Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Data payload in a TCP ack

Tags:

tcp

I'm sifting through some network traces and noticed on my own machine that when I connect over HTTP, packets look something like:

client --> server: GET
server --> client: tcp ack
server --> client: HTTP response
client --> server: tcp ack

However, I looked at some CIFS (SMB) traces I have saved from a few years back. I see things like:

client --> server: Create Request 
server --> client: Create response (This packet also acks the request)

At a high level, I'm wondering why the difference - what is causing the different behaviors? What is controlling whether the application response is placed on the request ack or another packet: the application or OS?

like image 880
UsAaR33 Avatar asked Oct 28 '11 23:10

UsAaR33

People also ask

Does TCP ACK contain data?

FYI both a TCP SYN and SYN/ACK can carry a payload (which could be the GET and R... | Hacker News. The SYN packet can contain data, but the spec requires that it not be passed down to the application until the three-way handshake is complete (so a SYN-with-data from a spoofed source address won't elicit a response).

What is payload in TCP packet?

The payload of a TCP or UDP packet is the data portion of the packet. You can configure Advanced policy expressions to examine features of a TCP or UDP packet, including the following: Source and destination domains. Source and destination ports. The text in the payload.

How much data does the receiver typically acknowledge in an ACK?

The receiver is typically ACKing 480 bits of data. There are cases where a receiver ACKs every other received segment. This can be seen when there are two ACKs in a row.

What is the purpose of ACK in TCP?

ACK is short for "acknowledgement." An ACK packet is any TCP packet that acknowledges receiving a message or series of packets. The technical definition of an ACK packet is a TCP packet with the "ACK" flag set in the header.

1 Answers

This behavior is dependent on both the OS and the application. In linux, the kernel doesn't send an ACK directly, but instead waits a fixed number of milliseconds (around 200), hoping that is has some data to send back and can let the ACK piggyback the data.

If the timer goes off, then the ACK is sent immediately.

Example 1.

Client sends the GET request.

Server tries to create a http response, but before it does that 200ms are gone
and it must send the ACK before the http response.

Example 2.

Client sends the GET request.

Server creates a http response within the timer limit, and the ACK can piggyback
the data.

Meaning, if your application got slower at generating that response, the ACK will be send without piggybacking on the data. And also depending on the OS, the delay timer can be higher / lower and once again changing how ACK's are sent.

like image 90
Milan Avatar answered Sep 28 '22 10:09

Milan
Sign in to Comment

Related questions

Configuring TCP keepalive after accept
How to monitor cwnd and ssthresh values for a TCP connection? [closed]
What things are exactly happening when server socket accept client sockets?
Two general agreement and TCP handshake
When to use the POLLOUT event of the poll C function?
What is the meaning of the TSV and TSER fields in an Ethereal dump?
How to specify a network interface when making net requests from Node.js?
Setting TCP timeout for SQL connection in Go
Discussion: Chat server via node.js: HTTP or TCP?
Uncatchable errors in node.js
twisted.internet.error.CannotListenError: Couldn't listen on any:80: [Errno 13] Permission denied
Socket.Close doesn't really close tcp socket? (c#)
How to wait till a TCP port is really (natively) closed in Java?
tomcat Java NIO with concurrent slow TCP client connections
HTTP disconnect/timeout between request and response handling
Can not stop async TCP sever Windows service
How can we set a total request timeout or drop requests in Node (when using the cluster module)?
Failed to open TCP connection to localhost:9200 (Connection refused - connect(2) for "localhost" port 9200) (Faraday::ConnectionFailed)
Linux timestamping for TCP sockets

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!