This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Web app timeout and tcp retransmission

1

We're having an issue with a web based app. The client keeps timing out and losing it's connection to the web server. We're not having any other issues with other web based apps/functions timing out. I did a trace with wireshark and saw 5 tcp retransmissions right before the timeout. I also noticed that in each tcp retransmission the RTO incremented. The first was .38 seconds then 1,14, 2.66, 5.7 and 11.78.

Does this point to a latency issue on the network? We're behind a sonicwall but there doesn't appear to be anything going on in there that's killing the sessions.

Anything else I should look for in the capture?

asked 11 Jan '16, 11:31

dbuckley77's gravatar image

dbuckley77
21113
accept rate: 0%


One Answer:

1

The increasing RTO is normal, it's not a latency issue.

I'd recommend capturing at client and server simultaneously (with additional devices, not the hosts themselves) to determine what actually happens on the network. You should see that some packets are not getting through the network between the two capture points, or are not answered by the server.

See also https://blog.packet-foo.com/2015/02/working-with-multi-point-captures/

answered 11 Jan '16, 11:35

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 11 Jan '16, 11:36

Well the server is actually the software vendor's webserver so I wouldn't be able to do a capture from that side.

(11 Jan '16, 12:06) dbuckley77

Okay, then you need to capture at the point that is as close to the perimeter as possible, e.g. the WAN interface of your Firewall. By comparing the packets you can tell if the problem is on your side or theirs.

(11 Jan '16, 12:37) Jasper ♦♦