Questions tagged [tcp]
TCP stands for Transmission Control Protocol and is one of the core protocols of the Internet Protocol Suite. TCP complements the Internet Protocol (IP), and therefore the entire suite is commonly referred to as TCP/IP.
1,649
questions
229
votes
3
answers
232k
views
What is the difference between Unix sockets and TCP/IP sockets?
It's from this answer:
https://stackoverflow.com/questions/2482411/is-this-pdo-bug-fixed-now/2482424#2482424
When the host is "localhost", MySQL Unix clients use a Unix socket, AKA Unix ...
- 3,297
132
votes
8
answers
315k
views
How to forcibly close a socket in TIME_WAIT?
I run a particular program on linux which sometimes crashes. If you open it quickly after that, it listens on socket 49201 instead of 49200 as it did the first time. netstat reveals that 49200 is in ...
- 1,423
99
votes
3
answers
76k
views
How do high traffic sites service more than 65535 TCP connections?
If there is a limit on the number of ports one machine can have and a socket can only bind to an unused port number, how do servers experiencing extremely high amounts (more than the max port number) ...
- 1,129
74
votes
9
answers
147k
views
How passively monitor for tcp packet loss? (Linux)
How can I passively monitor the packet loss on TCP connections to/from my machine?
Basically, I'd like a tool that sits in the background and watches TCP ack/nak/re-transmits to generate a report on ...
- 1,099
70
votes
6
answers
207k
views
How to capture ack or syn packets by Tcpdump?
I want to use a filter rule to capture only ack or syn packets. How do I do this?
- 4,067
70
votes
4
answers
67k
views
What is the "slash" after the IP? [duplicate]
In Amazon EC2, where I set "security groups", It says: Source:
0.0.0.0/0
And then it gives an example of: 192.168.2.0/24
What is "/24"?
I know what port and IP is.
- 8,521
60
votes
8
answers
657k
views
What does "TTL expired in transit" mean on a ping attempt?
We get the message “TTL expired in transit” when we try to ping to a server in a different network segment. When we run tracert, 4 ip addresses repeat themselves indefinitely:
14 60 ms 59 ms ...
- 705
53
votes
9
answers
119k
views
Why would a server not send a SYN/ACK packet in response to a SYN packet
Lately, we've become aware of a TCP connection issue that is mostly limited to mac and Linux users who browse our websites.
From the user perspective, it presents itself as a really long connection ...
- 631
52
votes
10
answers
39k
views
Windows TCP Window Scaling Hitting plateau too early
Scenario: We have a number of Windows clients regularly uploading large files (FTP/SVN/HTTP PUT/SCP) to Linux servers that are ~100-160ms away. We have 1Gbit/s synchronous bandwidth at the office and ...
- 9,157
51
votes
4
answers
210k
views
How do I make cURL use keepalive from the command line?
I'm trying to verify that HTTP persistent connections are being used during communication with a Tomcat webserver I've got running. Currently, I can retrieve a resource on my server from a browser (e....
- 683
48
votes
11
answers
68k
views
What is the difference between UDP and TCP?
My router has two protocols (and a "both" option) that I can select when setting up port forwarding: UDP and TCP. What is the difference between these two protocols and when would you select one over ...
- 1,839
47
votes
6
answers
127k
views
44
votes
5
answers
39k
views
Can TCP and UDP packets be split into pieces?
Can TCP packets arrive to receiver by pieces?
For example, if I send 20 bytes using TCP protocol, can I be 100% sure that I will receive exactly 20 bytes at once, not 10 bytes then another 10 bytes ...
- 541
40
votes
1
answer
39k
views
Will tcpdump see packets that are being dropped by iptables?
I have a firewall with these simple rules:
iptables -A INPUT -p tcp -s 127.0.0.1/32 --dport 6000 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.16.20/32 --dport 6000 -j ACCEPT
iptables -A INPUT -p tcp ...
- 1,144
37
votes
4
answers
254k
views
Which is the default TCP connect timeout in Windows?
Which is the default TCP connect timeout in Windows? There is a registry key to configure it or it's set dynamically?
36
votes
4
answers
19k
views
Do DNS queries always travel over UDP?
I've spent a bit of time researching this topic and can't seem to find an exact answer, so I'm fairly confident it's not a duplicate, and while my question is based on a security need, I think it's ...
- 363
35
votes
1
answer
9k
views
Random TCP RST's on certain websites, what's going on?
Short version: One Windows Server 2012 machine on my network is getting persistent but intermittent TCP RSTs when connecting to certain websites. Dunno where they're coming from. Check out the ...
- 293
34
votes
3
answers
152k
views
"Possible SYN flooding" in log despite low number of SYN_RECV connections
Recently we had an apache server which was responding very slowly due to SYN flooding. The workaround for this was to enable tcp_syncookies (net.ipv4.tcp_syncookies=1 in /etc/sysctl.conf).
I posted a ...
- 2,462
32
votes
4
answers
186k
views
How to troubleshoot connectivity when curl gets an *empty response*
I want to know how to proceed in troubleshooting why a curl request to a webserver doesn't work. I'm not looking for help that would be dependent upon my environment, I just want to know how to ...
- 439
30
votes
2
answers
7k
views
Under what circumstances is TCP-over-TCP performing significantly worse than TCP alone (2014)?
Many admins keep perpetuating - on ServerFault and elsewhere - how bad of an idea TCP-over-TCP is, e.g. in VPNs. That even the slightest packet loss will make one suffer from at least severe ...
- 3,412
29
votes
7
answers
129k
views
traceroute TCP equivalent for Windows [closed]
I'm trying to determine where connectivity to an external host using a specific TCP port is being blocked. Traceroute for Windows only uses ICMP, and telnet will only tell me that the port is blocked ...
- 331
29
votes
3
answers
11k
views
Tuning iSCSI storage
This is a Canonical Question about iSCSI we can use as a reference.
iSCSI is a protocol that puts SCSI commands as payload into TCP network packets. As such, it is subject to a different set of ...
27
votes
6
answers
164k
views
Finding cause of TCP retransmission within a LAN
Hello denizens of Server Fault
I have an irritating problem with a LAN of about 100 computers, 2 Windows domain servers, and 12 VoIP phones. Since their installation around a year ago, every week or ...
- 285
24
votes
4
answers
31k
views
What is the "in-the-wire" size of a ethernet frame? 1518 or 1542?
According to the table here, it says that MTU = 1500 bytes and that the payload part is 1500 - 42 bytes or 1458 bytes (<- this is actually wrong!). Now on top of that you have to add IPv4 and UDP ...
- 585
23
votes
4
answers
34k
views
How do I prevent TCP connection freezes over an OpenVPN network?
New details added at the end of this question; it's possible that I'm zeroing in on the cause.
I have a UDP OpenVPN-based VPN set up in tap mode (I need tap because I need the VPN to pass multicast ...
- 438
22
votes
1
answer
135k
views
What does "net_ratelimit: 44 callbacks suppressed" mean on a linux?
I'm trying to tune Snort performance on a Debian based router. I was seeing stuff like:
snort packet recv contents failure: No buffer space available
So I upped the buffers to 8M and when that didn'...
- 4,740
22
votes
5
answers
20k
views
I'm designing a system to handle 10000 TCP connections per second, what problems will I run into?
I have a relatively new 8-core box running CentOS. I would like to develop a stats server that uses TCP. It's very simple, it accepts a TCP connection, increments a counter and closes the connection. ...
Larry G
22
votes
3
answers
29k
views
Sockets found by lsof but not by netstat
I have an application which is running out of file descriptors, apparently by opening sockets, but I can't find out exactly what these sockets do. These appear in the lsof output as
java 9689 ...
- 1,644
21
votes
5
answers
77k
views
What is the best way to transfer a single large file over a high-speed, high-latency WAN link?
This looks related to this one, but it's somewhat different.
There is this WAN link between two company sites, and we need to transfer a single very large file (Oracle dump, ~160 GB).
We've got full ...
- 70.7k
20
votes
2
answers
129k
views
What is [PSH, ACK] doing during my connection to a global catalog server?
A linux server of mine is trying to establish a LDAPS connection to a global catalog server and the connection is getting dropped (presumably by the GC side).
For the purpose of discussion, let's ...
- 11.9k
20
votes
1
answer
24k
views
How to expose a UNIX domain socket directly over TCP
I'd like to have a UNIX domain socket, say /var/program/program.cmd for example, exposed via TCP, lets say on port 12345. I'd also like this to be running full time in the background.
What's the best ...
- 3,235
19
votes
5
answers
20k
views
Understanding Ports: How do multiple browser tabs communicate at the same time? [closed]
I realized today that I fundamentally don't understand how port communication works.
If I fire up an instance of a webserver listening on port 80, it can respond to many requests from many different ...
- 315
19
votes
6
answers
23k
views
tool for splitting pcap files by TCP connection? [closed]
Is there tool to split a packet capture file (in pcap format) into separate files for each TCP connection ? (other than a home grown shell script which probably needs to run twice over the capture...)...
- 529
19
votes
4
answers
103k
views
What causes duplicate ACK records?
We're reviewing Wireshark captures from a few client machines that are showing multiple duplicate ACK records which then triggers retransmit and out-of-sequence packets.
These are shown in the ...
- 720
19
votes
2
answers
56k
views
Reduce firewall rules by half - one iptables rule for tcp and udp
I have a number of iptables rules on my firewall that look like this:
iptables -A zone_lan_forward -p tcp -d 1.2.3.0/24 -j ACCEPT
iptables -A zone_lan_forward -p udp -d 1.2.3.0/24 -j ACCEPT
Is there ...
- 393
19
votes
1
answer
25k
views
Difference between net.core.rmem_max and net.ipv4.tcp_rmem
What's the difference between net.core.rmem_max and the third value of net.ipv4.tcp_rmem? Which has the higher priority for tcp connections?
For below two examples, what's the max buffer for tcp ...
- 293
19
votes
3
answers
3k
views
Slow Transfers over Distance
From our NY Datacenter, transfers to locations that are farther away are having poor performance.
Using speed test to test various locations, we can saturate our 100 mbit uplink to Boston and ...
- 84k
18
votes
6
answers
36k
views
dump tcp connections without tcpdump
On a centos box, I like to dump tcp connections - I would like to see if a server tries to send requests to a certain IP. Usually tcpdump would do the trick - but tcpdump is not installed, and ...
- 1,215
18
votes
9
answers
68k
views
Apache Tomcat chokes after 300 connections
We have an apache webserver in front of Tomcat hosted on EC2, instance type is extra large with 34GB memory.
Our application deals with lot of external webservices and we have a very lousy external ...
- 183
18
votes
2
answers
61k
views
How can I search the info column in Wireshark?
Wireshark | Windows
I want to search a packet capture of SMTP traffic for specific addresses/messages. Normally, I just sort the info column and browse but it would be nice if I could just run a ...
- 11.9k
18
votes
3
answers
4k
views
Troubleshooting Network Speeds -- The Age Old Inquiry
I'm looking for help with what I'm sure is an age old question. I've found myself in a situation of yearning to understand network throughput more clearly, but I can't seem to find information that ...
- 2,149
17
votes
7
answers
9k
views
Why is it good practice to compare checksums when downloading a file?
Websites which supply ISO files for download will often give the md5 checksums of those files, which we can use to confirm that the file has downloaded correctly, and has not been corrupted.
Why is ...
- 923
17
votes
3
answers
31k
views
What is the best way to measure latency via a "telnet to port" test, preferably with built-in Linux tools?
I'm writing a Graphite/Diamond collector measuring network latency. Specifically it should measure the time it takes to open up a connection to a port on a remote server. And it needs to work via ...
- 317
17
votes
5
answers
71k
views
How to check TCP timeout in linux / macos?
I have a network problem on my MacOS that i need to troubleshoot. I know that TCP socket has internal timeout that will close connection if remote party is not responding (but no graceful disconnect ...
- 3,735
17
votes
1
answer
28k
views
Proxy with netcat forever
I am proxying a VNC TCP server port with netcat. The proxy machine runs linux.
This is the comand I use:
mkfifo backpipe
nc -l 5902 0<backpipe | nc 10.1.1.116 5902 1>backpipe
10.1.1.116 is ...
- 473
17
votes
4
answers
85k
views
What does LAST_ACK mean, as a State value in netstat?
If a Windows server has several thousand ports open in LAST_ACK state (as shown by netstat), what could this mean? Is it because one endpoint is waiting for the other to respond?
- 5,136
17
votes
1
answer
24k
views
Why do some connections time out and others get refused?
I have noticed that sometimes while trying to telnet in some random port, I have observed two kind of scenarios:
$ telnet example.com 3432
Trying 173.252.110.27...
$ telnet example.com 3432
...
- 2,788
17
votes
5
answers
8k
views
How does Intel AMT (Active Management Technology) not interfere with the TCP/IP host stack?
The Intel dev kit I've been using includes a remote management feature (also see the Ubuntu man page here) which allows remote reboots in case the operating system hangs.
It has the capability of ...
- 924
16
votes
3
answers
13k
views
Finding short-lived TCP connections owner process
Running tcpdump on local connections to an apache server, I found TCP connections being established and closed immediately every 2 seconds. How do I find which process is responsible for these? ...
- 263
15
votes
2
answers
16k
views
Determining at what time a currently open TCP connection was created?
How can I find out at what time a currently open TCP connection was established on Linux?
- 801