A network socket is a software structure within a network node of a computer network that
serves as an endpoint for sending and receiving data across the network. The structure and
properties of a socket are defined by an application programming interface (API) for the
networking architecture. Sockets are created only during the lifetime of a process of an
application running in the node.

Because of the standardization of the TCP/IP protocols in the development of the Internet, the
term network socket is most commonly used in the context of the Internet protocol suite, and
is therefore often also referred to as Internet socket.

In this context, a socket is externally identified to other hosts by its socket address,
which is the triad of transport protocol, IP address, and port number.¹

The application programming interface (API) for the network protocol stack creates a handle
for each socket created by an application, commonly referred to as a socket descriptor. In
Unix-like operating systems, this descriptor is a type of file descriptor. It is stored by
the application process for use with every read and write operation on the communication channel.¹

1. Network_sockets
2. Linux-admins.com
   

To counteract this behavior, you can increase the limit in the
file: /proc/sys/net/ipv4/tcp_max_orphans. Simply run:

root@netdata~ # echo {DESIRED_AMOUNT} > /proc/sys/net/ipv4/tcp_max_orphans

The kernel may penalize orphans by 2x or even 4x (hence the small warning and critical thresholds).
You may need to watch for orphaned sockets during peak hours and consider multiplying that number by
3 or 4. That should give you a good starting point.

Note: Netdata strongly suggests knowing exactly what you are configuring before making system
changes.