What does a sequence of retransmissions with PSH,ACK flags mean (and a spurious retransmission back)?
I am on server 192.168.0.2 and want to make an HTTP call to 192.168.0.1(both servers are RPis and run Linux (raspbian)).
curl -XGET http://192.168.0.1:8081/api
The API on 192.168.0.1 (which I am calling) is mine (a Python script based on bottle) and works most of the time. The HTTP listening part sometimes mysteriously hangs, which results with the curl call above hanging, then timing out.
I ran tcpdump on 192.168.0.1 (the receiving server, the one which hosts the API) when the API was non responsive and the wireshark analysis shows some retransmissions right after the call is initiated:
What is usually the cause of such behaviour? (if there is a "usual" cause).
Note 1: If needed, I will modify the API so that it logs more data for the webserver part but due to the non-reproducible nature of the hang, I doubt that it is its fault (the other pieces (threads) work great and there is no crash of any thread).
Note 2: rebooting the server (also probably restarting the script itself (which I do not do as I rather reboot the machine)) fixes the problem.
linux networking wireshark tcpdump
edited Jan 20 at 19:35
donjuedo
1073
asked Jan 8 '16 at 15:54
WoJWoJ
81432137
add a comment |
I am on server 192.168.0.2 and want to make an HTTP call to 192.168.0.1(both servers are RPis and run Linux (raspbian)).
curl -XGET http://192.168.0.1:8081/api
The API on 192.168.0.1 (which I am calling) is mine (a Python script based on bottle) and works most of the time. The HTTP listening part sometimes mysteriously hangs, which results with the curl call above hanging, then timing out.
I ran tcpdump on 192.168.0.1 (the receiving server, the one which hosts the API) when the API was non responsive and the wireshark analysis shows some retransmissions right after the call is initiated:
What is usually the cause of such behaviour? (if there is a "usual" cause).
Note 1: If needed, I will modify the API so that it logs more data for the webserver part but due to the non-reproducible nature of the hang, I doubt that it is its fault (the other pieces (threads) work great and there is no crash of any thread).
Note 2: rebooting the server (also probably restarting the script itself (which I do not do as I rather reboot the machine)) fixes the problem.
linux networking wireshark tcpdump
edited Jan 20 at 19:35
donjuedo
1073
asked Jan 8 '16 at 15:54
WoJWoJ
81432137
add a comment |
I am on server 192.168.0.2 and want to make an HTTP call to 192.168.0.1(both servers are RPis and run Linux (raspbian)).
curl -XGET http://192.168.0.1:8081/api
The API on 192.168.0.1 (which I am calling) is mine (a Python script based on bottle) and works most of the time. The HTTP listening part sometimes mysteriously hangs, which results with the curl call above hanging, then timing out.
I ran tcpdump on 192.168.0.1 (the receiving server, the one which hosts the API) when the API was non responsive and the wireshark analysis shows some retransmissions right after the call is initiated:
What is usually the cause of such behaviour? (if there is a "usual" cause).
Note 1: If needed, I will modify the API so that it logs more data for the webserver part but due to the non-reproducible nature of the hang, I doubt that it is its fault (the other pieces (threads) work great and there is no crash of any thread).
Note 2: rebooting the server (also probably restarting the script itself (which I do not do as I rather reboot the machine)) fixes the problem.
linux networking wireshark tcpdump
edited Jan 20 at 19:35
donjuedo
1073
asked Jan 8 '16 at 15:54
WoJWoJ
81432137
I am on server 192.168.0.2 and want to make an HTTP call to 192.168.0.1(both servers are RPis and run Linux (raspbian)).
curl -XGET http://192.168.0.1:8081/api
The API on 192.168.0.1 (which I am calling) is mine (a Python script based on bottle) and works most of the time. The HTTP listening part sometimes mysteriously hangs, which results with the curl call above hanging, then timing out.
I ran tcpdump on 192.168.0.1 (the receiving server, the one which hosts the API) when the API was non responsive and the wireshark analysis shows some retransmissions right after the call is initiated:
What is usually the cause of such behaviour? (if there is a "usual" cause).
Note 1: If needed, I will modify the API so that it logs more data for the webserver part but due to the non-reproducible nature of the hang, I doubt that it is its fault (the other pieces (threads) work great and there is no crash of any thread).
Note 2: rebooting the server (also probably restarting the script itself (which I do not do as I rather reboot the machine)) fixes the problem.
linux networking wireshark tcpdump
linux networking wireshark tcpdump
edited Jan 20 at 19:35
donjuedo
1073
asked Jan 8 '16 at 15:54
WoJWoJ
81432137
edited Jan 20 at 19:35
donjuedo
1073
asked Jan 8 '16 at 15:54
WoJWoJ
81432137
edited Jan 20 at 19:35
donjuedo
1073
edited Jan 20 at 19:35
donjuedo
1073
edited Jan 20 at 19:35
donjuedo
1073
1073
asked Jan 8 '16 at 15:54
WoJWoJ
81432137
asked Jan 8 '16 at 15:54
WoJWoJ
81432137
asked Jan 8 '16 at 15:54
WoJWoJ
81432137
81432137
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
What does a sequence of retransmissions with PSH,ACK flags mean (and a spurious retransmission back)?
What is usually the cause of such behaviour? (if there is a "usual"
cause).
PSH ACK Wireshark Trace
(Also See ServerFault - PHA ACK During My
Connection)
ACK means that the machine sending the packet with ACK is
acknowledging data that it had received from the other machine. In
TCP, once the connection is established, all packets sent by either
side will contain an ACK, even if it's just re-acknowledging data that
it's already acknowledged.
PSH is an indication by the sender that, if the receiving machine's
TCP implementation has not yet provided the data it's received to the
code that's reading the data (program, or library used by a program),
it should do so at that point. To quote RFC 793, the official
specification for TCP:
The data that flows on a connection may be thought of as a stream of
octets. The sending user indicates in each SEND call whether the data
in that call (and any preceeding calls) should be immediately pushed
through to the receiving user by the setting of the PUSH flag.
A sending TCP is allowed to collect data from the sending user and to
send that data in segments at its own convenience, until the push
function is signaled, then it must send all unsent data. When a
receiving TCP sees the PUSH flag, it must not wait for more data from
the sending TCP before passing the data to the receiving process.
Spurious Retransmissions
If you’re seeing spurious retransmissions it means that the sender
thought packets were lost and sent them again, even though the
receiver sent an acknowledge packet for it.
Possible Causes
- A misconfiguration between the server and client machines
- A misconfiguration between any sender and receiver anywhere along the hop path the of TCP packets
- Firewall rules or packet filters blocking packets
Additonal Troubleshooting
- Check the server logs when this occurs as well
- Run the TCP trace with Wireshark on the server to see what those packets look like when the problem occurs
edited Apr 13 '17 at 12:14
Community♦
1
answered Jan 8 '16 at 17:38
Pimp Juice ITPimp Juice IT
25k114177
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1023583%2fwhat-does-a-sequence-of-retransmissions-with-psh-ack-flags-mean-and-a-spurious%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
What does a sequence of retransmissions with PSH,ACK flags mean (and a spurious retransmission back)?
What is usually the cause of such behaviour? (if there is a "usual"
cause).
PSH ACK Wireshark Trace
(Also See ServerFault - PHA ACK During My
Connection)
ACK means that the machine sending the packet with ACK is
acknowledging data that it had received from the other machine. In
TCP, once the connection is established, all packets sent by either
side will contain an ACK, even if it's just re-acknowledging data that
it's already acknowledged.
PSH is an indication by the sender that, if the receiving machine's
TCP implementation has not yet provided the data it's received to the
code that's reading the data (program, or library used by a program),
it should do so at that point. To quote RFC 793, the official
specification for TCP:
The data that flows on a connection may be thought of as a stream of
octets. The sending user indicates in each SEND call whether the data
in that call (and any preceeding calls) should be immediately pushed
through to the receiving user by the setting of the PUSH flag.
A sending TCP is allowed to collect data from the sending user and to
send that data in segments at its own convenience, until the push
function is signaled, then it must send all unsent data. When a
receiving TCP sees the PUSH flag, it must not wait for more data from
the sending TCP before passing the data to the receiving process.
Spurious Retransmissions
If you’re seeing spurious retransmissions it means that the sender
thought packets were lost and sent them again, even though the
receiver sent an acknowledge packet for it.
Possible Causes
- A misconfiguration between the server and client machines
- A misconfiguration between any sender and receiver anywhere along the hop path the of TCP packets
- Firewall rules or packet filters blocking packets
Additonal Troubleshooting
- Check the server logs when this occurs as well
- Run the TCP trace with Wireshark on the server to see what those packets look like when the problem occurs
edited Apr 13 '17 at 12:14
Community♦
1
answered Jan 8 '16 at 17:38
Pimp Juice ITPimp Juice IT
25k114177
add a comment |
What does a sequence of retransmissions with PSH,ACK flags mean (and a spurious retransmission back)?
What is usually the cause of such behaviour? (if there is a "usual"
cause).
PSH ACK Wireshark Trace
(Also See ServerFault - PHA ACK During My
Connection)
ACK means that the machine sending the packet with ACK is
acknowledging data that it had received from the other machine. In
TCP, once the connection is established, all packets sent by either
side will contain an ACK, even if it's just re-acknowledging data that
it's already acknowledged.
PSH is an indication by the sender that, if the receiving machine's
TCP implementation has not yet provided the data it's received to the
code that's reading the data (program, or library used by a program),
it should do so at that point. To quote RFC 793, the official
specification for TCP:
The data that flows on a connection may be thought of as a stream of
octets. The sending user indicates in each SEND call whether the data
in that call (and any preceeding calls) should be immediately pushed
through to the receiving user by the setting of the PUSH flag.
A sending TCP is allowed to collect data from the sending user and to
send that data in segments at its own convenience, until the push
function is signaled, then it must send all unsent data. When a
receiving TCP sees the PUSH flag, it must not wait for more data from
the sending TCP before passing the data to the receiving process.
Spurious Retransmissions
If you’re seeing spurious retransmissions it means that the sender
thought packets were lost and sent them again, even though the
receiver sent an acknowledge packet for it.
Possible Causes
- A misconfiguration between the server and client machines
- A misconfiguration between any sender and receiver anywhere along the hop path the of TCP packets
- Firewall rules or packet filters blocking packets
Additonal Troubleshooting
- Check the server logs when this occurs as well
- Run the TCP trace with Wireshark on the server to see what those packets look like when the problem occurs
edited Apr 13 '17 at 12:14
Community♦
1
answered Jan 8 '16 at 17:38
Pimp Juice ITPimp Juice IT
25k114177
add a comment |
What does a sequence of retransmissions with PSH,ACK flags mean (and a spurious retransmission back)?
What is usually the cause of such behaviour? (if there is a "usual"
cause).
PSH ACK Wireshark Trace
(Also See ServerFault - PHA ACK During My
Connection)
ACK means that the machine sending the packet with ACK is
acknowledging data that it had received from the other machine. In
TCP, once the connection is established, all packets sent by either
side will contain an ACK, even if it's just re-acknowledging data that
it's already acknowledged.
PSH is an indication by the sender that, if the receiving machine's
TCP implementation has not yet provided the data it's received to the
code that's reading the data (program, or library used by a program),
it should do so at that point. To quote RFC 793, the official
specification for TCP:
The data that flows on a connection may be thought of as a stream of
octets. The sending user indicates in each SEND call whether the data
in that call (and any preceeding calls) should be immediately pushed
through to the receiving user by the setting of the PUSH flag.
A sending TCP is allowed to collect data from the sending user and to
send that data in segments at its own convenience, until the push
function is signaled, then it must send all unsent data. When a
receiving TCP sees the PUSH flag, it must not wait for more data from
the sending TCP before passing the data to the receiving process.
Spurious Retransmissions
If you’re seeing spurious retransmissions it means that the sender
thought packets were lost and sent them again, even though the
receiver sent an acknowledge packet for it.
Possible Causes
- A misconfiguration between the server and client machines
- A misconfiguration between any sender and receiver anywhere along the hop path the of TCP packets
- Firewall rules or packet filters blocking packets
Additonal Troubleshooting
- Check the server logs when this occurs as well
- Run the TCP trace with Wireshark on the server to see what those packets look like when the problem occurs
edited Apr 13 '17 at 12:14
Community♦
1
answered Jan 8 '16 at 17:38
Pimp Juice ITPimp Juice IT
25k114177
What does a sequence of retransmissions with PSH,ACK flags mean (and a spurious retransmission back)?
What is usually the cause of such behaviour? (if there is a "usual"
cause).
PSH ACK Wireshark Trace
(Also See ServerFault - PHA ACK During My
Connection)
ACK means that the machine sending the packet with ACK is
acknowledging data that it had received from the other machine. In
TCP, once the connection is established, all packets sent by either
side will contain an ACK, even if it's just re-acknowledging data that
it's already acknowledged.
PSH is an indication by the sender that, if the receiving machine's
TCP implementation has not yet provided the data it's received to the
code that's reading the data (program, or library used by a program),
it should do so at that point. To quote RFC 793, the official
specification for TCP:
The data that flows on a connection may be thought of as a stream of
octets. The sending user indicates in each SEND call whether the data
in that call (and any preceeding calls) should be immediately pushed
through to the receiving user by the setting of the PUSH flag.
A sending TCP is allowed to collect data from the sending user and to
send that data in segments at its own convenience, until the push
function is signaled, then it must send all unsent data. When a
receiving TCP sees the PUSH flag, it must not wait for more data from
the sending TCP before passing the data to the receiving process.
Spurious Retransmissions
If you’re seeing spurious retransmissions it means that the sender
thought packets were lost and sent them again, even though the
receiver sent an acknowledge packet for it.
Possible Causes
- A misconfiguration between the server and client machines
- A misconfiguration between any sender and receiver anywhere along the hop path the of TCP packets
- Firewall rules or packet filters blocking packets
Additonal Troubleshooting
- Check the server logs when this occurs as well
- Run the TCP trace with Wireshark on the server to see what those packets look like when the problem occurs
edited Apr 13 '17 at 12:14
Community♦
1
answered Jan 8 '16 at 17:38
Pimp Juice ITPimp Juice IT
25k114177
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
1
answered Jan 8 '16 at 17:38
Pimp Juice ITPimp Juice IT
25k114177
answered Jan 8 '16 at 17:38
Pimp Juice ITPimp Juice IT
25k114177
answered Jan 8 '16 at 17:38
Pimp Juice ITPimp Juice IT
25k114177
25k114177
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1023583%2fwhat-does-a-sequence-of-retransmissions-with-psh-ack-flags-mean-and-a-spurious%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
