This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Slow connection to a website

0

Hello,

I'm looking for help about a problem that I have on my network. Some users complain about a very slow connection to a website, so I ran wireshark and did some tests. Sometime the website load very quickly and other times, it's just impossible to reach the page. When the website is impossible to reach, other website (like google) works perfectly.

I don't know much about wireshark and network so I would very much appreciate if you could take a look at my log, (I use tracewangler for anonymise the file but maybe I remove too many information, tell me if that's the case :) ). There's two files, one where the connection work fine, and the other where the connection took + 1min. https://docs.google.com/file/d/0B8elDt4XYQVoRk5mZlJybzlGeEU/edit?pli=1 https://docs.google.com/file/d/0B8elDt4XYQVoRDNaQ3ktTHliM2s/edit (English is not my native language, sorry for the mistakes..)

Thanks

Valentin Chesné

asked 12 Dec '14, 01:32

vch's gravatar image

vch
11112
accept rate: 0%


One Answer:

0

It is a little bit sadly that we can´t see the session termination in the good example for baselining reasons.

But what do we see in the traces. We see that you have four parallel sessions to the server "x.y.218.39" And all are established at nearly the same time.

Then we see some data transmission and a some Retransmissions und Loast Packets. But at this moment we can´t see that they are causing some significant problems. But shortly after that period at Paket 125 we can see that the server starts closing the sockets by sending "FIN" Pakets. This is normally not normal, becaus ethe client is normally the session leader. The Client terminates the Session with an RST, maybe he think that this behaviour is not normal. In Paket 1130 we can see an ACK for the FIN seen in Paket 125. It took 77 seconds for this ACK. After that the Client send an RST. This Session uses Port 60636 on Client Side. So apoparently the Client needs to stop this before sending new SYN Packets.

I can´t tell you more about the need of the session and why the servers closes the ports, because I can´t see the application protocol layer. Maybe it is a ntework problem, because I see in this minute less traffic.

answered 17 Apr '15, 16:28

Christian_R's gravatar image

Christian_R
1.8k2625
accept rate: 16%