DOCUMENT:Q296692 10-AUG-2001 [winnt] TITLE :Troubleshooting TCP Ports in SYN_RECEIVED State for Long Periods PRODUCT :Microsoft Windows NT PROD/VER::4.0 OPER/SYS: KEYWORDS:kbnetworkkbfaq ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Workstation version 4.0 - Microsoft Windows NT Server version 4.0 - Microsoft Windows NT Server, Enterprise Edition version 4.0 - Microsoft Windows NT Server version 4.0, Terminal Server Edition ------------------------------------------------------------------------------- SUMMARY ======= If you are using Winsock TCP ports, you may experience performance problems, such as programs that stop responding (hang). You may also notice that some TCP ports stay in the SYN_RECEIVED state for long periods of time. This article describes how to proceed if you experience these problems. MORE INFORMATION ================ If you suspect that the behaviors that you are encountering are caused by network problems, type the following command at a command prompt to view connections that are in the SYN_RECEIVED state: "netstat -n -p tcp" (without the quotation marks) Output that is similar to the following text appears after you run this command: TCP 159.173.161.130:3600 159.173.150.227:1041 SYN_RECEIVED TCP 159.173.161.130:3600 159.173.162.59:1040 SYN_RECEIVED TCP 159.173.161.130:3600 159.173.162.60:1035 SYN_RECEIVED TCP 159.173.161.130:3600 159.173.162.74:1039 SYN_RECEIVED TCP 159.173.161.130:3600 159.173.162.96:1042 SYN_RECEIVED If you run the netstat command one hour later, the TCP ports are still in the SYN_RECEIVED state, which can occur if the registry keys that control the functionality of the TCP/IP protocol are in a non-functioning state. To resolve this problem, set the following registry keys back to their default values: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value Name: TcpMaxDataRetransmissions Data Type: REG_DWORD - Number Valid Range: 0 - 0xFFFFFFFF Default: 5 Value Name: InitialRtt Data Type: REG_DWORD Valid Range: 0-65535 (decimal) Default: 0xBB8 (3000 decimal) If you find the SynAttackProtect key, and your computer is not under a SYN attack, delete this key. For additional information about how to know whether your system is under a TCP SYN attack, click the article number below to view the article in the Microsoft Knowledge Base: Q142641 Internet Server Unavailable Because of Malicious SYN Attacks In addition, verify that your network is operating properly without losing a large number of frames. To do this, create a network trace. An indication of packet loss is a high number of TCP retransmission frames. Many advanced network sniffer tools, such as Microsoft Network Monitor 2.0, are able to locate TCP retransmissions. REFERENCES ========== For additional information, click the article number below to view the article in the Microsoft Knowledge Base: Q170359 How to Modify the TCP/IP Maximum Retransmission Timeout Additional query words: ====================================================================== Keywords : kbnetwork kbfaq Component : TCP/IPServices Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT400search kbWinNTSsearch kbWinNTSEntSearch kbWinNTSEnt400 kbWinNTS400search kbWinNTS400 kbNTTermServ400 kbNTTermServSearch Version : :4.0 Hardware : x86 Issue type : kbhowto Solution Type : kbnofix ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.