Wireshark-users: Re: [Wireshark-users] Immediate ACK from server

From: vincent paul <amoteluro@xxxxxxxxx>
Date: Sat, 27 Mar 2010 22:09:18 -0700 (PDT)
Hi Martin,
Thank you for your quick and precious explanation.  There are Riverbeds in our WAN. 
If possible could you please point me to papers/links about how Riverbed intercept packets between user and server (for example, does Riverbed inspect packet's payload to compress/de-compress, put back its original header, and forward the packet to its destination (or another Riverbed)
Once again, I greatly appreciate your help.

--- On Sat, 3/27/10, Martin Visser <martinvisser99@xxxxxxxxx> wrote:

From: Martin Visser <martinvisser99@xxxxxxxxx>
Subject: Re: [Wireshark-users] Immediate ACK from server
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Date: Saturday, March 27, 2010, 11:29 PM

More than likely, assuming your measurements are correct,  there is a local "blackbox" between user and the server. This will possibly be an old-school application proxy (or a firewall acting as such a proxy), a device like Packeteer doing traffic-shaping, or a new-age WAN acceleration device (such as from Riverbed, or a Juniper WX or Cisco WAAS). 

These all can fake the ACK, and do so simply to either avoid the problems of delay on WAN traffic, either trying to serve cached traffic or manage the sliding Window to improve (or hinder) your throughput.

Regards, Martin


On Sun, Mar 28, 2010 at 1:22 PM, vincent paul <amoteluro@xxxxxxxxx> wrote:
Dear All,
I am looking at a trace between user and database server.  And I know for sure the RTT between them is 90 ms.
However, I observe that evertime user sends a request to server,  there is one immediate ACK from server to ack this packet (i.e. delta time between user's packet and its immediate ACK from the server is much less than RTT.  For example 0.2 ms compared to RTT of 90 ms).
Please explain how such server's immediate ACK could happen.

Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

-----Inline Attachment Follows-----

Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users