We are experiencing performance issue with one of our application. I ran Wireshark on the server and captured the traffic. I noticed that after a few packets the client sends (TCP Keep-Alive) packet after it waits almost 29 sec. Can someone elaborate in the issue please?
asked 11 Oct '17, 18:38
edited 11 Oct '17, 18:42
Generally 'keep-alive' packet is a probe to figure out: is other endpoint still active on this particular TCP connection?
In your case some data exchange happens between server and client, then the server sends last data packet 261194 and stops transmitting further. The client ACKs this packet, but because it doesn't receive neither more data nor connection close commands it becomes uncertain - what's happened to other end? So after timeout it sends keep-alives to ask the server: are you still alive or has you been rebooted/got stuck somehow?
The server responds with Keep-alive ACK that means: my TCP stack is still active and is maintaining this TCP connection, BUT I do not receive any data/commands from my own application layer corresponding to this connection. Later it starts to send data again.
So, reasons could be:
The next we need to know is what app type is it, maybe this is normal behavior? And also it's would be useful to monitor server app process itself.
answered 11 Oct '17, 22:25
edited 11 Oct '17, 22:29