TCP Test

This test, executed by an internal agent, tracks various statistics pertaining to TCP connections to and from a host. The details of the test are provided below:

Target of the test : A host system

Agent deploying the test : An Internal agent

Outputs of the test : One set of results for each host system monitored

Configurable parameters for the test
  1. TEST PERIOD - How often should the test be executed
  2. Host - The host for which the test is to be configured.
  3. REPORTINGNAMES - The detailed diagnosis of this test lists the top-10 hosts that have established the maximum number of TCP connections with the monitored host. Set this flag to Yes if you want the detailed diagnosis to display the host name of these hosts  and not the IP address. To view the IP address of the hosts instead, set this flag to No.

  4. To make diagnosis more efficient and accurate, the eG Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

    The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

    • The eG manager license should allow the detailed diagnosis capability
    • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

In connection rate:

Connections per second received by the server

Conns/Sec

A high value can indicate an increase in input load.

Out connection rate:

Connections per second initiated by the server

Conns/Sec

A high value can indicate that one or more of the applications executing on the host have started using a number of TCP connections to some other host(s).

Current connections:

Currently established connections

Number

A sudden increase in the number of connections established on a host can indicate either an increase in load to one or more of the applications executing on the host, or that one or more of the applications are experiencing a problem (e.g., a slow down). On Microsoft Windows, the current connections metrics is the total number of TCP connections that are currently in the ESTABLISHED or CLOSE_WAIT states.

The detailed diagnosis of this test, if enabled, lists the top-10 hosts that have established the maximum number of TCP connections with the monitored host.

Connection drops:

Rate of established TCP connections dropped from the TCP listen queue.

Conns/Sec

This value should be 0 for most of the time. Any non-zero value implies that one or more applications on the host are under overload or that the bandwidth of your server is insufficient. With ample bandwidth, the server can establish and serve connections before they time out. If bandwidth is insufficient, the connections fail or are dropped.

Connection failures:

 

Rate of half open TCP connections dropped from the listen queue

Conns/Sec

TCP counts a connection as having failed when it goes directly from sending (SYN-SENT) or receiving (SYN-RCVD) to CLOSED, or from receiving (SYN-RCVD) to listening (LISTEN). This value should be 0 for most of the time. A prolonged non-zero value can indicate either that the server is under SYN attack or that there is a problem with the network link to the server that is resulting in connections being dropped without completion. It could also indicate a bandwidth shortage. If the server has sufficient bandwidth, it can establish and serve connections before they time out. If bandwidth is insufficient, the connections fail or are dropped.

This measure is not available in the Windows version of the product.

If the test reports a high number of Current Connections, then you can use the detailed diagnosis of this measure to know which hosts are contributing the TCP connection overload on the host. The detailed diagnosis lists the IP address/host names of the top-10 hosts and the number of connections that each host has established with the monitored host. 

Figure 1 : The detailed diagnosis of the Current Connections measure