Results 1 to 5 of 5
  1. #1
    Join Date
    Jul 2009
    Posts
    40

    A lot of SYN_RECV connections

    I'm running webserver on centos5.4 with new 2.6.33.1 kernel. My problem is a lot of apache processes with "..reading.." request (10-15% requests are in ..reading.. status). I think, that problem are TCP connections in SYN_RECV status:
    netstat -na | wc -l : 19000
    netstat -na | grep SYN_RECV | wc -l : 180
    There is always around 0,5-1% connections in SYN_RECV and I'm sure, that it's not DoS/DDoS attack! Could it be problem of new kernel? Or network problem?
    Server is very fast and apache handle almost all request very fast but sometime it takes around 10s to handle request (process in ..reading.. state), it's clearly random, not only one IP or group of IPs. Could it problem of any limit in linux?
    Server: i7 920, 24GB RAM, 100mbps

    Sorry for my bad english...

  2. #2
    Join Date
    Feb 2008
    Location
    Houston, Texas, USA
    Posts
    2,875
    The SYN_RECV count seems to be reasonable considering the number of active connections on your server. Try to strace the apache process that's doing this and see where it is at.

    Regards
    Joe / UNIXY
    UNIXy - Fully Managed Servers and Clusters - Established in 2006
    [ cPanel Varnish Nginx Plugin ] - Enhance LiteSpeed and Apache Performance
    www.unixy.net - Los Angeles | Houston | Atlanta | Rotterdam
    Love to help pro bono (time permitting). joe > unixy.net

  3. #3
    Join Date
    Jul 2009
    Posts
    40
    10 days ago I've move my web site to the new datacenter and new server and since this time it is happening. Before there was usually around 20 connections in SYN_RECV.

    It's very hard to catch (strace) problematic apache process, because there are many processes and while I write strace command, process finish problematic request and continue correctly

    WCC.RW_.C.R_CC_WWCCW_RCCCWC_WC_CC._WR_W_C__WWW_CR_C_W_RRCW_RRRRW
    WCWC_WCW_C_WC_WW_WCCCC_WCW__CC_CCRC__CW__WC_CWCWW_WCC_W_CCRCRCCC
    CWCW___CRC_W_C.W_WW__CWRC_W....W.R.R.C_RW_W......W.._..._.W..WWR
    ..W.RR._.RR_..WC.W._CRWCC__C._C_._C.C_W.W..RCCWC..W.RW.CC_WW.R..
    ...............W................................................
    ................................................................
    ................................................................
    ................................................................

  4. #4
    Join Date
    Apr 2003
    Posts
    454
    I recommend installing CSF Firewall (http://configserver.com/cp/csf.html) and enabling connection tracking. This might work as a stopgap for when you're not in front of a terminal.

  5. #5
    Join Date
    Jul 2009
    Posts
    40
    Quote Originally Posted by ReadyRick View Post
    I recommend installing CSF Firewall (http://configserver.com/cp/csf.html) and enabling connection tracking. This might work as a stopgap for when you're not in front of a terminal.
    I have CSF already installed, but I have not a problem with unwanted connections, server is not under attack. I'd like to speed up connections, which are in SYN_RECV state. These connections are in this state for a long time (avg 10s) and it is slowing down some request on the web server. Or maybe the problem is doing apache (v2.2.15), I don't know

  6. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Similar Threads

  1. A lot of connections from 127.0.0.1
    By myk8022 in forum Hosting Security and Technology
    Replies: 12
    Last Post: 03-11-2013, 05:07 AM
  2. 100's of SYN_RECV connections?
    By henningl in forum Hosting Security and Technology
    Replies: 3
    Last Post: 02-01-2010, 12:32 AM
  3. Multiple SYN_RECV connections to HTTP
    By d-lexy in forum Hosting Security and Technology
    Replies: 2
    Last Post: 01-06-2004, 06:11 AM
  4. $$$ Do YOU have connections, and want to earn a lot of money? $$$
    By EasyWebSol in forum Employment / Job Offers
    Replies: 0
    Last Post: 08-05-2003, 07:42 PM
  5. RAM SYSLOAD problems with a lot of HTTP connections!
    By ZYE in forum Dedicated Server
    Replies: 0
    Last Post: 01-26-2002, 07:43 AM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •