1 | initial version |
I wasn't unable to download the pcap. Adding a column for bytes-in-flight or tcptrace graph might help visually. Wireshark tracks bytes-in-flight and the window size. Wireshark "TCP Window Full" is Wireshark's way of saying that the sender can't send any more data because it has fill the advertised window.
Frame 44967, Wireshark is saying 1.27.223.175 can't send any more data because it has filled 192.5.10.69 advertised window. The client, 1.27.223.175, has to wait for an update from 192.5.10.69 before it can send more data. Frame 44968, 192.5.10.69 is advertising the window size 0. Don't send me any data. Frame 44969, 1.27.223.175 sends TCP Keep-Alive because it is waiting for 192.5.10.69 to an update. Also, this ensures it didn't miss the update. Frame 46149, 192.5.10.69 updates its window size. 1.27.223.175 starts sending data again.
I suggest increasing the window size for 192.50.10.69. If that isn't possible, find out why it's having problems processing packets.