Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1782839
  • 博文数量: 310
  • 博客积分: 6853
  • 博客等级: 准将
  • 技术积分: 2833
  • 用 户 组: 普通用户
  • 注册时间: 2005-08-04 16:41












2011-05-19 19:50:28

Understand the stats are showing something we don't want to see. So let's look at some
things we can consider in reviewing them.

There will be some failed connection attempts normally, although 40% does seem high.
Without knowing the actual output of the netstat -s, cannot really comment.

The next thing to do is to see if this is happening on ALL the servers. If it is on all the servers,
then you might want to look at either some "global" things or "common" things. Globally things
to look at of course is the hardware that all these machines are connected to, any policies on
the servers/domain with restrictions for access to resources, things like that. Common things
would be antivirus on the machines, do they all have server protect or other protection
software that could cause packet rejections.

The netstat -s collects informaiotn concerning the Interface Statistics, IP stats, TCP Stats and
UDP stats. The "failed connection attempts" are part of the TCP stats. It represents the
number of embryonic connections dropped.

The number of embryonic connecitons dropped( before SYN received ) = the number of
transitions form SYN_SENT or SYN_RCVD to CLOSED + the number of transitions from
SYN_RCVD to LISTEN states.

You should do - really nothing. It is just a statistic and not causing any performance issues.
What could be happening is that there is/are applications that are not sending SYN packets in
a timely manner or a switch/router that could be disgarding some. But if you are having
performance issues on your network, this particular statistic is not what is causing it.

To anil down what is happening, you will need to run some packet sniffer traces, such as
netowkr monitor and analyze the traces to find the source.

Hope this helps,
阅读(1045) | 评论(0) | 转发(0) |