ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online

Wireshark-users: Re: [Wireshark-users] Immediate ACK from server

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Sun, 28 Mar 2010 14:29:47 +1100
More than likely, assuming your measurements are correct,  there is a local "blackbox" between user and the server. This will possibly be an old-school application proxy (or a firewall acting as such a proxy), a device like Packeteer doing traffic-shaping, or a new-age WAN acceleration device (such as from Riverbed, or a Juniper WX or Cisco WAAS). 

These all can fake the ACK, and do so simply to either avoid the problems of delay on WAN traffic, either trying to serve cached traffic or manage the sliding Window to improve (or hinder) your throughput.

Regards, Martin


On Sun, Mar 28, 2010 at 1:22 PM, vincent paul <amoteluro@xxxxxxxxx> wrote:
Dear All,
I am looking at a trace between user and database server.  And I know for sure the RTT between them is 90 ms.
However, I observe that evertime user sends a request to server,  there is one immediate ACK from server to ack this packet (i.e. delta time between user's packet and its immediate ACK from the server is much less than RTT.  For example 0.2 ms compared to RTT of 90 ms).
Please explain how such server's immediate ACK could happen.

Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>