Solved

Delayed ACKs

Posted on 2004-09-23
8
716 Views
Last Modified: 2013-12-27
Can anyone tell me what delayed acks are supposed to look like on a sniffer?

Initially, I thought it was supposed to look like this:

Host A--------(1514byte frame)------> Host B

Host A--------(1514byte frame)------> Host B

Host A--------(1514byte frame)------> Host B

Host A <------------ACK----------------  Host B

But isnt the above TCP's sliding window protocol?


thanks!
0
Comment
Question by:dissolved
  • 5
  • 3
8 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 12135326
That could easily be part of an FTP transaction using a sliding window protocol. What port numbers were involved?
0
 

Author Comment

by:dissolved
ID: 12136342
Hi, it was actually HTTP traffic.

 Could someone post what the following would look like on a sniffer:

1. Delayed ACKs

2. Sliding window protocol

3. Nagle algorithm

I'm assuming, the nagle algorithm looks like this:

Host A---------(60byte frame)---->   Host B
Host A  <----------ACK-------------    Host B
Host A---------(60byte frame)---->   Host B
Host A  <----------ACK-------------    Host B

I've read TCP/IP illustrated but am still having trouble recognizing what they would look like.
Thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12136535
>  Hi, it was actually HTTP traffic.

Oh, that was probably just packet fragmentation. To determine what you have it is necessary to take the IP headers apart and look at the transfer sizes and sequence numbers.
0
 

Author Comment

by:dissolved
ID: 12136781
packets were not fragged.   DF flag was set each time.  

From my understanding, delayed ack is applied to the receiver. Where as nagle algorithm is applied to the sender.  I heard they can compliment each other in terms of piggybacking data.

What I want to know is where does the sliding protocol comes into play here.  I think if the packet is full size (1460 bytes of data), then it doesnt use the nagle algorithm. Rather, it uses sliding protocol.  I also believe nagle is used mostly in interactive sessions.

Can anyone correct me?

Thanks
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 40

Expert Comment

by:jlevie
ID: 12139900
> From my understanding, delayed ack is applied to the receiver.

True.

> Where as nagle algorithm is applied to the sender.

Also true.

> What I want to know is where does the sliding protocol comes into play here.

That is an optimization at the TCP/IP stack level and is a means of flow control. Basically the receiver side sets the window size to be the buffer space (usually at the kernel level) remaining. The sender is free to push data out at window sized transfers or less  as long as the receiver isn't advertising a zero window size. Window size advertisements can be occuring while data packets are being received and that will happen if the application is reading data from the buffer at a rate similar to the data arrival rate. In that case a steady-state condition can occur where data packets are in transit while window advertisements are also in transit, which is a very efficient form of data transfer.
0
 

Author Comment

by:dissolved
ID: 12140202
You said the sender can send as much data to the receiver as long as it doesnt go past the receivers window.  The sender can even send less.

If the sender sends less than the receivers window size, how will the receiver know when to ACK?  Won't the delayed ACK timer go off?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12140235
Let me think about that...
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12144124
ACK or delayed ACK would be a function of the packet size and frequency, as I understand it. Essentially that means that the sliding window and ACK behavior are independent functions.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now