I have a CentOS 3 box that appears to be having problems where a TCP SYN comes into port 80 for an Apache Tomcat web application, but the rest of the TCP "3-way handshake" isn't happening. When the error occurs, I always see this pattern in tcpdump:
* A TCP SYN comes in from the client * ~3.25 second later I get another TCP SYN from the client * ~6.5 seconds after that I get a third and final SYN before the client gives up * No TCP ACKs are returned to the client to continue the 3-way handshake
The box is accepting lots of connections on lots of different ports and everything else seems to be working, but I'm occassionally getting these errors on port 80 for the last few weeks (the box has been up for a while).
Has anyone else run into anything similar to this?
Am I correct in saying that the Linux kernel, not java and/or Tomcat, handles the TCP stack, including the 3-way handshake? If so, getting past the 3-way handshake should have nothing to do with Java or Tomcat... IOW, this issue must have something to do with the OS, right?
Suggestions welcome on this strange issue!
Thanks!