SonicOS 7.1 Firewall

Download PDF
Technical Documentation > SonicOS 7.1 Firewall > Advanced > TCP > TCP Traffic Statistics

TCP Traffic Statistics

You can view the TCP Traffic Statistics on the Network > Firewall > Flood Protection > TCP > TCP Traffic Statistics tab.

TCP Traffic Statistics
This statistic Is incremented/displays
Connections Opened When a TCP connection initiator sends a SYN, or a TCP connection responder receives a SYN.
Connections Closed When a TCP connection is closed when both the initiator and the responder have sent a FIN and received an ACK.
Connections Refused When a RST is encountered, and the responder is in a SYN_RCVD state.
Connections Aborted When a RST is encountered, and the responder is in some state other than SYN_RCVD.
Connection Handshake Errors When a handshake error is encountered.
Connection Handshake Timeouts When a handshake times out.
Total TCP Packets With every processed TCP packet.
Validated Packets Passed

When:

  • A TCP packet passes checksum validation (while TCP checksum validation is enabled).
  • A valid SYN packet is encountered (while SYN Flood protection is enabled).
  • A SYN Cookie is successfully validated on a packet with the ACK flag set (while SYN Flood protection is enabled).
Malformed Packets Dropped

When:

  • TCP checksum fails validation (while TCP checksum validation is enabled).
  • The TCP SACK Permitted option is encountered, but the calculated option length is incorrect.
  • The TCP MSS (Maximum Segment Size) option is encountered, but the calculated option length is incorrect.
  • The TCP SACK option data is calculated to be either less than the minimum of 6 bytes, or modulo incongruent to the block size of 4 bytes.
  • The TCP option length is determined to be invalid.
  • The TCP header length is calculated to be less than the minimum of 20 bytes.
  • The TCP header length is calculated to be greater than the packet’s data length.
Invalid Flag Packets Dropped

When a:

  • Non-SYN packet is received that cannot be located in the connection-cache (while SYN Flood protection is disabled).

  • Packet with flags other than SYN, RST+ACK ,or SYN+ACK is received during session establishment (while SYN Flood protection is enabled).

    • TCP XMAS Scan is logged if the packet has FIN, URG, and PSH flags set.

    • TCP FIN Scan is logged if the packet has the FIN flag set.

    • TCP Null Scan is logged if the packet has no flags set.

  • New TCP connection initiation is attempted with something other than just the SYN flag set.

  • Packet with the SYN flag set is received within an established TCP session.

  • Packet without the ACK flag set is received within an established TCP session.
Invalid Sequence Packets Dropped

When a:

  • Packet within an established connection is received where the sequence number is less than the connection’s oldest unacknowledged sequence.
  • Packet within an established connection is received where the sequence number is greater than the connection’s oldest unacknowledged sequence + the connection’s last advertised window size.

Invalid Acknowledgement Packets Dropped

 When an invalid acknowledgment packet is dropped.
Max Incomplete WAN Connections / sec

When a:

  • Packet is received with the ACK flag set, and with neither the RST or SYN flags set, but the SYN Cookie is determined to be invalid (while SYN Flood protection is enabled).
  • Packet’s ACK value (adjusted by the sequence number randomization offset) is less than the connection’s oldest unacknowledged sequence number.
  • Packet’s ACK value (adjusted by the sequence number randomization offset) is greater than the connection’s next expected sequence number.
Average Incomplete WAN Connections / sec The average number of incomplete WAN connections per second.
SYN Floods In Progress When a SYN flood is detected.
RST Floods In Progress When a RST flood is detected.
FIN Floods In Progress When a FIN flood is detected.
TCP Floods In Progress When a TCP flood is detected.
Total SYN, RST, FIN or TCP Floods Detected The total number of floods (SYN, RST, FIN, and TCP) detected.
TCP Connection SYN-Proxy State (WAN only) For WAN only, whether the TCP connection SYN-proxy is enabled.
Current SYN-Blacklisted Machines When a device is listed on the SYN blacklist.
Current RST-Blacklisted Machines When a device is listed on the RST blacklist.
Current FIN-Blacklisted Machines When a device is listed on the FIN blacklist.
Current TCP-Blacklisted Machines When a device is listed on the TCP blacklist.
Total SYN-Blacklisting Events When a SYN blacklisting event is detected.
Total RST-Blacklisting Events When a RST blacklisting event is detected.
Total FIN-Blacklisting Events When a FIN blacklisting event is detected.
Total TCP-Blacklisting Events When a TCP blacklisting event is detected.
Total SYN Blacklist Packets Rejected The total number of SYN packets rejected by SYN blacklisting.
Total RST Blacklist Packets Rejected The total number of RST packets rejected by SYN blacklisting.
Total FIN Blacklist Packets Rejected The total number of FIN packets rejected by SYN blacklisting.

Total TCP Blacklist Packets Rejected

 The total number of TCP packets rejected by SYN blacklisting.
Invalid SYN Flood Cookies Received When a SNY flood cookie is received.
WAN DDOS Filter State Whether the DDOS filter is enabled or disabled.
WAN DDOS Filter – Packets Rejected When a WAN DDOS Filter rejects a packet.
WAN DDOS Filter – Packets Leaked When a WAN DDOS Filter rejects a leaked packet.
WAN DDOS Filter – Allow List Count When a WAN DDOS Filter processes a packet in the Allow List.

To clear and restart the statistics displayed, click Clear Statistics icon.

Was This Article Helpful?

Help us to improve our support portal

Yes! Not Really

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden