https://community.hpe.com/t5/operating-system-hp-ux/socket-overflows/m-p/3173587#M570152 Try to determine which Process is causing yoru socket overflows. Once you determine that find out why the application is not pulling data off the socket fast enough.<BR /><BR />The Customer viewable document is KBRC00007731, in the Technical Knowledge base.<BR />Here is a portion of the document. <BR /># netstat -s -p udp<BR />udp:<BR /> 0 incomplete headers<BR /> 0 bad checksums<BR /> 6 socket overflows<BR /><BR /><BR />To isolate the connection the overflows were created on use the ndd<BR />command<BR /><BR /># ndd -get /dev/udp ip_udp_status<BR /><BR />UDP ipc hidx lport fport laddr faddr flags overflows<BR />01cba440 0033 c033 0000 000.000.000.000 000.000.000.000 20800000 0000000000<BR />01b19640 0043 0043 0000 000.000.000.000 000.000.000.000 a0800000 0000000000<BR />01c22240 0049 0849 0000 000.000.000.000 000.000.000.000 20800000 0000000000<BR /><BR />01c05d40 0059 c059 0000 000.000.000.000 000.000.000.000 20800000 0000000006<BR /><BR />0155b440 006f 006f 0000 000.000.000.000 000.000.000.000 20800000 0000000000<BR />01baae40 0087 0287 0000 000.000.000.000 000.000.000.000 20800000 0000000000<BR />01c19940 0087 0087 0000 000.000.000.000 000.000.000.000 20800000 0000000000<BR /><BR /><BR /><BR />The third field from the left, lport, is the UDP applications listener<BR />port. This value is in hex, convert this to decimal to see which UDP port<BR />the application is running on.<BR /><BR />c059 hexadecimal converts to 49241 decimal<BR /><BR />Using lsof the process i.d. and program name can be found.<BR />./opt/lsof -i | grep 49241<BR />COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME<BR />inetd 967 root 29u inet 0x1c05d40 0t0 UDP *:49241 (Idle)<BR />rpc.spray 1966 root 0u inet 0x1c05d40 0t0 UDP *:49241 (Idle)<BR />rpc.spray 1966 root 1u inet 0x1c05d40 0t0 UDP *:49241 (Idle)<BR />rpc.spray 1966 root 2u inet 0x1c05d40 0t0 UDP *:49241 (Idle)<BR /><BR />In this case the program causing the problem was spray or rpc.sprayd which is<BR />an rpc application used to send / receive UDP packets.<BR /><BR />lsof is a public domain utility readily available on the internet, try<BR />the HPUX Software Porting and Archive Centre.<BR /><BR /><A href="http://hpux.cs.utah.edu/" target="_blank">http://hpux.cs.utah.edu/</A><BR /><BR /><BR /> Mon, 26 Jan 2004 09:15:00 GMT Todd Whitcher 2004-01-26T09:15:00Z https://community.hpe.com/t5/operating-system-hp-ux/socket-overflows/m-p/3173586#M570151 Hi,<BR />I am running HPUX 11.0. Wneb I do a netstat -s I see under the udp section: socket overflows = 2738.(for one morning)and it's increase.<BR />I'm not use My server for Nfs, and I try to increase nfsd to 64.But my problem still exist.<BR />why can I do ?<BR /> Mon, 26 Jan 2004 05:57:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/socket-overflows/m-p/3173586#M570151 bruandet 2004-01-26T05:57:08Z https://community.hpe.com/t5/operating-system-hp-ux/socket-overflows/m-p/3173587#M570152 Try to determine which Process is causing yoru socket overflows. Once you determine that find out why the application is not pulling data off the socket fast enough.<BR /><BR />The Customer viewable document is KBRC00007731, in the Technical Knowledge base.<BR />Here is a portion of the document. <BR /># netstat -s -p udp<BR />udp:<BR /> 0 incomplete headers<BR /> 0 bad checksums<BR /> 6 socket overflows<BR /><BR /><BR />To isolate the connection the overflows were created on use the ndd<BR />command<BR /><BR /># ndd -get /dev/udp ip_udp_status<BR /><BR />UDP ipc hidx lport fport laddr faddr flags overflows<BR />01cba440 0033 c033 0000 000.000.000.000 000.000.000.000 20800000 0000000000<BR />01b19640 0043 0043 0000 000.000.000.000 000.000.000.000 a0800000 0000000000<BR />01c22240 0049 0849 0000 000.000.000.000 000.000.000.000 20800000 0000000000<BR /><BR />01c05d40 0059 c059 0000 000.000.000.000 000.000.000.000 20800000 0000000006<BR /><BR />0155b440 006f 006f 0000 000.000.000.000 000.000.000.000 20800000 0000000000<BR />01baae40 0087 0287 0000 000.000.000.000 000.000.000.000 20800000 0000000000<BR />01c19940 0087 0087 0000 000.000.000.000 000.000.000.000 20800000 0000000000<BR /><BR /><BR /><BR />The third field from the left, lport, is the UDP applications listener<BR />port. This value is in hex, convert this to decimal to see which UDP port<BR />the application is running on.<BR /><BR />c059 hexadecimal converts to 49241 decimal<BR /><BR />Using lsof the process i.d. and program name can be found.<BR />./opt/lsof -i | grep 49241<BR />COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME<BR />inetd 967 root 29u inet 0x1c05d40 0t0 UDP *:49241 (Idle)<BR />rpc.spray 1966 root 0u inet 0x1c05d40 0t0 UDP *:49241 (Idle)<BR />rpc.spray 1966 root 1u inet 0x1c05d40 0t0 UDP *:49241 (Idle)<BR />rpc.spray 1966 root 2u inet 0x1c05d40 0t0 UDP *:49241 (Idle)<BR /><BR />In this case the program causing the problem was spray or rpc.sprayd which is<BR />an rpc application used to send / receive UDP packets.<BR /><BR />lsof is a public domain utility readily available on the internet, try<BR />the HPUX Software Porting and Archive Centre.<BR /><BR /><A href="http://hpux.cs.utah.edu/" target="_blank">http://hpux.cs.utah.edu/</A><BR /><BR /><BR /> Mon, 26 Jan 2004 09:15:00 GMT https://community.hpe.com/t5/operating-system-hp-ux/socket-overflows/m-p/3173587#M570152 Todd Whitcher 2004-01-26T09:15:00Z https://community.hpe.com/t5/operating-system-hp-ux/socket-overflows/m-p/3173588#M570153 ok, thank you I have to identify application which posed problem. Mon, 26 Jan 2004 14:58:17 GMT https://community.hpe.com/t5/operating-system-hp-ux/socket-overflows/m-p/3173588#M570153 bruandet 2004-01-26T14:58:17Z