Introduction to Slow File Download Troubleshooting Using TCP Analysis
The user encountered a slow file download issue where the download began at a high speed but then abruptly slowed down. The problem itself appears straightforward, suggesting that the user has some technical background. In this case, packet captures from both the client and server were collected and are well-documented, providing a solid foundation for analysis. To seek expert advice, the packet data was shared directly for further investigation.
Combined with the analysis of various experts on this issue, I feel that this case is quite interesting, so I will continue to share it.
The example is taken from the Wireshark official Q&A forum
Investigating TCP Packet Capture to Diagnose Slow File Download Issues
Let’s start with the old routine and take a look at the TCP three-way handshake in the packet capture file on the client .
As described, this file is indeed captured on the client 87.185.166.148, RTT 0.008536s, MSS 1460, and both ends support Window scale and SACK.
Look at what the user said about the phenomenon that the download speed was very fast at the beginning, but suddenly the speed dropped. It is true, as shown in the following figure
A quick look at the expert information showed that it was unusually clean, with no retransmission or disorder issues caused by packet loss, so what could be the problem of slow download?
Checking Window Scaling from the client packet capture file, Bytes out from the server direction is low and far from Rcv Win, which is suspected to be insufficient in the sending direction of the server.
A closer look at the Bytes Out graph in the client packet capture file shows that the error is not very obvious, because it is possible that the ACK data is too fast.
Check Bytes Out again in the server packet capture file, and the problem is more obvious. When the receiving end window capacity is large, the server’s ability to send data gradually decreases, matching the slow download speed.
We can observe the data packets at the problem point. The server sends 6 MSS-sized data packets each time, sets the PSH bit in the last one, then stops sending, waits for the client’s ACK, and then sends 6 MSS again… Loop
Summary
The problem is that the server cannot function properly, that is, it cannot send data fast enough, causing the data transmission rate to drop. This may be related to the server’s congestion window or send buffer limit. It’s not the network’s fault~