Wireshark-users: Re: [Wireshark-users] A simple question about the data captured by wireshark
Each TCP session has a sliding window to control how much data is
permitted to send by sender. The window is the span of data on the byte
stream that receiver permits the sender to send. The window slides along
the sender's outbound byte stream and the reciver's inbound stream. The
ACK # indicates the next byte of data that receiver expects to receive.
Both peers maintain buffers to track the window. The sender keeps track of
sent/acked, sent/unacked, unsent/inside, and unsent/ouside data. The
receiver keeps track of rcvd/acked/retr, rcvd/acked/notretr, rcvd/unacked,
norecd/inside, and norcvd/outside data. So the receiver acknowledges
data based
on the sliding window, congestion, algorithm, performance factor... In a
word, ACK segment is not one-to-one for PUSH segment
Zhen
On Wed, 21 May 2008, Xu nanxuan wrote:
The following is a small part of net packets when I download a file from a FTP server(ip is IPS for short) to a client(ip is IPC for short):
===Begin=== NO. SRC DST Info 1 IPC IPS [SYN] Seq=0 2 IPS IPC [SYN,ACK] Seq=0 Ack=1 3 IPC IPS [ACK] Seq=1 ACK=1 ... 2201 IPS IPC [PSH,ACK] Seq=1952593 ACK=1 DataSize(1200bytes) 2202 IPC IPS [ACK] Seq=1,Ack=1953793 DataSize(0) "ACK TO seg2201 2203 IPS IPC [ACK] Seq=1953793,ACK=1 DataSize(1448bytes) "ACK To Seg2202" 2204 IPS IPC [ACK] Seq=1955241,ACK=1 DataSize(1448bytes) 2205 IPC IPS [ACK] Seq=1,ACK=1956689 DataSize(0) "ACK to Seg2204" 2206 IPS IPC [PSH,ACK] Seq=1956689,ACK=1 DataSize(1200bytes) "ACK to Seg2205" 2207 IPS IPC [ACK] Seq=1957889,ACK=1 DataSize(1448bytes) ... ===End===
In fact, I am not very clear about packets from 2201 to 2207. To my own point of view:
(1) IPS sends data 2201 to IPC, and IPC sends ACK 2202 to IPS;
(2) IPS sends "two" data 2203 and 2204 to IPC, and IPC send ACK 2205 to IPS;
...
If my understanding is correct, then I have three questions:
1. Why every two from-server-side data packets ask one Client-side ACK packet, rather than one-to-one? Is it a solid thing?
2.Since 2203 is also a data packet, why it has "ACK To Seg2202" flag?
3.2203 and 2204 are two from-server-side packets,they both have [ACK] flag. But, 2206 and 2207 are also two from-server-side packets, they have [PSH, ACK] and [ACK] separately.What is the difference?
Thanks!
_________________________________________________________________
Connect to the next generation of MSN Messenger
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline