Solved

Delayed ACKs

Posted on 2004-09-23
8
725 Views
Last Modified: 2013-12-27
Can anyone tell me what delayed acks are supposed to look like on a sniffer?

Initially, I thought it was supposed to look like this:

Host A--------(1514byte frame)------> Host B

Host A--------(1514byte frame)------> Host B

Host A--------(1514byte frame)------> Host B

Host A <------------ACK----------------  Host B

But isnt the above TCP's sliding window protocol?


thanks!
0
Comment
Question by:dissolved
  • 5
  • 3
8 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 12135326
That could easily be part of an FTP transaction using a sliding window protocol. What port numbers were involved?
0
 

Author Comment

by:dissolved
ID: 12136342
Hi, it was actually HTTP traffic.

 Could someone post what the following would look like on a sniffer:

1. Delayed ACKs

2. Sliding window protocol

3. Nagle algorithm

I'm assuming, the nagle algorithm looks like this:

Host A---------(60byte frame)---->   Host B
Host A  <----------ACK-------------    Host B
Host A---------(60byte frame)---->   Host B
Host A  <----------ACK-------------    Host B

I've read TCP/IP illustrated but am still having trouble recognizing what they would look like.
Thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12136535
>  Hi, it was actually HTTP traffic.

Oh, that was probably just packet fragmentation. To determine what you have it is necessary to take the IP headers apart and look at the transfer sizes and sequence numbers.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:dissolved
ID: 12136781
packets were not fragged.   DF flag was set each time.  

From my understanding, delayed ack is applied to the receiver. Where as nagle algorithm is applied to the sender.  I heard they can compliment each other in terms of piggybacking data.

What I want to know is where does the sliding protocol comes into play here.  I think if the packet is full size (1460 bytes of data), then it doesnt use the nagle algorithm. Rather, it uses sliding protocol.  I also believe nagle is used mostly in interactive sessions.

Can anyone correct me?

Thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12139900
> From my understanding, delayed ack is applied to the receiver.

True.

> Where as nagle algorithm is applied to the sender.

Also true.

> What I want to know is where does the sliding protocol comes into play here.

That is an optimization at the TCP/IP stack level and is a means of flow control. Basically the receiver side sets the window size to be the buffer space (usually at the kernel level) remaining. The sender is free to push data out at window sized transfers or less  as long as the receiver isn't advertising a zero window size. Window size advertisements can be occuring while data packets are being received and that will happen if the application is reading data from the buffer at a rate similar to the data arrival rate. In that case a steady-state condition can occur where data packets are in transit while window advertisements are also in transit, which is a very efficient form of data transfer.
0
 

Author Comment

by:dissolved
ID: 12140202
You said the sender can send as much data to the receiver as long as it doesnt go past the receivers window.  The sender can even send less.

If the sender sends less than the receivers window size, how will the receiver know when to ACK?  Won't the delayed ACK timer go off?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12140235
Let me think about that...
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12144124
ACK or delayed ACK would be a function of the packet size and frequency, as I understand it. Essentially that means that the sliding window and ACK behavior are independent functions.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question