I'm the original author of the Spring Boot feature for heapdumps: https://github.com/spring-projects/spring-boot/pull/5670.

It seems that users commonly misconfigure Spring Boot security or ignore it completely. To improve the situation, I made this PR: https://github.com/spring-projects/spring-boot/pull/45624.

When the PR was created in 2016, endpoints were marked as "sensitive" and, for example, the heapdump endpoint would have to be explicitly enabled. However, Spring Boot has evolved over the years, and only the "shutdown" endpoint was made "restricted" in the later solutions. My recent PR will address that weakness in Spring Boot when users misconfigure or ignore security for a Spring Boot app so that heapdumps won't get exposed by default.

Some random links about PMTU issues: https://www.znep.com/~marcs/mtu/ https://serverfault.com/questions/1050567/why-does-setting-m... https://serverfault.com/questions/126468/mtu-dsl-router-and-... https://serverfault.com/questions/162062/how-to-check-who-bl...

Just curious if MSS or PMTU blocking has anything to do with the problem.

In the 2 different Wireshark dumps, a relevant difference is MSS=1460 and MSS=1380 in the second one.

I'd recommend setting the local NIC MTU to a low value just to see if it has an impact. However, the Wireshark dump doesn't show packet fragmentation, so perhaps this isn't a problem at all?