This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SQL Server Communication dropping

0

We have this application that we use to grab information from one SQL Server and do some calculations and so on, then put information into another SQL Server. We have been having some issues with it lately where it just stops working. Originally I had found duplicate SPNs and removed the dups and the application started working. now it stopped again. I ran wireshark on the workstation that uses this application and I'm seeing a lot of bad TCP. can someone help me figure out what all this means?

Capture File

alt text

asked 30 Sep '15, 07:45

ThompsonAdmin's gravatar image

ThompsonAdmin
6224
accept rate: 0%

edited 30 Sep '15, 13:09

What do you exactly mean with "bad TCPs"

Do you mean the TCP Keep alive packets?

(30 Sep '15, 12:28) Christian_R

i mean its highlighted with black background and red text by keep alive i guess i'm refering to this... tcp.analysis.keep_alive

(30 Sep '15, 13:08) ThompsonAdmin

One Answer:

0

Ok. That is no real error. If for a defined period (could be mostly configured and this case 30 sec.) no segements had beeen received then the stacks probes if the session is still alive with so called "TCP-KEEP-ALLIVES" You can identify the frames by their SEQ number, because it is "SEQ Number of TCP-KEEP-ALLIVE = Expected SEQ Number - 1" .

So it will tell the system 192.168.0.23 that it is still waiting.

answered 30 Sep '15, 13:37

Christian_R's gravatar image

Christian_R
1.8k2625
accept rate: 16%