I am new to WireShark, Sorry for the silly question, I am a bit confuse about normal delay in network as stated in Wireshark 101. I am investigating delay and latency on a live office network, which type of traffic are consider as having high latency. The following shots are from a the packet capture,
64.233.184.x to 193.x.x.x This is an external to internal, [TCP keep-alive] [ACK] is this a normal delay?
Local 193.x.x.x to 191.96.x.x Can this also be termed as normal delay? How do I investigate TCP packets with problems, that is what is the cause? Will produce any more information on request.
asked 07 Oct '16, 13:07
Keep alive is not a delay. It just indicates that the server was not sending data for some time and the client is probing the server to see if the connection is still up from that side. A ACK would mean that the connection has to be kept out. At each keep-alive interval, this is done, if for the same period of time, there is no data transfer. Without a pcap it is hard to say where the delay is.
answered 08 Oct '16, 04:32