Ask Your Question

Revision history [back]

Unusual delay during TCP connection handshake

Hi all,

I'm seeing an unusual delay (~5 seconds) on my client establishing a TCP connection to my server. I've done a Wireshark capture both on client and server and I can see on the client a delta time of 4+ seconds on the first frame it receives from the server immediately after the three-way handshake.

Another interesting thing, looking at the "time of arrival" for the 1st frame the client receives from the server ([SYN, ACK]), this timestamp is before the server even receiving the 1st frame ([SYNC]) from the client according to the server's capture. How is this possible? The clocks from the machines where the captures were done seem to be in perfect sync.

My account doesn't allow me to upload files yet, unfortunately. I'll find an alternative way to upload the captures if necessary.

Any feedback is welcome.

Thank you

Unusual delay during TCP connection handshake

Hi all,

I'm seeing an unusual delay (~5 seconds) on my client establishing a TCP connection to my server. I've done a Wireshark capture both on client and server and I can see on the client a delta time of 4+ seconds on the first frame it receives from the server immediately after the three-way handshake.

Another interesting thing, looking at the "time of arrival" for the 1st frame the client receives from the server ([SYN, ACK]), this timestamp is before the server even receiving the 1st frame ([SYNC]) from the client according to the server's capture. How is this possible? The clocks from the machines where the captures were done seem to be in perfect sync.

My account doesn't allow me to upload files yet, unfortunately. I'll find an alternative way to upload the captures if necessary.

Any feedback is welcome.

EDIT: I forgot to mention that this only happens when the client runs on a mobile phone using a specific carrier. I don't see this problem if I run the client on the same phone but using a different carrier.

Thank you

Unusual delay during TCP connection handshake

Hi all,

I'm seeing an unusual delay (~5 seconds) on my client establishing a TCP connection to my server. I've done a Wireshark capture both on client and server and I can see on the client a delta time of 4+ seconds on the first frame it receives from the server immediately after the three-way handshake.

Another interesting thing, looking at the "time of arrival" for the 1st frame the client receives from the server ([SYN, ACK]), this timestamp is before the server even receiving the 1st frame ([SYNC]) from the client according to the server's capture. How is this possible? The clocks from the machines where the captures were done seem to be in perfect sync.

My account doesn't allow me to upload files yet, unfortunately. I'll find an alternative way to upload the captures if necessary.

Any feedback is welcome.

Thank you

EDIT: I forgot to mention that this only happens when the client runs on a mobile phone using a specific carrier. I don't see this problem if I run the client on the same phone but using a different carrier.

Thank you

Unusual delay during TCP connection handshake

Hi all,

I'm seeing an unusual delay (~5 seconds) on my client establishing a TCP connection to my server. I've done a Wireshark capture both on client and server and I can see on the client a delta time of 4+ seconds on the first frame it receives from the server immediately after the three-way handshake.

Another interesting thing, looking at the "time of arrival" for the 1st frame the client receives from the server ([SYN, ACK]), this timestamp is before the server even receiving the 1st frame ([SYNC]) from the client according to the server's capture. How is this possible? The clocks from the machines where the captures were done seem to be in perfect sync.

My account doesn't allow me to upload files yet, unfortunately. I'll find an alternative way to upload the captures if necessary.

Any feedback is welcome.

Thank you

EDIT: I forgot to mention that this only happens when the client runs on a mobile phone using a specific carrier. I don't see this problem if I run the client on the same phone but using a different carrier.

EDIT: Captures added.

Server: https://www.dropbox.com/s/kyrt4vuur2ic0ku/server.pcapng?dl=0 (add filter (ip.addr eq 82.132.224.159 and ip.addr eq 192.168.1.65) and (tcp.port eq 9009)) Client: https://www.dropbox.com/s/ueftgffyy7mkqvn/client.pcapng?dl=0 (add filter (ip.addr eq 10.161.27.215 and ip.addr eq 146.199.123.130) and (tcp.port eq 9009))

Note that IP addresses and sequence numbers do not match from the two captures but it's the same TCP conversation. This is another peculiarity that only seems to happen when using this particular carrier.

Unusual delay during TCP connection handshake

Hi all,

I'm seeing an unusual delay (~5 seconds) on my client establishing a TCP connection to my server. I've done a Wireshark capture both on client and server and I can see on the client a delta time of 4+ seconds on the first frame it receives from the server immediately after the three-way handshake.

Another interesting thing, looking at the "time of arrival" for the 1st frame the client receives from the server ([SYN, ACK]), this timestamp is before the server even receiving the 1st frame ([SYNC]) from the client according to the server's capture. How is this possible? The clocks from the machines where the captures were done seem to be in perfect sync.

My account doesn't allow me to upload files yet, unfortunately. I'll find an alternative way to upload the captures if necessary.

Any feedback is welcome.

Thank you

EDIT: Edit 1: I forgot to mention that this only happens when the client runs on a mobile phone using a specific carrier. I don't see this problem if I run the client on the same phone but using a different carrier.

EDIT: EDIT 2: Captures added.

Server: https://www.dropbox.com/s/kyrt4vuur2ic0ku/server.pcapng?dl=0 (add filter (ip.addr eq 82.132.224.159 and ip.addr eq 192.168.1.65) and (tcp.port eq 9009)) Client: https://www.dropbox.com/s/ueftgffyy7mkqvn/client.pcapng?dl=0 (add filter (ip.addr eq 10.161.27.215 and ip.addr eq 146.199.123.130) and (tcp.port eq 9009))

Note that IP addresses and sequence numbers do not match from the two captures but it's the same TCP conversation. This is another peculiarity that only seems to happen when using this particular carrier.

EDIT 3: I guess that my client is doing the handshake with a device that acts as an intermediary, which later goes on to establish a connection with my server on behalf on my client. This would explain the interesting thing I mentioned about the time of arrivals from the captures. Has anyone seen this before? Any ideas on how to work around it?

Unusual delay during TCP connection handshake

Hi all,

I'm seeing an unusual delay (~5 seconds) on my client establishing a TCP connection to my server. I've done a Wireshark capture both on client and server and I can see on the client a delta time of 4+ seconds on the first frame it receives from the server immediately after the three-way handshake.

Another interesting thing, looking at the "time of arrival" for the 1st frame the client receives from the server ([SYN, ACK]), this timestamp is before the server even receiving the 1st frame ([SYNC]) from the client according to the server's capture. How is this possible? The clocks from the machines where the captures were done seem to be in perfect sync.

My account doesn't allow me to upload files yet, unfortunately. I'll find an alternative way to upload the captures if necessary.

Any feedback is welcome.

Thank you

Edit 1: I forgot to mention that this only happens when the client runs on a mobile phone using a specific carrier. I don't see this problem if I run the client on the same phone but using a different carrier.

EDIT 2: Captures added.

Server: https://www.dropbox.com/s/kyrt4vuur2ic0ku/server.pcapng?dl=0 (add filter (ip.addr eq 82.132.224.159 and ip.addr eq 192.168.1.65) and (tcp.port eq 9009)) Client: https://www.dropbox.com/s/ueftgffyy7mkqvn/client.pcapng?dl=0 (add filter (ip.addr eq 10.161.27.215 and ip.addr eq 146.199.123.130) and (tcp.port eq 9009))

Note that IP addresses and sequence numbers do not match from the two captures but it's the same TCP conversation. This is another peculiarity that only seems to happen when using this particular carrier.

EDIT 3: I guess that my client is doing the handshake with a device that acts as an intermediary, which later goes on to establish a connection with my server on behalf on my client. This would explain the interesting thing I mentioned about the time of arrivals from the captures. captures not making sense. Has anyone seen this before? Any ideas on how to work around it?