SYN Timeout: Need a brief explanation

Posted on 2008-06-25
Last Modified: 2008-06-26
I need a quick explanation of what this means.

Jun 25 11:40:40 dsgatekeeper Jun 25 2008 11:40:40: %PIX-6-302014: Teardown TCP connection 43245574 for outside: to inside:in-www/80 duration 0:00:30 bytes 0 SYN Timeout

What types of things could cause this?
Question by:maytawn
  • 4
  • 2

Expert Comment

ID: 21869327
That's indicating that someone asked to start a TCP connection, but never followed through.  Port scanners will commonly produce this symptom, as they'll send a lot of TCP SYN ("synchronize [sequence numbers]") packets, then never follow up on the response.

It's the TCP equivalent of getting called by a telemarketer, answering the phone, then getting nothing but dead silence.  Eventually you get frustrated ("time out") and hang up.

Author Comment

ID: 21869379
Where are we at in the process of the handshake?  Did I send the SYN, but not get a response back?  What response am I waiting for that I do not recieve and eventuallty time-out?

Expert Comment

ID: 21869452
You got a SYN, sent back a SYN/ACK, but then there was no further communication.

If you get a LOT of those from the same source, that's called a SYN Flood attack.

Pretty pictures here:
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Author Comment

ID: 21869576
OK... so the time-out is caused by not receiving an ACK.  Just to be clear... This could be caused by one of the following:
1) The SYNACK (that I sent) was never recieved.  
2) The SYNACK was received, but ignored and no ACK was sent
3) The SYNACK was recieved and an ACK was sent back, but the packet was lost in transit and sever arrived.


Accepted Solution

dbanttari earned 500 total points
ID: 21870483
That's correct-- however, if the ACK was sent back but lost due to packet loss, then a properly functioning host would resend the ACK several times, and one of them would most likely have gotten through.

Expert Comment

ID: 21876680
Oh-- one last note:  If a properly functioning host had decided not to follow through on the connection-open SYN request, it would have responded with a RST packet when it received your SYN/ACK packet.  That would not have produced the timeout message.

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Direct Access 2012R2 Two Network Card Configuration Behind TMG 2010 3 49
MPLS VRF bridging 4 59
pfSense IP Helper 4 172
Advertise subnet not directly attached 6 30
Please see preceding article here: Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question