security and TechnologyReplies: 12Last Post: 03-11-2013, 05:07 AM -
100's of SYN_RECV connections?
By henningl in forum Hosting Security and TechnologyReplies: 3Last Post: 02-01-2010, 12:32 AM -
Multiple SYN_RECV connections to HTTP
By d-lexy in forum Hosting Security and TechnologyReplies: 2Last Post: 01-06-2004, 06:11 AM -
$$$ Do YOU have connections, and want to earn a lot of money? $$$
By EasyWebSol in forum Employment / Job OffersReplies: 0Last Post: 08-05-2003, 07:42 PM -
RAM SYSLOAD problems with a lot of HTTP connections!
By ZYE in forum Dedicated ServerReplies: 0Last Post: 01-26-2002, 07:43 AM