Monitoring TCP health
The TCPTransmission Control Protocol Health report shows the number of aborted, refused, and ignored connections over time. The report can be categorized by applications, internal hosts, or external hosts. You can drill into particular apps or hosts to view the health for particular traffic.
This report can answers questions such as:
- Why are there so many retransmissions for a particular application or host?"
The definitions of aborted, refused and ignored connections used by the TCP Health report:
- Aborted— Connections were established, but were closed by a RST (reset) issued by either the client or server rather than a clean close. High numbers of aborted connections can point to network or server problems.
- Refused— A SYN packet was observed and a RST or ICMPInternet Control Message Protocol "connection refused" message was received in response. This usually means the server is up, but the application is unavailable or not working correctly. It can also indicate a TCP port scan is occurring.
- Ignored— A SYN packet was observed, but no SYN-ACK response was received. This usually means the server is not responding, does not exist, is not accessible, or is ignoring the connection request. It can also indicate a TCP port scan is occurring.
VERSION INFO
A new internal mechanism was implemented in the ExOS 7.4.2 firmware that prevents Exinda Appliances from being affected by DDoS attacks. As a consequence, the “Ignored Connections” historical report is no longer available, but the Real Time TCP Health report still includes the number of ignored connections.
The TCP Health report displays data about connections over time.
The most unhealthy applications or hosts are shown in the table below the charts. The table shows the number of connections, number of aborted, ignored, and refused connections. You can click the name of the application or host to view the TCP Health details and a graph for that item.
The TCP Health report displays the applications with the most connections.
Where do I find this report?
To access the report:
- On your browser, open the Exinda Web UI (
https://Exinda_IPInternet protocol_address). - Key-in the User and Password.
- Click Login.
- Go to Monitor > Service Levels > TCP Health.
Monitoring reports can be exported as a PDF document, saved as a scheduled report, or can be printed directly from the Web UI. For more information refer to Exporting, printing and scheduling reports.
How do I interact with the interactive flash time graphs?
- To understand how to get a better look at traffic patterns and to remove clutter on the time graph, see Using Interactive Time Graphs.
- To understand how to set the desired time range for a chart, see Setting the Time Range.
- To understand how to print the report or schedule the report, see Printing and Scheduling Reports.