This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I'm trying to troubleshoot a problem with slow response times when accessing our Internal Intranet web based apps. I've run a WS capture from my machine to the server. My PC is 172.27.10.19 Web Server - 10.44.145.171

I've followed the tcp stream and displayed the time as "seconds since previous displayed packet"

Does my attached show a possible issue on the server end? I can see it takes over 6 seconds at one point for my GET command to receive the first packet. I'm not 100% sure on reading the captures so any other things I should be looking out for would be greatly appreciated.

Thanksalt text

asked 26 May '14, 08:25

exit12's gravatar image

exit12
11557
accept rate: 0%


It's interesting that the ACK for the GET arrives in about 40 milliseconds, and then it takes 6 seconds before the content delivery starts. So yes, I'd say your server takes that much time to gather the web page contents. The TCP stack of that server is fast though, which you can tell from the ACK arriving in 40ms. So the server is not slow as a whole, but it's the application on the server that takes that long.

For a web page this can often be a problem of another server, because web servers not always also run the databases the page is created from. So you might want to check if there is a database server that takes a while to deliver the content that the web server needs to render the HTML page. Usually delays like this are a result of a lot of calculation going on before the page is complete, e.g. large database search requests or other intense things.

permanent link

answered 26 May '14, 08:35

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Hi Jasper,

Thanks for that. I do know the Server (.171) goes off to another server to authenticate my AD account I'm logged on with when I make a request for the URL. Potentially this is the cause of the problems. I'm guessing I'll need to run a trace on the actual server itself?

(26 May '14, 09:46) exit12

Yes, you need to track all connections that take place in the "backend" of the server while it is creating the web page. Find out what keeps it from delivering the page sooner - it's usually easy to tell what the server was waiting for if you capture at the server itself.

(26 May '14, 10:32) Jasper ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×55

question asked: 26 May '14, 08:25

question was seen: 1,703 times

last updated: 26 May '14, 10:32

p​o​w​e​r​e​d by O​S​Q​A