Header Only - DO NOT REMOVE - Extreme Networks

Reporting on bad TCP connections with ExtremeAnalytics

Some users are reporting slowness with an online service we use, they complained to that service and were instantly told it was their computers. I saw this and rubbed my hands at the thought of using ExtremeAnalytics to prove them wrong, but everything looked alright.

So I fired up wireshark and saw that sometimes the webserver would just stop responding after SSL was negotiated; from what I can tell, these flows never made it into the Analytics flows. Is this expected behaviour?

Additionally, the server (which is actually a DDoS prevention front-end I believe) keeps the connection alive for a few minutes, so subsequent HTTPS requests go over the same connection, thus hiding a 2.5 second response time as it's not a new flow, but I doubt there's much way to identify this programmatically.

1 reply

Userlevel 2
Hi James,

Sorry for the late reply. As of right now, this is functioning as expected. We will calculate the time values based on the first tcp packets syn/syn ack and the first data packet exchange. We don't have a mechanism right now to constantly monitor a session once connected.

Thanks and regards