Occasionally a busy web server may exhibit symptoms which could be
interpreted as a SYN flood. Usually this is not the case. Under a true
SYN flood a system would show large numbers of connections in the
SYN_RCVD state as shown with netstat -na.
On Solaris, the /dev/tcp driver has a default limit of 1024
active connections. This can be queried using the ndd
command as shown below:
ndd -get /dev/tcp tcp_conn_req_max_q ndd -get /dev/tcp tcp_conn_req_max_q0It is also possible to set the maximum active connection size using the
-set option to ndd.