We are currently experiencing a strange behavior : when we try to access an embedded web server (running on an ARM box / 10.73.109.155) from a Google Chrome Browser (192.168.154.44) we get a partial transfert.
When we analyze the wireshark traces we get :
It's seem that the browser send an FIN + ACK packet before receiving an "200 HTTP/OK answer" from the server. We only get a piece of the webpage.
The browser send the FIN + ACK packet after 3.68s of inactivity (the server seem to stop transmitting data). I think it was a kind of timeout but i don't find any literature about that.
My analysis is as follows :
---> It's a server-side problem
Does anyone help me by confirming this analysis ?
I know it is not a subject directly related to wireshark but if anyone has an idea ;-)
asked 15 May '15, 08:04
Disable "Allow subdissector to reassemble TCP streams" and you will see the 200 OK in frame 6.
answered 16 May '15, 04:17
The server stops sending data in the middle of the HTTP response.
See "Follow TCP Stream", at the end:
In Frame #10 you see the erie of Batterie and that's it from the server. The client closes the connection after 3.5 seconds, because it does not get any response from the server.
Looks clearly like a problem on the server, either within the TCP stack or within the HTTP server code. You won't find the reason for that with Wireshark. What could help is debugging on the embedded device.
answered 17 May '15, 06:21
Kurt Knochner ♦