Connection Timed Out: Complete Diagnosis

Identify and resolve network connection problems.

The "Connection timed out" message indicates that the connection couldn't even be established. Unlike a 504 error where server responds slowly, here the server doesn't respond at all. Target machine is unreachable from source.

This type of timeout can have very varied causes: server completely down, DNS problem, blocking firewall, or network overload. Diagnosis requires a systematic approach to isolate the problem.

This guide walks you through connection timeout diagnosis, from basic verification to advanced network tests.

Understanding Connection Timeout

A connection timeout occurs before HTTP communication even begins:

  • TCP phase: Before HTTP, a TCP connection must be established (SYN/SYN-ACK/ACK handshake). Timeout occurs if this handshake doesn't complete.
  • Total silence: Server responds nothing - no error, no refusal, just silence. Client waits until configured timeout.
  • Variable delay: Timeout depends on client configuration. curl waits 300s by default, browsers 30-60s. MoniTao uses configurable timeouts.
  • Difficult localization: Problem can be anywhere between source and destination: server, network, DNS, firewall, load balancer...

Main Causes of Connection Timeouts

Here are the most frequent causes:

  • Server down: Simplest cause: machine is off, crashed, or service not listening on port. SSH verification from host console.
  • DNS problem: Domain resolves to wrong IP, or no longer resolves at all. Client tries to contact a non-existent machine.
  • Blocking firewall: A firewall (server, network, cloud security group) blocks incoming traffic. Packet is silently dropped.
  • Network overload: Server is so overloaded its TCP stack can't accept new connections. Backlog full.
  • Routing problem: Packets don't reach destination due to BGP problem, blackhole, or missing route.

Diagnostic Steps

Follow this systematic approach:

  1. Verify DNS resolution: Make sure domain resolves to correct IP. Compare with expected IP.
  2. Test ICMP ping: If ping works, machine is reachable at IP level. If not, it's a network or server problem.
  3. Test specific port: Use telnet or nc to test if port 80/443 accepts connections. Refusal indicates firewall or service down.
  4. Trace the route: traceroute/mtr shows where packets stop. Identify the problematic hop.
  5. Test from multiple sources: Is problem global or localized? Test from different geographic locations.

Diagnostic Commands

Here are essential commands to diagnose connection timeout:

# Verify DNS resolution
nslookup example.com
dig example.com +short

# Test ICMP connectivity
ping -c 5 example.com

# Test specific port
nc -zv example.com 443
telnet example.com 80

# Trace the route
traceroute example.com
mtr -r example.com

# HTTP test with timing details
curl -v --connect-timeout 10 https://example.com

Start with DNS (nslookup), then basic connectivity (ping), then specific port (nc). If all fails, traceroute shows where it blocks.

Solutions by Cause

Apply the solution matching your diagnosis:

  • Server down: Restart server or service from your host's console. Check logs to understand the crash.
  • DNS problem: Fix DNS records in your zone. Wait for propagation (or purge local cache).
  • Firewall: Open necessary ports in iptables, AWS/GCP security groups, or your host's firewall.
  • Overload: Increase connection limits (net.core.somaxconn), add resources, or set up load balancing.

Preventing Connection Timeouts

Avoid future interruptions:

  • Multi-location monitoring: MoniTao checks from multiple geographic points. A regional routing problem is detected immediately.
  • DNS alerts: Monitor your DNS records to detect unauthorized changes or expirations.
  • Redundancy: DNS failover, multiple load balancers, servers in different zones. Eliminate SPOFs.
  • Infra documentation: Document your IPs, ports, firewall rules. In case of problem, you know where to look.

Connection Timeout Diagnostic Checklist

  • Verify domain DNS resolution
  • Test ping connectivity to server
  • Test connection to specific port (80/443)
  • Verify firewall rules server-side
  • Test from another location
  • Check server status via host console

Frequently Asked Questions

What's the difference between connection timeout and read timeout?

Connection timeout = can't establish TCP connection. Read timeout = connection established but server doesn't respond fast enough. First is network/server down problem, second is performance problem.

My site works in my browser but MoniTao says timeout?

Possible DNS cache problem (your machine has old IP), or geolocation (MoniTao tests from other countries). Flush your DNS cache and test from a VPN.

How to distinguish server down from blocking firewall?

A down server responds to nothing (ping timeout). A firewall might let ping through but block port 443. Test both separately.

Does timeout depend on my internet connection?

No, a connection timeout indicates server doesn't respond. Your internet connection can be perfect, if server is down, it times out.

Why does timeout happen only sometimes?

Intermittent server overload, transient BGP routing problem, or rate limiting blocking some requests. Multi-location tests help identify.

How to configure timeout in MoniTao?

In monitor settings, you can set connection timeout (default 30s). For slow servers, increase it. For fast detection, reduce it.

Conclusion

Connection timeout is a symptom of an accessibility problem. Server, network, or intermediary prevents communication. Systematic diagnosis isolates the culprit.

With MoniTao, you're alerted as soon as timeout occurs, from multiple locations. You immediately know if problem is global or localized, and can react before users notice.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing