|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
TCP failed connection attempts from netstat -s
Post 302399596 by cache51 on Monday 1st of March 2010 02:13:55 AM
03-01-2010
|
|
9 More Discussions You Might Find Interesting
1. AIX
Hi. I would like to be able to deny IP address for too many failed login attemps (either from ssh, sftp, ftp, etc). The system I wish this to work on is an AIX 5.1 system. I'm new to AIX but I'm a linux user. There is a program for linux called fail2ban which reads from the log files and see if... (1 Reply)
Discussion started by: metzgerh
1 Replies
2. AIX
Hi,
I have created the below ftp script to put files over to our capacity server, the check at the end works if ftp fails to run however if the script cannot login or the transfer itself failed there is no warnings.
Does anyone know the syntax to trap the erorr codes or to put a check within... (3 Replies)
Discussion started by: chlawren
3 Replies
3. UNIX for Advanced & Expert Users
Hi Experts,
need help about release or refresh TCP Connection:
i have the sample like below :
application log connection:
0500 ( 192.168.0.1:36053) 00919 2007/05/10 23:30:25 112 13 2007/05/10 23:30:25 1969/12/31 17:00:00
0500 ( 192.168.0.1:36054) 00920 2007/05/10 23:30:26 000 00... (3 Replies)
Discussion started by: bucci
3 Replies
4. UNIX for Dummies Questions & Answers
# netstat -a > /test/a
getnameinfo failed
getnameinfo failed
getnameinfo failed
getnameinfo failed
getnameinfo failed
command is working fine (as i get output in file /test/a)
# dig -x 10.xxx.xxx.xxx
; <<>> DiG 9.3.3rc2 <<>> -x 10.203.xxx.xxx
;; global... (4 Replies)
Discussion started by: crackthehit007
4 Replies
5. UNIX for Dummies Questions & Answers
I wrote a very simple script to calculate the DB connection from an appserver and check the total netstat connection to a particular DB exceed 25 then it will send mail
netstat -a 2> /dev/null | awk '/.*ESTAB/{print $5}' | cut -d. -f1 | uniq -c | awk '{if ($1 > 25)print $2," exceed ",$1;}'
... (1 Reply)
Discussion started by: senthil.ak
1 Replies
6. Solaris
Hello,
Actually there are some bugs in application which does not close the TCP connection to other server though CORBA.
We need to kill that ESTABLISHED connections as new connection are not happeneing as the allocated ports were used and showing as ESTABLISHED
Is there any... (4 Replies)
Discussion started by: GIC1986
4 Replies
7. Solaris
Hey all I'm having a big problem here. Someone is attempting an SSH to a destination host on which an account resides and locking the account. I'm trying to determine who is performing the SSH attempts from my host. For instance they're logged in as their standard account but then (I'm assuming)... (13 Replies)
Discussion started by: MaindotC
13 Replies
8. IP Networking
Hello
netstat -p give below 6634176 connections as closed.How do we trace that which all connections are being closed on the server?
1366888371 data packet headers correctly predicted
1195906 connection requests
5227320 connection accepts
5992919... (6 Replies)
Discussion started by: Vishal_dba
6 Replies
9. Cybersecurity
The purpose of this thread is for everyone to follow the same methodology so we can create a future table, for the benefit of all, that shows how many failed login attempts (hacking) per day per server (and per minute) are happening.
This is not a thread on writing scripts or creating... (10 Replies)
Discussion started by: Neo
10 Replies
LEARN ABOUT HPUX
tcp
TCP(7P) TCP(7P) NAME
TCP - Internet Transmission Control Protocol SYNOPSIS
DESCRIPTION
The TCP protocol provides reliable, flow-controlled, two-way transmission of data. It is a byte-stream protocol used to support the socket type. TCP constructs virtual circuits between peer entities. A virtual circuit consists of remote Internet addresses, remote ports, local Internet addresses and local ports. IP uses the Internet addresses to direct messages between hosts, and the port numbers to identify a TCP entity at a particular host. Sockets using TCP are either active or passive. creates active sockets, which initiate connections to passive sockets (see connect(2)). To create a passive socket, use the system call after binding the socket with the system call (see listen(2) and bind(2)). Only passive sockets can use the call to accept incoming connections (see accept(2)). Passive sockets can underspecify their location to match incoming connection requests from multiple networks. This technique, called allows a single server to provide service to clients on multiple networks. To create a socket that listens on all networks, the Internet address must be bound for AF_INET family and for AF_INET6 family. The TCP port can still be specified even if wildcard addressing is being used. If the port is specified as zero, the system assigns a port. Once has a rendezvous with a connect request, a virtual circuit is established between peer entities. supplies the local port and local Internet address and gathers the remote port and remote Internet address from the peer requesting the connection. Options The system supports the following socket options: and (defined in the include file The option can only be used with while and can be set with and tested with (see getsockopt(2)). These options require level to be set to in the call. (non-boolean option) lets an application to receive the current segment size of the TCP SOCK_STREAM socket. The current segment size will be returned in optval. (boolean option) causes small amounts of output to be sent immediately. (non-boolean option) sets the second threshold timer for the connections that are in ESTABLISHED state. The option value is the threshold time in milliseconds. When it must retransmit packets because a timer has expired, TCP first compares the total time it has waited against the two thresholds, as described in RFC 1122, 4.2.3.5. If it has waited longer than the second threshold (R2), TCP terminates the connection. The default value for this option is the current value of the ndd tunable parameter Refer to ndd(1M) online help for details on the default value. (non-boolean option) sets the second threshold timer during connection establishment. The option value is the threshold time in milliseconds. This option is the same as except that this value is used during connection establishment. When it must retransmit the SYN packet because a timer has expired, TCP first compares the total time it has waited against the two thresh- olds. If it has waited longer than the second threshold, TCP terminates the connection. The default value for this option is the current value of the ndd tunable See ndd(1M) online help for details on the default value. (non-boolean option) When the option is enabled, TCP probes a connection that has been idle for some amount of time. If the remote system does not respond to a keepalive probe, TCP retransmits the probe for a certain number of times before a connection is consid- ered to be broken. Use the option with the option to affect this value for a given socket. If the remote system does not respond to a keepalive probe, TCP retransmits the probe after some amount of time. The time interval between each keepalive probe is decided by the TCP's normal retransmission algorithm. Users do not have direct con- trol of the algorithm. For a given socket, the expression determines when the retransmission attempts will time out and the connection is broken. If both and are not specified or if either one of them is not specified, then the retransmission algorithm will run up to This option takes an value, with a range of 1 to 32767. (non-boolean option) When the option is enabled, TCP probes a connection that has been idle for some amount of time. The default value for this idle period is 2 hours. The option can be used to affect this value for a given socket, and specifies the number of seconds of idle time between keepalive probes. This option takes an value, with a range of 1 to 32767. (non-boolean option) If a TCP connection cannot be established within some amount of time, TCP will time out the connect attempt. The default value for this initial connection establish- ment timeout is 75 seconds. The option can be used to affect this initial timeout period for a given socket, and specifies the number of seconds to wait before the connect attempt is timed out. For passive connections, the option value is inherited from the listening socket. This option takes an value, with a range of 1 to 32767. (non-boolean option) When the option is enabled, TCP probes a connection that has been idle for some amount of time. This option is used with the option. Refer to the description of option above. This option takes an value, with a range of 1 to 32767. (boolean option) When this option is enabled, the sender places a timestamp in each data segment. The receiver, if configured to accept them, sends these timestamps back in ACK segments. This provides the sender with a mechanism with which to measure round-trip time. TCP provides a Boolean option, (from the header file) to enable or disable this option. This option takes an value. When this option is enabled, the option is also enabled. (boolean option) When the PAWS (Protect Against Wrapped Sequence numbers) option is enabled, the receiver rejects any old duplicate segments that are received. This option is used on syn- chronized TCP connections only. TCP provides a Boolean option, (from the header file) to enable or disable this option. This option takes an value. This option automatically turns the option on. (boolean option) When the Selective Acknowledgment (SACK) option is enabled, the data receiver can inform the sender about all segments that have arrived successfully. In this way, the sender need retransmit only those segments that have actually been lost. This option is useful in cases where multiple seg- ments are dropped. TCP provides a Boolean option, (from the header file) to enable or disable this option. This option takes an value. If is set, the system sends small amounts of output immediately rather than gathering them into a single packet after an acknowledgement is received. If is not set, the system sends data when it is presented, if there is no outstanding unacknowledged data. If there is out- standing unacknowledged data, the system gathers small amounts of data to be sent in a single packet once an acknowledgement is received. For clients such as window managers that send a stream of mouse events which receive no replies, this packetization may cause significant delays. The option can be used to avoid this situation. Note, however, that setting the option may result in a large number of small packets being sent over the network. By default, is not set when a socket is created. The option level to use for accessing the TCP option with the or calls is the protocol number for TCP which is available from (see getpro- toent(3N)). If the socket option is enabled on an established TCP connection and the connection has been idle for two hours, TCP sends a packet to the remote socket, expecting the remote TCP to acknowledge that the connection is still active. If the remote TCP does not respond in a timely manner, TCP continues to send keepalive packets according to its normal retransmission algorithm. If the remote TCP does not respond within a particular time limit, TCP drops the connection. The next socket system call (for example, returns an error, and is set to See getsockopt(2) for details on enabling The default send and receives buffer size is 32768 bytes (see below). The send and receive buffer sizes for TCP stream sockets can be altered by using the and options of the system call or the and options of the system call. Refer to getsockopt(2) or t_optmgmt(3) for details. The maximum transmit buffer size for a TCP stream socket is 2147483647 bytes. The maximum receive buffer size for a TCP stream socket is 1073725440 bytes. These maximum values can be lowered using the ndd variables and ERRORS
One of the following errors may be returned in if a socket operation fails. For a more detailed list of errors, see the man pages for spe- cific system calls. The socket is already connected. No buffer space is available for an internal data structure. Connection dropped due to excessive retransmissions. The connection was forcibly closed by the peer socket. Remote peer actively refuses connection establishment (usually because no process is listening to the port). The specified address is already in use. The specified address is not available on this machine. WARNINGS
The default socket buffer size might increase without notice in a future release or patch. Therefore, if an application calls with it should do so before calling or it should first call with and ensure that the intended new receive buffer size is not less than the current buffer size. These programming conventions are consistent with TCP protocol restrictions against reducing the TCP receive window after a connection has been established. AUTHOR
The socket interfaces to TCP were developed by the University of California, Berkeley. SEE ALSO
ndd(1M), getsockopt(2), recv(2), send(2), socket(2), t_open(3), t_optmgmt(3), socket(7), inet(7F). RFC 793 Transmission Control Protocol RFC 1122 Requirements for Internet hosts RFC 1323 TCP Extensions for High Performance RFC 1878 Variable Length Subnet Table for IPv4 RFC 2018 TCP Selective Acknowledgement Options RFC 2414 Increasing TCP's Initial Window RFC 2582 NewReno Modifications to TCP's Fast Recovery Algorithm TCP(7P)