ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] question about TCP flow behavior

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Boaz Galil <boaz20@xxxxxxxxx>
Date: Fri, 16 Apr 2010 12:55:07 +0300

Hi,

Thanks for the prompt reply. I wasn’t aware that in the calculation of the  “ACK value”  the data is being taken into consideration (calculation) as well.  I thought that the ACK will be on the seq number that we have just received regardless of the payload/data of that packet.

Thanks,



On Fri, Apr 16, 2010 at 12:27 PM, Tal Bar-Or <tbaror@xxxxxxxxx> wrote:
Hi Boaz,

For My opinion that's mean that's HOST B sends data while HOST A receive it and the ACK is calculated (incremented) with the amount of data payload size.
btw i would disable relative seq for TCP  only if iwould do capture from both side to compare seq ACK.

Regards
Tal,

On Fri, Apr 16, 2010 at 12:12 PM, Boaz Galil <boaz20@xxxxxxxxx> wrote:

Dear Experts,

 

I am trying to review a TCP flow using wire shark (I have removed the “relative seq for TCP”).

My questions are this:

During the TCP flow I see the following:

Server A sends Server B [PSH,ACK] seq=1058555096 ACK=2917173962

Server B sends Server A [ACK] seq=2917173962 ACK=1058555108

Server A sends Server B [PSH,ACK] seq=1058555108, ACK=2917173962

Server B sends Server A [ACK] seq=2917173962 ACK=1058556516

And so on, so Server B always sends ACK on a sequence with higher number…

Does anyone know what the explanation of this behavior is? Is this a normal TCP flow behavior?

 

Please don’t hesitate to contact me if you have any questions or comments.

Thanks in advance,

 

Boaz Galil



--
Boaz.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Tal Bar-or

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Boaz.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube