Showing results for 
Show  only  | Search instead for 
Did you mean: 

incomplete responses

I have a HTTPS software service (with ECDHE based encryption, therefore only SSL level monitoring) in a virtualized Environment. We are using virtual spanning (port mirroring via VMWare distributed switch) to our NAM probe.

Now I'm seeing about 40k Operations and 10k Incomplete Responses.

I noticed that we have up to 10% unidirectional traffic.

In this case I'm a little bit confused: Do we have 10k Incomplete Responses because of an incomplete traffic spanning? or can both metrics point to a real poor traffic quality?

Dynatrace Consultant and Center of Excellence Expert

Dynatrace Pro
Dynatrace Pro

Presence of high percentage of unidirectional traffic in a situation where simple mirroring is set up - definitely signals there's something wrong with the traffic sources. So I wouldn't trust incomplete responses metric - or in the other words, I'd say it correctly reflects monitored traffic stream quality (AMD doesn't see complete sessions, so it reports incomplete responses).

Perhaps a packet trace analysis together with Support would surface the issues to the level required to prove it to the virtualization team?


I believe this is pretty common with SPAN ports. Packets will be dropped if its trying to push too much traffic and that will lead to incomplete responses. Maybe check the SPAN health?

Thank you for your reply - I'll check with the virutalization team if they have any issues with the virtual SPAN port here ( I don't think there is an issue because there is only up to 35 Mbps traffic volumn) and do a trace to check this side as well.

Dynatrace Consultant and Center of Excellence Expert