Hi,
I'm having a hard time setting up an application: A web server sends a command to a second server which in turn relays it using a different protocol to an endpoint. This process takes almost a full minute for something which should be a mere second.
When I manually generate a command on server2, the data is instantly sent and confirmation is returned in under a second.
Using wireshark I captures the packets on the second server to figure out what's going on:
- I filtered out all traffic that is not between server1 and server 2, there is a bit of TCP, but most of it is DCERPC.
- Timestamp shows the passed time since the last displayed packet: I see long delays (+20seconds) at some points.
- I went down the TCPstream until I recognized some of the packet bytes that contain the first command from my code which is meant for the endpoint. (packet #2020)
- I opened a tcptrace from server1 to server2 and found that this packet #2020 is sent 46 seconds after the TCP stream started.
- After the start of the TCPstream, I see a 22sec delay, some throughput, and then a delay again for 22 seconds after which the actual command stream starts and then finishes after 6seconds.
- Looking at the packetstream, each block of data (DCERPC protocol) that comes through is ended by a TCP ACK and then a long delay.
I don't really know where to go from here to figure out what's going on. Any suggestions?
No comments:
Post a Comment