This is a static archive of our old Q&A Site. Please post any new questions and answers at

Investigating delay and latency


I am new to WireShark, Sorry for the silly question, I am a bit confuse about normal delay in network as stated in Wireshark 101. I am investigating delay and latency on a live office network, which type of traffic are consider as having high latency. The following shots are from a the packet capture,

64.233.184.x to 193.x.x.x This is an external to internal, [TCP keep-alive] [ACK] is this a normal delay?

alt text Local 193.x.x.x to 191.96.x.x Can this also be termed as normal delay? How do I investigate TCP packets with problems, that is what is the cause? alt text Will produce any more information on request.


asked 07 Oct '16, 13:07

yabad0o's gravatar image

accept rate: 0%

One Answer:


Keep alive is not a delay. It just indicates that the server was not sending data for some time and the client is probing the server to see if the connection is still up from that side. A ACK would mean that the connection has to be kept out. At each keep-alive interval, this is done, if for the same period of time, there is no data transfer. Without a pcap it is hard to say where the delay is.

answered 08 Oct '16, 04:32

Prajith%20Vettil's gravatar image

Prajith Vettil
accept rate: 100%