On Thu, Feb 13, 2020 at 9:03 AM Manoj Patil <[email protected]> wrote:
> Hello Mike, > > We have investigate further and there in we found that there's an > continues ACK/SYN/PING traffic flows between server and client for an > absolutely idle session. > > Yes, this is by design - the Guacamole protocol has built-in mechanisms to verify that the connection is still active and prevent the server (guacd) from dropping the connection. However, as Mike stated, the amount of traffic generates solely for keeping alive an idle connection is very low - 17Kb/s - so it does not account for all of the traffic you are seeing - something else is going on. > Due to which number of packets and in turn data exchange > increases continuously for an absolutely idle session. > Absolutely idle is a little bit of a misnomer, here. If a session is in progress, it will *never* be "absolutely idle" - that is, there will always be some amount of minimal data exchange in order to keep the session alive - else it will shut down. This is true of pretty much any protocol - RDP, VNC, SSH, Telnet, and Guacamole - all will have some minimal amount of overhead client/server traffic even when there are no mouse/keyboard actions and the screen is not being updated. > > Can you please guide us on how to stop continues server PING/NOP/ACK/SYN ? > No, this cannot be disabled without changing the code, and the result would be undesirable - the remote connection would shut down. And, this isn't a problem - again, the amount of data you're seeing shows that something else is going on aside from a completely idle connection. You might check and see if audio is being generated that would account for the higher bandwidth utilization, or if file sharing is enabled. And, as Mike said, in order to truly debug what's going on, here, you need to look at the traffic un-encrypted. This will allow you to see the actual Guacamole protocol packets that are being exchanged and figure out where the data is coming from. -Nick
