Presumably, the TSM server Activity Log has been inspected for any session failure issues, such as too-short timeout values or preemption. And, hopefully, there's nothing in the client OS which is clobbering network usage (such as bad anti-virus software).
Unusual possibilities that I could think of might be a network access point with a "rotary IP" scheme such that addresses are changing during the session, or maybe even a server erroneously using DHCP, whose lease has expired. A general thing to watch out for on Linux servers is default settings in iptables firewall being too restrictive. As Andy suggests, a network trace is in order, which you could pursue using client sessions which could start with basic queries over a goodly period of time, and then backup exercises. Richard Sims at Boston University
