This metric shows the number of TCP connections that are opened successfully. A connection is considered successfully opened when the user and server complete the 3-way handshake for opening TCP connections that consists of the following steps:
Only after all three segments are seen is the connection considered established or ready to send and receive application data.
This metric shows the number of TCP connections that are partially opened. A connection is considered partially opened when the user sends an open request and the server then sends its open request, but the client has not yet sent the final acknowledgement. In this case, only the first 2 steps in the 3-way handshake for establishing TCP connections has been completed:
Another term for this condition is half-open. Typically, this metric is very close to the . However, during a denial-of-service attack or during a port scan, this metric becomes much larger than the indicating that there are lots of requests for new connections that are never being completed.
During a normal connection, this metric is incremented. After the connection, the client sends the acknowledgement to the server's open request completing the three-way handshake, and thereby causing the to be incremented and this metric to be decremented.
This metric is the number of TCP connections that were closed using a TCP reset command. The user or the server can close a TCP connection by sending a reset command. The TCP reset command is a TCP segment with the RESET flag set. After the reset is sent, both user and server can no longer send or receive any data on the connection. TCP resets are typically sent when either the TCP connection is in an invalid state or either side needs to quickly shutdown the connection to reclaim resources in use by the connection.
This metric is the number of TCP connections that time out before being closed properly. If a connection is active for more than the TCP Timeout Period defined for your system, and no packets are sent by either the user or the server during that time, then the connection is considered inactive or timed out. This typically happens if the user is disconnected from the network or if the server becomes extremely over-loaded.