This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Secure Sockets Layer Question

0

Hello,

I am analyzing a stream between a client and server in where the server is SaaS. There has been some lengthy lag time with the application and I have been tracking it down where I can from our end. In this particular stream things are clicking back and forth at a good pace then our client machine sends an ACK packet then 28.365017 whole seconds later our client sends some kind of data to the server WS shows me it's secure sockets layer with no info in the info column. Is there anyway to figure out what caused this delay? This seems to be the pattern when I'm looking at other streams where things clip along then it takes our client 30 seconds plus to send something to the server.

Thanks,

asked 21 Feb '17, 10:44

rock90's gravatar image

rock90
21111115
accept rate: 0%


One Answer:

0

Look in your sniffer data for [TCP Window Full] or [Zero Window] packets. It might be that your client resources are over utilized.

Another possible reason for taking a long time to reply might be security software (Antivirus, IPS, etc.) which takes a while to scan certain packets prior to allowing them through to be processed.

For either/both of the above, you might try looking at Microsoft's PerfMon statistics to see if there is anything (certain process(s)) with a high CPU utilization or perhaps if you're out of RAM, your machine might be disk swapping.

Cheers,

answered 21 Mar '17, 00:06

wbenton's gravatar image

wbenton
29227
accept rate: 0%