The contents of the connection table is in
/proc/net/ip_conntrack

Example:
tcp    6 65 TIME_WAIT src=192.168.1.4 dst=20.x.y.40 sport=4986 dport=80 src=207.46.109.40 dst=192.168.1.4 sport=80 dport=4986 [ASSURED] mark=0 use=1

So go nuts with grep/awk/sed/sort/uniq etc to find what is consuming all the connections.

+1 for what Mike said about dropping the timeouts to something more sensible. FWIW Checkpoint uses a default TCP timer of 1 hour. Use 4 hours to be conservative.
--
gentoo-user@(protected)