Solved

SYN Timeout: Need a brief explanation

Posted on 2008-06-25
6
3,429 Views
Last Modified: 2008-06-26
I need a quick explanation of what this means.

Jun 25 11:40:40 dsgatekeeper Jun 25 2008 11:40:40: %PIX-6-302014: Teardown TCP connection 43245574 for outside:74.202.21.66/62674 to inside:in-www/80 duration 0:00:30 bytes 0 SYN Timeout

What types of things could cause this?
0
Comment
Question by:maytawn
  • 4
  • 2
6 Comments
 
LVL 2

Expert Comment

by:dbanttari
ID: 21869327
That's indicating that someone asked to start a TCP connection, but never followed through.  Port scanners will commonly produce this symptom, as they'll send a lot of TCP SYN ("synchronize [sequence numbers]") packets, then never follow up on the response.

It's the TCP equivalent of getting called by a telemarketer, answering the phone, then getting nothing but dead silence.  Eventually you get frustrated ("time out") and hang up.
0
 
LVL 1

Author Comment

by:maytawn
ID: 21869379
Where are we at in the process of the handshake?  Did I send the SYN, but not get a response back?  What response am I waiting for that I do not recieve and eventuallty time-out?
0
 
LVL 2

Expert Comment

by:dbanttari
ID: 21869452
You got a SYN, sent back a SYN/ACK, but then there was no further communication.

If you get a LOT of those from the same source, that's called a SYN Flood attack.

Pretty pictures here:
http://en.wikipedia.org/wiki/SYN_flood
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 1

Author Comment

by:maytawn
ID: 21869576
OK... so the time-out is caused by not receiving an ACK.  Just to be clear... This could be caused by one of the following:
1) The SYNACK (that I sent) was never recieved.  
2) The SYNACK was received, but ignored and no ACK was sent
3) The SYNACK was recieved and an ACK was sent back, but the packet was lost in transit and sever arrived.

Correct?
0
 
LVL 2

Accepted Solution

by:
dbanttari earned 500 total points
ID: 21870483
That's correct-- however, if the ACK was sent back but lost due to packet loss, then a properly functioning host would resend the ACK several times, and one of them would most likely have gotten through.
0
 
LVL 2

Expert Comment

by:dbanttari
ID: 21876680
Oh-- one last note:  If a properly functioning host had decided not to follow through on the connection-open SYN request, it would have responded with a RST packet when it received your SYN/ACK packet.  That would not have produced the timeout message.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A few months ago I attended the Rocky Mountain IPv6 Summit which was a two-day educational event; it was the 3rd annual conference held here in Denver, Colorado that was held at the Hyatt Regency Denver at the Colorado Convention Center. It was an e…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now