SYNRECV

SYNRECV is a TCP connection state used by the Linux kernel’s connection tracking subsystem to represent a partially established connection. Specifically, a connection enters the SYNRECV state after the server has received a SYN from a client and has sent a SYN-ACK in response but has not yet received the final ACK to complete the three-way handshake.

Origin and purpose

When a new TCP connection is initiated, the kernel creates a conntrack entry to monitor the handshake.

Transition and lifecycle

If the client completes the handshake by sending the ACK, the conntrack state transitions to ESTABLISHED. If

Usage in firewalls and networking tools

Administrative and security tools can match on the SYNRECV state to apply rules to half-open connections, implement

Relation to related concepts

SYNRECV is one of several conntrack states used to describe TCP connection life cycles, alongside NEW, ESTABLISHED,